Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

anti-virus soft


  • This topic is locked This topic is locked
42 replies to this topic

#1 AxelH

AxelH

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 14 February 2010 - 05:39 AM

My computer has been infected by Anti-virus soft - It keeps trying to get me to download an anti-virus program & keeps taking me to some porn & viragra sites. I can't stop any of them. I have Avast anti virus installed & it couldn't find any viruses.
I then thought is must be malware. We follwed all your instructions and went into safe mode and installed rkill & malware bytes anti malware. After going into safe mode - We ran rkill which only ran for 10 seconds then we ran anti - malware which took ages. It found 29 but when we told it to repair the count was closer to 60.
We went back to normal mode but the problem was still there, so we repeated the two processes again with the same result.
We thought our firewall was up but it wasn't - rectified now & firewall is up.We read your preperation guide & downloaded the two programs (DDS + GMER) both have been run & results saved. I have two main drives C and E,On GMER we checked both of them.
Please find attached result logs as per instructions.
We aren't very computer savy, so any help would be greatly appreciated. Thank You.


DDS (Ver_09-12-01.01) - NTFSx86 NETWORK
Run by Axel at 19:13:57.03 on Sun 02/14/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.340 [GMT 11:00]

AV: avast! antivirus 4.8.1368 [VPS 100211-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

============== Running Processes ===============

E:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
E:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Documents and Settings\Axel.HOME\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mWinlogon: Userinit=e:\windows\system32\userinit.exe,d:\windows\system32\userinit.exe,userinit.exe,
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - e:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - e:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - e:\program files\ask.com\GenericAskToolbar.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - e:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - e:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - e:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] e:\windows\system32\ctfmon.exe
uRun: [NBJ] "e:\program files\ahead\nero backitup\NBJ.exe"
uRun: [WebCamRT.exe]
uRun: [iTunesHelper] e:\program files\itunes\iTunesHelper.exe
uRun: [yqwwfmxd] e:\documents and settings\axel.home\local settings\application data\rmoqkm\wtposftav.exe
mRun: [LVCOMS] e:\program files\common files\logitech\qcdriver\LVCOMS.EXE
mRun: [avast!] e:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "e:\program files\itunes\iTunesHelper.exe"
mRun: [yqwwfmxd] e:\documents and settings\axel.home\local settings\application data\rmoqkm\wtposftav.exe
mRun: [MSConfig] e:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [swg] e:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRun: [InstallProgram] e:\documents and settings\axel.home\my documents\my videos\setup_241_3777_20402_.exe
dRunOnce: [FlashPlayerUpdate] e:\windows\system32\macromed\flash\FlashUtil9f.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: e:\docume~1\alluse~1\startm~1\programs\startup\viarai~1.lnk - e:\program files\via\raid\raid_tool.exe
IE: Google Sidewiki... - e:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - e:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - e:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1176627198234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - e:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: pmnkHWnO - pmnkHWnO.dll
Notify: ssqPHAQK - ssqPHAQK.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - e:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - e:\docume~1\axel~1.hom\applic~1\mozilla\firefox\profiles\o50flmlv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com.au
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: e:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: e:\program files\mozilla firefox\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 WMIBIOS;%WMIBIOS.ServiceName%;e:\windows\system32\drivers\wmibios.sys [2005-9-20 18272]
R3 WMIINFO;WMIINFO Driver;e:\windows\system32\drivers\wmiinfo.sys [2005-9-20 21184]
S0 kl1;Kl1;e:\windows\system32\drivers\kl1.sys [2007-1-25 109848]
S1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [2008-6-24 114768]
S1 klif;Klif;e:\windows\system32\drivers\klif.sys [2007-1-27 175888]
S2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [2008-6-24 20560]
S2 avast! Antivirus;avast! Antivirus;e:\program files\alwil software\avast4\ashServ.exe [2008-6-24 138680]
S2 GLOGODrv;GLOGODrv;e:\windows\system32\drivers\GLOGODrv.sys [2007-7-5 13332]
S2 gupdate1c9c792beec09e4;Google Update Service (gupdate1c9c792beec09e4);e:\program files\google\update\GoogleUpdate.exe [2009-4-28 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;e:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-24 254040]
S3 avast! Web Scanner;avast! Web Scanner;e:\program files\alwil software\avast4\ashWebSv.exe [2008-6-24 352920]
S3 AVP;Kaspersky Internet Security 6.0;"e:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe" -r --> e:\program files\kaspersky lab\kaspersky internet security 6.0\avp.exe [?]
S3 ECTIVA;ECTIVA Audio 5.1 (WDM);e:\windows\system32\drivers\ECTIVA.sys [2005-9-20 1124864]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);e:\windows\system32\drivers\LV551AV.sys [2008-5-18 220055]

=============== Created Last 30 ================

2010-02-13 08:01:43 0 d-----w- e:\docume~1\axel~1.hom\applic~1\Malwarebytes
2010-02-13 08:01:38 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 08:01:37 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-13 08:01:37 0 d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-02-13 08:01:37 0 d-----w- e:\docume~1\alluse~1\applic~1\Malwarebytes
2010-02-12 01:20:36 0 d-----w- e:\docume~1\axel~1.hom\applic~1\IObit

==================== Find3M ====================

2010-02-13 09:06:05 7470880 --sha-w- e:\windows\system32\drivers\fidbox2.dat
2010-02-13 09:06:05 705620 --sha-w- e:\windows\system32\drivers\fidbox2.idx
2010-02-13 09:06:05 16971848 --sha-w- e:\windows\system32\drivers\fidbox.idx
2010-02-13 09:06:04 1266761248 --sha-w- e:\windows\system32\drivers\fidbox.dat
2010-01-05 10:00:29 832512 ----a-w- e:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ------w- e:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-17 06:14:00 411368 ----a-w- e:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- e:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- e:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- e:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- e:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- e:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- e:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- e:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- e:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- e:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- e:\windows\system32\msrle32.dll
2008-03-18 15:31:36 1853705 ----a-w- e:\program files\supersplitter.exe
2008-12-09 18:18:04 371 --sha-w- e:\windows\system32\NWHiknpo.ini2
2008-10-02 08:08:06 345 --sha-w- e:\windows\system32\YFeedfii.ini2
2008-08-27 10:48:39 32768 --sha-w- e:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008082720080828\index.dat

============= FINISH: 19:14:30.09 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 4/15/2007 6:42:19 PM
System Uptime: 2/14/2010 7:03:00 PM (0 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | K8M800-8237
Processor: AMD Athlon™ 64 Processor 3000+ | Socket 754 | 1808/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 66 GiB total, 53.648 GiB free.
D: is FIXED (NTFS) - 8 GiB total, 6.35 GiB free.
E: is FIXED (NTFS) - 75 GiB total, 45.574 GiB free.
F: is CDROM ()
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: VIA Rhine II Fast Ethernet Adapter
Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_E0001458&REV_78\3&13C0B0C5&0&90
Manufacturer: VIA Technologies, Inc.
Name: VIA Rhine II Fast Ethernet Adapter
PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_E0001458&REV_78\3&13C0B0C5&0&90
Service: FET5X86V

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Motorola USB Modem
Device ID: ROOT\MODEM\0001
Manufacturer:
Name: Motorola USB Modem #2
PNP Device ID: ROOT\MODEM\0001
Service:

==== System Restore Points ===================

RP1: 2/12/2010 8:05:18 PM - System Checkpoint

==== Installed Programs ======================

7-Zip 4.58 beta
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 7.0.9
Adobe Stock Photos 1.0
Advanced SystemCare 3
Advanced WindowsCare 2.55 Personal
AnyDVD
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
µTorrent
Avanquest update
avast! Antivirus
Bonjour
C-Media WDM Audio Driver
CloneDVD2
Cool Edit Pro 2.1
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Diamond View V4.02
eBay Icon
EPSON Printer Software
FormatFactory 2.20
GOM Player
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iPod for Windows 2006-03-23
iTunes
Java Auto Updater
Java™ 6 Update 18
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
K-Lite Codec Pack 3.5.3 Full
LimeWire 5.4.6
Logitech QuickCam
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Motorola Phone Tools
Mozilla Firefox (3.5.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero Suite
neroxml
NVIDIA Drivers
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PowerDVD
PowerDVD Ultra
PowerISO
QuickTime
RealPlayer
ScanButton
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Skype™ 4.0
Spybot - Search & Destroy 1.4
Transcode Server
Ulead Photo Express 3.0 SE
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VIA Rhine-Family Fast-Ethernet Adapter
WebFldrs XP
Winamp
Winamp Remote
WinAVI Video Converter
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

2/7/2010 9:55:23 PM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
2/13/2010 8:13:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/13/2010 6:52:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/13/2010 6:50:17 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AmdK8 aswSP Fips kl1 klif SCDEmu
2/13/2010 6:49:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/12/2010 8:04:53 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000003A' while processing the file '_filelst.cfg' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.

==== End Of File ===========================



Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 18 February 2010 - 12:17 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 19 February 2010 - 03:33 AM

Many thanks for all your help with this crazy matter, I really appreciate this. I hope I've done everything correctly for you to diagnose the problem
Again Thank You




OTL logfile created on: 2/19/2010 7:16:49 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = E:\Documents and Settings\Axel.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): e:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 66.41 Gb Total Space | 53.65 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
Drive D: | 8.11 Gb Total Space | 6.35 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 45.60 Gb Free Space | 61.20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AXEL-HOME
Current User Name: Axel
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/19 19:13:57 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Axel.HOME\Desktop\OTL.exe
PRC - [2009/11/03 14:23:08 | 000,908,248 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/14 11:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/02/19 19:13:57 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Axel.HOME\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AVP)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- E:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/12/13 15:08:40 | 000,182,768 | ---- | M] (Google) [Auto | Stopped] -- E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/25 10:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/25 10:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/25 10:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- E:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/25 10:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/06/05 14:39:14 | 000,541,992 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- E:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 12:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Stopped] -- E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/28 10:49:00 | 000,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- E:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9c792beec09e4) Google Update Service (gupdate1c9c792beec09e4)
SRV - [2008/12/12 12:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Stopped] -- E:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/10/15 20:46:08 | 000,243,056 | ---- | M] () [Auto | Stopped] -- E:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/06/14 18:18:41 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/04/04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [1999/12/13 02:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- E:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/25 10:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- E:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009/11/25 10:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009/11/25 10:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- E:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009/11/25 10:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009/11/25 10:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009/11/25 10:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/06/05 12:42:38 | 000,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/03/19 17:32:48 | 000,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/04/14 05:45:36 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbser.sys -- (usbser)
DRV - [2008/04/14 05:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/11/13 21:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/03 00:12:32 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- E:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2007/04/25 14:48:21 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2007/04/09 23:27:07 | 000,031,548 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007/03/08 10:51:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- E:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/02/27 09:14:50 | 000,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FETND5BV)
DRV - [2007/02/27 09:14:50 | 000,042,496 | ---- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\fetnd5bv.sys -- (FET5X86V)
DRV - [2007/01/27 17:52:46 | 000,175,888 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\klif.sys -- (klif)
DRV - [2007/01/26 13:55:32 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2007/01/26 13:55:26 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\SiRemFil.sys -- (SiRemFil)
DRV - [2007/01/26 13:55:08 | 000,069,168 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\SI3112.sys -- (SI3112)
DRV - [2007/01/25 19:27:38 | 000,109,848 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Stopped] -- E:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2006/12/14 10:41:48 | 000,011,984 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2006/11/29 10:43:25 | 000,018,688 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2006/04/22 12:44:39 | 000,008,064 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2005/12/15 14:57:46 | 001,368,000 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\cmuda.sys -- (cmuda)
DRV - [2004/08/11 17:30:00 | 000,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- E:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 23:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/08/04 23:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/16 19:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/16 17:19:52 | 000,070,400 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/05/18 19:55:26 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\viamraid.sys -- (viamraid)
DRV - [2004/04/15 13:57:20 | 000,042,496 | R--- | M] (VIA Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\fetnd5b.sys -- (FETNDISB)
DRV - [2004/02/12 14:26:40 | 001,124,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ECTIVA.sys -- (ECTIVA) ECTIVA Audio 5.1 (WDM)
DRV - [2003/07/17 19:10:06 | 000,007,040 | R--- | M] (VIA Networking Technologies, Inc. ) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\ntsim.sys -- (NTSIM)
DRV - [2002/10/15 22:33:54 | 000,018,272 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\wmibios.sys -- (WMIBIOS)
DRV - [2002/05/13 21:16:08 | 000,021,184 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\wmiinfo.sys -- (WMIINFO)
DRV - [2002/02/01 12:07:12 | 000,220,055 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\LV551AV.sys -- (PID_0900_V) Logitech ClickSmart 310(PID_0900_V)
DRV - [2002/02/01 12:03:50 | 000,010,261 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\LVBULK.sys -- (LVBulk)
DRV - [2000/10/12 17:16:48 | 000,013,332 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\GLOGODrv.sys -- (GLOGODrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-329068152-1606980848-725345543-1004\S-1-5-21-329068152-1606980848-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com.au"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.3.123
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/23 14:08:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/12/08 15:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/12/08 15:14:08 | 000,000,000 | ---D | M]

[2009/10/16 23:55:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Extensions
[2009/10/16 23:55:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/02/14 20:51:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\extensions
[2009/12/08 15:20:57 | 000,000,000 | ---D | M] (DownloadHelper) -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/12/13 14:45:17 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\extensions\toolbar@ask.com
[2009/12/22 08:06:23 | 000,002,235 | ---- | M] () -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\searchplugins\askcom.xml
[2008/12/27 12:19:06 | 000,002,137 | ---- | M] () -- E:\Documents and Settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\searchplugins\MyStart Search.xml
[2010/02/13 18:59:48 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2005/05/28 11:15:00 | 000,110,592 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2007/05/29 15:30:58 | 000,000,254 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 dl1.avgate.net
O1 - Hosts: 127.0.0.1 dl2.avgate.net
O1 - Hosts: 127.0.0.1 dl3.avgate.net
O1 - Hosts: 127.0.0.1 dl4.avgate.net
O1 - Hosts: 127.0.0.1 dl5.avgate.net
O1 - Hosts: 127.0.0.1 dl6.avgate.net
O1 - Hosts: 127.0.0.1 dl7.avgate.net
O1 - Hosts: 127.0.0.1 dl8.avgate.net
O1 - Hosts: 127.0.0.1 dl9.avgate.net
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - E:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avast!] E:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LVCOMS] E:\Program Files\Common Files\Logitech\QCDriver\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSConfig] E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] E:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [InstallProgram] E:\Documents and Settings\Axel.HOME\My Documents\My Videos\setup_241_3777_20402_.exe File not found
O4 - HKU\.DEFAULT..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [InstallProgram] E:\Documents and Settings\Axel.HOME\My Documents\My Videos\setup_241_3777_20402_.exe File not found
O4 - HKU\S-1-5-18..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-329068152-1606980848-725345543-1004..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKU\S-1-5-21-329068152-1606980848-725345543-1004..\Run: [NBJ] E:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-329068152-1606980848-725345543-1004..\Run: [WebCamRT.exe] File not found
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\System32\Macromed\Flash\FlashUtil9f.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\System32\Macromed\Flash\FlashUtil9f.exe File not found
O4 - HKU\S-1-5-21-329068152-1606980848-725345543-1004..\RunOnce: [FlashPlayerUpdate] E:\WINDOWS\system32\Macromed\Flash\FlashUtil10d.exe (Adobe Systems, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\VIA RAID TOOL.lnk = E:\Program Files\VIA\RAID\raid_tool.exe (VIA Technologies)
O4 - Startup: E:\Documents and Settings\Axel\Start Menu\Programs\Startup\Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: Google Sidewiki... - E:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 95 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 95 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 95 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 95 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-329068152-1606980848-725345543-1004\..Trusted Domains: 92 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1176627198234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 211.29.152.116 192.168.0.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\pmnkHWnO: DllName - pmnkHWnO.dll - File not found
O20 - Winlogon\Notify\ssqPHAQK: DllName - ssqPHAQK.dll - File not found
O24 - Desktop WallPaper: E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/19 00:37:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2a48c4fa-f7be-11dc-9479-000fea89dcce}\Shell\AutoRun\command - "" = H:\ClickMe.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - E:\WINDOWS\system32\ias [2007/04/15 19:38:49 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - E:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - E:\WINDOWS\system32\Rundll32.exe E:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - E:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.alf2cd - E:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.divxa32 - E:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - E:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.scg726 - E:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - E:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - E:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.dvsd - E:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - E:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - E:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.SP53 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP54 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP55 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP56 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP57 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP58 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.SP59 - E:\WINDOWS\System32\SP5X_32.DLL (Sunplus Corporation)
Drivers32: VIDC.XVID - E:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - E:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/19 19:13:56 | 000,549,376 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Axel.HOME\Desktop\OTL.exe
[2010/02/13 19:01:43 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Axel.HOME\Application Data\Malwarebytes
[2010/02/13 19:01:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/13 19:01:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010/02/13 19:01:37 | 000,000,000 | ---D | C] -- E:\Program Files\Malwarebytes' Anti-Malware
[2010/02/13 19:01:37 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/12 12:20:36 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Axel.HOME\Application Data\IObit
[2010/02/12 11:22:23 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\rmoqkm
[2010/01/27 16:54:56 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Sun
[2010/01/27 16:54:35 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\javaws.exe
[2010/01/27 16:54:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\javaw.exe
[2010/01/27 16:54:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- E:\WINDOWS\System32\java.exe
[2009/06/19 23:16:05 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/04/29 06:20:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/28 10:49:12 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/09 17:03:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Application Data\Macromedia
[2008/12/08 20:10:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/08 20:09:08 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/12/08 20:00:41 | 000,000,000 | ---D | M] -- E:\Documents and Settings\NetworkService\Application Data\Google
[2008/06/24 20:16:52 | 000,000,000 | --SD | M] -- E:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/06/24 20:16:52 | 000,000,000 | --SD | M] -- E:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/06/24 20:16:52 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/04/02 18:24:13 | 000,000,000 | ---D | M] -- E:\Documents and Settings\LocalService\Application Data\Google
[2005/09/20 21:18:05 | 000,065,536 | R--- | C] ( ) -- E:\WINDOWS\System32\A3d.dll
[2 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
[17 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[13 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/19 19:13:57 | 000,549,376 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Axel.HOME\Desktop\OTL.exe
[2010/02/19 19:04:28 | 000,021,048 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/02/19 18:58:16 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/02/19 05:50:02 | 011,010,048 | -H-- | M] () -- E:\Documents and Settings\Axel.HOME\NTUSER.DAT
[2010/02/19 05:50:02 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\Axel.HOME\ntuser.ini
[2010/02/19 05:50:00 | 004,768,656 | -H-- | M] () -- E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\IconCache.db
[2010/02/16 17:34:03 | 000,000,852 | ---- | M] () -- E:\WINDOWS\ULEAD32.INI
[2010/02/13 20:10:56 | 000,363,008 | ---- | M] () -- E:\Documents and Settings\Axel.HOME\Desktop\rkill.com
[2010/02/13 20:06:05 | 016,971,848 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/13 20:06:05 | 007,470,880 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/13 20:06:05 | 000,705,620 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/13 20:06:04 | 1266,761,248 | -HS- | M] () -- E:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/13 20:05:50 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/02/13 20:05:28 | 000,001,916 | ---- | M] () -- E:\WINDOWS\win.ini
[2010/02/13 20:05:28 | 000,000,253 | ---- | M] () -- E:\WINDOWS\system.ini
[2010/02/13 20:05:24 | 000,000,868 | ---- | M] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2010/02/13 20:05:08 | 000,000,882 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/13 19:01:41 | 000,000,696 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/12 19:59:03 | 000,000,886 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/12 19:01:01 | 000,000,232 | ---- | M] () -- E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/02/12 15:17:17 | 000,002,265 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/02/12 10:31:47 | 000,111,104 | ---- | M] () -- E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 11:27:43 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010/02/04 20:05:23 | 000,001,915 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010/01/27 17:14:15 | 000,040,116 | ---- | M] () -- E:\WINDOWS\$CCW_D02.CC$
[2010/01/27 17:14:15 | 000,005,503 | ---- | M] () -- E:\WINDOWS\POWERUP.INI
[2010/01/23 11:17:21 | 000,000,202 | ---- | M] () -- E:\WINDOWS\NeroDigital.ini
[2010/01/22 22:16:01 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 E:\WINDOWS\System32\drivers\*.tmp files -> E:\WINDOWS\System32\drivers\*.tmp -> ]
[17 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[13 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/13 20:17:40 | 000,363,008 | ---- | C] () -- E:\Documents and Settings\Axel.HOME\Desktop\rkill.com
[2010/02/13 19:01:41 | 000,000,696 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/04 20:05:23 | 000,001,915 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2008/12/10 06:27:39 | 000,000,127 | ---- | C] () -- E:\WINDOWS\System32\MRT.INI
[2008/12/08 18:23:47 | 000,000,371 | -HS- | C] () -- E:\WINDOWS\System32\NWHiknpo.ini2
[2008/12/08 18:23:46 | 000,654,104 | -HS- | C] () -- E:\WINDOWS\System32\NWHiknpo.ini
[2008/09/20 12:00:24 | 000,000,345 | -HS- | C] () -- E:\WINDOWS\System32\YFeedfii.ini2
[2008/09/20 12:00:23 | 000,681,467 | -HS- | C] () -- E:\WINDOWS\System32\YFeedfii.ini
[2008/06/11 12:25:04 | 001,853,705 | ---- | C] () -- E:\Program Files\supersplitter.exe
[2008/05/18 17:03:21 | 000,294,912 | ---- | C] () -- E:\WINDOWS\System32\liplW7.dll
[2008/05/18 17:03:21 | 000,290,816 | ---- | C] () -- E:\WINDOWS\System32\liplA6.dll
[2008/05/18 17:03:21 | 000,278,528 | ---- | C] () -- E:\WINDOWS\System32\liplPX.dll
[2008/05/18 17:03:21 | 000,278,528 | ---- | C] () -- E:\WINDOWS\System32\liplP6.dll
[2008/05/18 17:03:21 | 000,278,528 | ---- | C] () -- E:\WINDOWS\System32\liplM6.dll
[2008/05/18 17:03:21 | 000,020,480 | ---- | C] () -- E:\WINDOWS\System32\lipl.dll
[2008/05/18 17:03:17 | 000,000,280 | ---- | C] () -- E:\WINDOWS\_delis32.ini
[2008/05/18 16:59:17 | 000,053,248 | R--- | C] () -- E:\WINDOWS\System32\lvcoinst.dll
[2008/05/18 16:59:17 | 000,002,123 | R--- | C] () -- E:\WINDOWS\System32\lvcoinst.ini
[2008/05/17 08:49:36 | 000,000,000 | ---- | C] () -- E:\WINDOWS\graphedit.INI
[2008/04/13 00:05:33 | 000,000,032 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/07 13:41:31 | 000,000,202 | ---- | C] () -- E:\WINDOWS\NeroDigital.ini
[2007/11/05 19:42:03 | 000,000,038 | ---- | C] () -- E:\WINDOWS\avisplitter.INI
[2007/11/03 12:05:19 | 000,164,352 | ---- | C] () -- E:\WINDOWS\System32\unrar.dll
[2007/11/03 12:05:17 | 000,524,288 | ---- | C] () -- E:\WINDOWS\System32\xvidcore.dll
[2007/11/03 12:05:17 | 000,139,264 | ---- | C] () -- E:\WINDOWS\System32\xvidvfw.dll
[2007/11/03 12:05:16 | 003,596,288 | ---- | C] () -- E:\WINDOWS\System32\qt-dx331.dll
[2007/11/03 12:05:15 | 000,007,680 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll
[2007/11/03 12:05:15 | 000,000,547 | ---- | C] () -- E:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/09/12 15:38:53 | 000,373,248 | ---- | C] () -- E:\WINDOWS\EyeCand3.INI
[2007/06/19 15:50:38 | 000,063,488 | ---- | C] () -- E:\WINDOWS\xobglu16.dll
[2007/06/19 15:50:38 | 000,023,552 | ---- | C] () -- E:\WINDOWS\xobglu32.dll
[2007/05/06 16:20:30 | 000,000,085 | -HS- | C] () -- E:\Documents and Settings\All Users\Application Data\.zreglib
[2007/04/21 11:31:17 | 000,000,040 | -HS- | C] () -- E:\Documents and Settings\Axel.HOME\Application Data\.zreglib
[2007/04/15 22:34:50 | 000,111,104 | ---- | C] () -- E:\Documents and Settings\Axel.HOME\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/10 22:21:43 | 000,002,911 | ---- | C] () -- E:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/01 22:18:07 | 000,845,312 | ---- | C] () -- E:\WINDOWS\System32\Smab.dll
[2007/03/01 22:18:07 | 000,027,648 | ---- | C] () -- E:\WINDOWS\System32\AVSredirect.dll
[2006/07/01 13:05:59 | 000,000,101 | ---- | C] () -- E:\WINDOWS\DVDRegionFree.INI
[2006/05/29 21:26:37 | 000,000,120 | ---- | C] () -- E:\WINDOWS\PbkUser.INI
[2006/03/13 13:36:56 | 000,000,327 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2006/02/01 15:09:32 | 000,000,376 | ---- | C] () -- E:\WINDOWS\ODBC.INI
[2005/11/29 20:46:24 | 000,001,047 | ---- | C] () -- E:\WINDOWS\wtapi.ini
[2005/10/27 12:27:58 | 000,000,852 | ---- | C] () -- E:\WINDOWS\ULEAD32.INI
[2005/10/27 12:23:58 | 000,000,120 | ---- | C] () -- E:\WINDOWS\acroread.ini
[2005/10/27 12:23:58 | 000,000,027 | ---- | C] () -- E:\WINDOWS\acrograf.ini
[2005/10/17 18:23:21 | 000,005,503 | ---- | C] () -- E:\WINDOWS\POWERUP.INI
[2005/09/20 17:32:12 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini
[2005/09/20 14:40:13 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\UninstGMT.dll
[2005/09/19 18:10:50 | 000,001,125 | ---- | C] () -- E:\WINDOWS\winamp.ini
[2005/08/02 17:35:00 | 001,662,976 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2005/08/02 17:35:00 | 001,466,368 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2005/08/02 17:35:00 | 001,019,904 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2005/08/02 17:35:00 | 000,540,672 | ---- | C] () -- E:\WINDOWS\System32\nvhwvid.dll
[2005/08/02 17:35:00 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2005/08/02 17:35:00 | 000,286,720 | ---- | C] () -- E:\WINDOWS\System32\nvnt4cpl.dll
[2004/09/17 18:37:42 | 000,069,632 | ---- | C] () -- E:\WINDOWS\System32\vuins32.dll
[2003/02/18 19:26:28 | 000,028,672 | ---- | C] () -- E:\WINDOWS\System32\cmirmdrv.dll
[1999/03/10 11:23:00 | 000,222,928 | ---- | C] () -- E:\WINDOWS\System32\lobas09.dll
[1999/01/23 05:46:58 | 000,065,536 | ---- | C] () -- E:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/13 23:52:30 | 000,047,104 | ---- | C] () -- E:\WINDOWS\System32\lotrn13.dll
[1997/11/14 11:23:00 | 000,031,008 | ---- | C] () -- E:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 12:23:00 | 000,014,928 | ---- | C] () -- E:\WINDOWS\System32\wingen.drv

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[17 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/27 21:14:19 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/27 21:14:19 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 05:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 17:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- E:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 23:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/27 21:14:19 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/27 21:14:19 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 05:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 23:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 11:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\system32\eventlog.dll
[2004/08/04 23:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 11:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\system32\netlogon.dll
[2004/08/04 23:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 23:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 11:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2004/05/18 19:55:26 | 000,074,112 | R--- | M] (VIA Technologies inc,.ltd) MD5=F199939205DCCC7836AE5AB8B5DD5E83 -- E:\WINDOWS\system32\drivers\viamraid.sys

< %systemroot%\*. /mp /s >
< End of report >






OTL Extras logfile created on: 2/19/2010 7:16:49 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = E:\Documents and Settings\Axel.HOME\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 235.00 Mb Available Physical Memory | 46.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): e:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 66.41 Gb Total Space | 53.65 Gb Free Space | 80.79% Space Free | Partition Type: NTFS
Drive D: | 8.11 Gb Total Space | 6.35 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
Drive E: | 74.52 Gb Total Space | 45.60 Gb Free Space | 61.20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: AXEL-HOME
Current User Name: Axel
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- E:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "E:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "E:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "E:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "E:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\BitTornado\btdownloadgui.exe" = E:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"E:\Program Files\WinMX\WinMX.exe" = E:\Program Files\WinMX\WinMX.exe:*:Enabled:WinMX Application -- File not found
"E:\StubInstaller.exe" = E:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- File not found
"E:\Documents and Settings\Axel\Desktop\WinMX.exe" = E:\Documents and Settings\Axel\Desktop\WinMX.exe:*:Enabled:WinMX Application -- File not found
"E:\Program Files\eMule\emule.exe" = E:\Program Files\eMule\emule.exe:*:Enabled:eMule -- File not found
"E:\Program Files\Morpheus\Morpheus.exe" = E:\Program Files\Morpheus\Morpheus.exe:*:Enabled:M5Shell -- File not found
"E:\Program Files\LimeWire\LimeWire.exe" = E:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\iTunes.exe" = C:\iTunes.exe:*:Enabled:iTunes -- File not found
"E:\WINDOWS\system32\dpvsetup.exe" = E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\WINDOWS\scvhost.exe" = E:\WINDOWS\scvhost.exe:*:Enabled:Microsoft Windows -- File not found
"E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" = E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:*:Disabled:Kaspersky Anti-Virus -- File not found
"E:\Program Files\Winamp Remote\bin\Orb.exe" = E:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- File not found
"E:\Program Files\Winamp Remote\bin\OrbTray.exe" = E:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- File not found
"E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = E:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- File not found
"E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = E:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"E:\Program Files\Real\RealPlayer\realplay.exe" = E:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"E:\Program Files\IncrediMail\bin\ImApp.exe" = E:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"E:\Program Files\IncrediMail\bin\IncMail.exe" = E:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"E:\Program Files\IncrediMail\bin\ImpCnt.exe" = E:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"E:\Program Files\Bonjour\mDNSResponder.exe" = E:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Program Files\uTorrent\uTorrent.exe" = E:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\Program Files\Skype\Phone\Skype.exe" = E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{01000A03-E058-11D3-9C13-0000E220DC33}" = Diamond View V4.02
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E6875D5-5A1D-4569-840F-371FF391A4CE}" = ScanButton
"{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 18
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77E70C3C-DBB9-4C47-8663-1E1F81FEC623}" = Logitech QuickCam
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{9769B84A-8A2E-4517-AFD0-E781180EC277}" = Transcode Server
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"7-Zip" = 7-Zip 4.58 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Advanced WindowsCare V2 Personal_is1" = Advanced WindowsCare 2.55 Personal
"AnyDVD" = AnyDVD
"avast!" = avast! Antivirus
"CloneDVD2" = CloneDVD2
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"eBay Icon" = eBay Icon
"EPSON Printer and Utilities" = EPSON Printer Software
"FormatFactory" = FormatFactory 2.20
"GOM Player" = GOM Player
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{2070F79D-46BC-4EEA-8F02-9B4DCABAE7CB}" = iPod for Windows 2006-03-23
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD Ultra
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.3 Full
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orb" = Winamp Remote
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-329068152-1606980848-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2/13/2010 3:40:51 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky
Anti-Virus' is active!, 00000000.

Error - 2/13/2010 3:40:51 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 3:44:43 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Instant Messaging provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 3:44:44 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky
Anti-Virus' is active!, 00000000.

Error - 2/13/2010 3:44:44 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 5:01:11 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Instant Messaging provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 5:01:11 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky
Anti-Virus' is active!, 00000000.

Error - 2/13/2010 5:01:12 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Standard Shield provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 5:05:06 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: Instant Messaging provider: cannot start
because 'Kaspersky Anti-Virus' is active!, 00000000.

Error - 2/13/2010 5:05:06 AM | Computer Name = AXEL-HOME | Source = avast! | ID = 33554522
Description = AAVM - initialization error: P2P provider: cannot start because 'Kaspersky
Anti-Virus' is active!, 00000000.

[ Application Events ]
Error - 2/13/2010 3:41:18 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 3:41:28 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 3:45:10 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 3:47:04 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:01:30 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:01:37 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:03:43 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:05:24 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:05:29 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BD from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/13/2010 5:05:36 AM | Computer Name = AXEL-HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80004002 from line 62 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

[ System Events ]
Error - 2/17/2010 2:49:13 PM | Computer Name = AXEL-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK8 aswSP Fips kl1 klif SCDEmu

Error - 2/17/2010 2:55:43 PM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/17/2010 2:56:52 PM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/18/2010 2:22:00 PM | Computer Name = AXEL-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK8 aswSP Fips kl1 klif SCDEmu

Error - 2/18/2010 2:43:11 PM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/18/2010 2:50:01 PM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/19/2010 4:00:00 AM | Computer Name = AXEL-HOME | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AmdK8 aswSP Fips kl1 klif SCDEmu

Error - 2/19/2010 4:04:45 AM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/19/2010 4:14:17 AM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/19/2010 4:14:19 AM | Computer Name = AXEL-HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 20 February 2010 - 06:07 AM

Hi,

please run ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 20 February 2010 - 08:13 PM

Hi
I'm writing this from my wife's computer.
I got real BIG problems.... Have downloaded Combofix & ran it, was asked to download Microsoft recovery console because I didn't have it, but before I could click on the download button I lost internet connection. In the meantime Combofix ran its course, I couldn't stop it. Now I cannot connect to the internet with my computer. Have been in contact with my internet supplier & everything is fine on their end, they suggest its in my computer & I should ring Microsoft & re-install the start-up disc, or go back to a restore point. I read the log from Combofix & it said it deleted some files, could this be the problem? I have transferred the log onto my wife's computer so I can send it to you. In the log it said I had Kaspersky running, But I didn't renew it when it's term ran out & I changed to Avast Anti-Virus. Every time I would start my computer it would tell me Kaspersky was in conflict with Avast But I couldn't remove or delete it. After I read the Combofix notes, I tried to remove Kaspersky again & it finally worked.
I'm still left with no internet connection or Microsoft Recovery console, yet my wife still has connection to the internet through our router.I have been working in safe mode most of the time, but was told by my internet supplier to go into normal mode for an internet connection but neither work. I am back in safe mode but I'm stuck now.

Please find attached Combofix log.

Many thanks for your help so far.






ComboFix 10-02-20.03 - Axel 02/21/2010 10:37:02.1.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.320 [GMT 11:00]
Running from: e:\documents and settings\Axel.HOME\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100220-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Axel.HOME\Application Data\Desktopicon
e:\documents and settings\Axel.HOME\Application Data\Desktopicon\eBay.ico
e:\documents and settings\Axel.HOME\Application Data\Desktopicon\uninst.exe
e:\documents and settings\Axel.HOME\Favorites\Download programs.url
e:\documents and settings\Axel.HOME\Favorites\Games.url
e:\documents and settings\Axel.HOME\Favorites\Translator.url
e:\documents and settings\Axel.HOME\Favorites\Videos.url
e:\documents and settings\Axel.HOME\Local Settings\Application Data\rmoqkm
e:\documents and settings\Axel.HOME\Local Settings\Application Data\rmoqkm\wtposftav.exe
e:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
e:\windows\run.log
e:\windows\system32\NWHiknpo.ini
e:\windows\system32\NWHiknpo.ini2
e:\windows\system32\sn.txt
e:\windows\system32\YFeedfii.ini
e:\windows\system32\YFeedfii.ini2

.
((((((((((((((((((((((((( Files Created from 2010-01-20 to 2010-02-20 )))))))))))))))))))))))))))))))
.

2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\Malwarebytes
2010-02-13 08:01 . 2009-12-30 03:55 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-13 08:01 . 2009-12-30 03:54 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-12 01:20 . 2010-02-12 01:20 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\IObit
2010-01-27 05:54 . 2010-01-27 05:54 503808 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\msvcp71.dll
2010-01-27 05:54 . 2010-01-27 05:54 499712 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\jmc.dll
2010-01-27 05:54 . 2010-01-27 05:54 348160 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\msvcr71.dll
2010-01-27 05:54 . 2010-01-27 05:54 61440 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21519968-n\decora-sse.dll
2010-01-27 05:54 . 2010-01-27 05:54 12800 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21519968-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-20 23:29 . 2007-03-24 03:24 16972016 --sha-w- e:\windows\system32\drivers\fidbox.idx
2010-02-20 23:29 . 2007-03-24 03:24 1266773792 --sha-w- e:\windows\system32\drivers\fidbox.dat
2010-02-20 23:29 . 2007-03-24 03:24 7472928 --sha-w- e:\windows\system32\drivers\fidbox2.dat
2010-02-20 23:29 . 2007-03-24 03:24 705812 --sha-w- e:\windows\system32\drivers\fidbox2.idx
2010-02-19 23:46 . 2007-04-15 08:10 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\Skype
2010-02-19 23:42 . 2008-04-12 13:05 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\skypePM
2010-02-12 01:20 . 2007-11-06 20:29 -------- d-----w- e:\program files\IObit
2010-02-12 00:39 . 2009-12-24 21:46 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\uTorrent
2010-02-07 03:01 . 2007-04-21 00:47 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\LimeWire
2010-02-04 09:04 . 2007-04-21 00:45 -------- d-----w- e:\program files\Google
2010-02-01 21:39 . 2006-06-14 00:10 -------- d-----w- e:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-27 05:54 . 2005-12-11 03:50 -------- d-----w- e:\program files\Common Files\Java
2010-01-27 05:54 . 2005-12-11 03:53 -------- d-----w- e:\program files\Java
2010-01-10 00:24 . 2009-10-16 12:53 -------- d-----w- e:\program files\LimeWire
2010-01-05 10:00 . 2004-08-04 12:00 832512 ----a-w- e:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ------w- e:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-26 21:14 . 2009-12-26 21:14 -------- d-----w- e:\documents and settings\All Users\Application Data\3cb3589
2009-12-24 21:46 . 2009-12-24 21:46 -------- d-----w- e:\program files\uTorrent
2009-12-17 06:14 . 2008-12-09 09:29 411368 ----a-w- e:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2005-09-18 13:34 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- e:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 12:00 2189184 ----a-w- e:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ----a-w- e:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- e:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- e:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- e:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- e:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- e:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- e:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- e:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2008-06-24 09:27 1280480 ----a-w- e:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-06-24 09:27 93424 ----a-w- e:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-06-24 09:27 94160 ----a-w- e:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-06-24 09:27 114768 ----a-w- e:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-06-24 09:27 20560 ----a-w- e:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-06-24 09:27 48560 ----a-w- e:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-06-24 09:27 23120 ----a-w- e:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-06-24 09:27 27408 ----a-w- e:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-06-24 09:27 97480 ----a-w- e:\windows\system32\AvastSS.scr
2008-03-18 15:31 . 2008-06-11 01:25 1853705 ----a-w- e:\program files\supersplitter.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 08:50 809864 ----a-w- e:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="e:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 1880064]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="e:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-02-01 98304]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

e:\documents and settings\Axel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
VIA RAID TOOL.lnk - e:\program files\VIA\RAID\raid_tool.exe [2005-9-20 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 WMIBIOS;%WMIBIOS.ServiceName%;e:\windows\system32\drivers\wmibios.sys [9/20/2005 2:40 PM 18272]
R3 WMIINFO;WMIINFO Driver;e:\windows\system32\drivers\wmiinfo.sys [9/20/2005 2:40 PM 21184]
S1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [6/24/2008 8:27 PM 114768]
S2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [6/24/2008 8:27 PM 20560]
S2 GLOGODrv;GLOGODrv;e:\windows\system32\drivers\GLOGODrv.sys [7/5/2007 1:39 PM 13332]
S2 gupdate1c9c792beec09e4;Google Update Service (gupdate1c9c792beec09e4);e:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 10:49 AM 133104]
S3 ECTIVA;ECTIVA Audio 5.1 (WDM);e:\windows\system32\drivers\ECTIVA.sys [9/20/2005 9:18 PM 1124864]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);e:\windows\system32\drivers\LV551AV.sys [5/18/2008 4:59 PM 220055]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-02-20 e:\windows\Tasks\Google Software Updater.job
- e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-15 04:08]

2010-02-20 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 23:49]

2010-02-12 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 23:49]

2010-02-12 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program files\Ask.com\UpdateTask.exe [2009-04-02 08:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - e:\documents and settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com.au
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WebCamRT.exe - (no file)
HKU-Default-Run-InstallProgram - e:\documents and settings\Axel.HOME\My Documents\My Videos\setup_241_3777_20402_.exe
HKU-Default-RunOnce-FlashPlayerUpdate - e:\windows\system32\Macromed\Flash\FlashUtil9f.exe
Notify-pmnkHWnO - pmnkHWnO.dll
Notify-ssqPHAQK - ssqPHAQK.dll
AddRemove-eBay Icon - e:\documents and settings\Axel.HOME\Application Data\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 10:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2010-02-21 10:46:06
ComboFix-quarantined-files.txt 2010-02-20 23:45

Pre-Run: 48,941,576,192 bytes free
Post-Run: 51,623,710,720 bytes free

- - End Of File - - A8605ABB323D2655C11CE3D4428D7644


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 21 February 2010 - 08:11 AM

Hi,

please reboot and let me know if that fixes your internet connection. The log from ComboFix does not indicate anything relevant to your internet connection to have been modified.

It may be that removing Kaspersky has been causing the problem:
The following removal utility can be used to uninstall the program if the uninstall via Add/remove does not work:
  • Download the archive Kavremover
  • Unpack kavremover10.exe from the archive
  • Run the file kavremover10.exe
  • Enter the code from the picture
  • Click remove
  • Wait until the program confirms the removal and click ok
  • Restart your computer

For illustrated instructions please refer to here: Kaspersky-FAQ

Let me know if that fixes the problem.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 22 February 2010 - 03:18 AM

Hi Again,
Didn't need Kavremover because I was able to remove Kaspersky from my e drive while I was in safe mode. I still don't have any internet connection whether I'm in safe or normal mode so I can't download Microsoft Recovery. I tried to run Combofix again & it tells me to download M/S recovery. Can I get my wife to download in on her computer & then transfer it to my computer. If that works do you want me to run Combofix again & send you the log results or is there something else you want me to try??

Many Thanks

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 22 February 2010 - 03:49 PM

Hi,

please run KAVRemover, sometimes the removal through Add/Remove leaves some left-overs that need to be removed. KAVRemover should take care of those, this is why I would like you to use it.

If you want to run ComboFix offline, then download the tools needed to a flash drive or other removable media, and transfer them to the infected computer.

***************************************************

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.


Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System




Download the file & save it as it's originally named.


---------------------------------------------------------------------

Transfer all files you just downloaded, to the desktop of the infected computer.

--------------------------------------------------------------------


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools



  • Drag the setup package onto ComboFix.exe and drop it.

  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.





  • At the next prompt, click 'Yes' to run the full ComboFix scan.

  • When the tool is finished, it will produce a report for you.
Please post the C:\ComboFix.txt in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 23 February 2010 - 04:59 AM

Hi again,
I ran Kavremover & it couldn't find anything, downloaded M/S Recovery console( from my wife's computer) & placed it on top of Combofix, it ran & popped out a log. In the log it says Kaspersky is still running yet Kavremover couldn't find any trace.
Please find attached log .I have re-booted in safe & normal modes & still no internet connection.
What next??? I await your command.

Thank You.



ComboFix 10-02-20.03 - Axel 02/23/2010 19:18:17.2.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.1252.61.1033.18.511.297 [GMT 11:00]
Running from: e:\documents and settings\Axel.HOME\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Axel.HOME\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1368 [VPS 100220-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-21 20:24 . 2010-02-21 20:24 664 ----a-w- e:\windows\system32\d3d9caps.dat
2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\Malwarebytes
2010-02-13 08:01 . 2009-12-30 03:55 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys
2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-02-13 08:01 . 2010-02-13 08:01 -------- d-----w- e:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-13 08:01 . 2009-12-30 03:54 19160 ----a-w- e:\windows\system32\drivers\mbam.sys
2010-02-12 01:20 . 2010-02-12 01:20 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\IObit
2010-01-27 05:54 . 2010-01-27 05:54 503808 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\msvcp71.dll
2010-01-27 05:54 . 2010-01-27 05:54 499712 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\jmc.dll
2010-01-27 05:54 . 2010-01-27 05:54 348160 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7809b0ec-n\msvcr71.dll
2010-01-27 05:54 . 2010-01-27 05:54 61440 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21519968-n\decora-sse.dll
2010-01-27 05:54 . 2010-01-27 05:54 12800 ----a-w- e:\documents and settings\Axel.HOME\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-21519968-n\decora-d3d.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 08:01 . 2007-03-24 03:24 16972208 --sha-w- e:\windows\system32\drivers\fidbox.idx
2010-02-22 08:01 . 2007-03-24 03:24 7474208 --sha-w- e:\windows\system32\drivers\fidbox2.dat
2010-02-22 08:01 . 2007-03-24 03:24 705932 --sha-w- e:\windows\system32\drivers\fidbox2.idx
2010-02-22 08:01 . 2007-03-24 03:24 1266788128 --sha-w- e:\windows\system32\drivers\fidbox.dat
2010-02-19 23:46 . 2007-04-15 08:10 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\Skype
2010-02-19 23:42 . 2008-04-12 13:05 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\skypePM
2010-02-12 01:20 . 2007-11-06 20:29 -------- d-----w- e:\program files\IObit
2010-02-12 00:39 . 2009-12-24 21:46 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\uTorrent
2010-02-07 03:01 . 2007-04-21 00:47 -------- d-----w- e:\documents and settings\Axel.HOME\Application Data\LimeWire
2010-02-04 09:04 . 2007-04-21 00:45 -------- d-----w- e:\program files\Google
2010-02-01 21:39 . 2006-06-14 00:10 -------- d-----w- e:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-27 05:54 . 2005-12-11 03:50 -------- d-----w- e:\program files\Common Files\Java
2010-01-27 05:54 . 2005-12-11 03:53 -------- d-----w- e:\program files\Java
2010-01-10 00:24 . 2009-10-16 12:53 -------- d-----w- e:\program files\LimeWire
2010-01-05 10:00 . 2004-08-04 12:00 832512 ------w- e:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- e:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ------w- e:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- e:\windows\system32\drivers\srv.sys
2009-12-26 21:14 . 2009-12-26 21:14 -------- d-----w- e:\documents and settings\All Users\Application Data\3cb3589
2009-12-17 06:14 . 2008-12-09 09:29 411368 ----a-w- e:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2005-09-18 13:34 343040 ----a-w- e:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 12:00 33280 ----a-w- e:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2004-08-04 12:00 2189184 ------w- e:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- e:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2004-08-04 12:00 455424 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2004-08-04 12:00 1291776 ----a-w- e:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- e:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 28672 ----a-w- e:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- e:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 12:00 84992 ----a-w- e:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 12:00 11264 ----a-w- e:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- e:\windows\system32\iyuv_32.dll
2008-03-18 15:31 . 2008-06-11 01:25 1853705 ----a-w- e:\program files\supersplitter.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 08:50 809864 ----a-w- e:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "e:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="e:\program files\Ahead\Nero BackItUp\NBJ.exe" [2004-11-10 1880064]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="e:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2002-02-01 98304]
"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]

e:\documents and settings\Axel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - e:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
VIA RAID TOOL.lnk - e:\program files\VIA\RAID\raid_tool.exe [2005-9-20 585728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"e:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 WMIBIOS;%WMIBIOS.ServiceName%;e:\windows\system32\drivers\wmibios.sys [9/20/2005 2:40 PM 18272]
R3 WMIINFO;WMIINFO Driver;e:\windows\system32\drivers\wmiinfo.sys [9/20/2005 2:40 PM 21184]
S1 aswSP;avast! Self Protection;e:\windows\system32\drivers\aswSP.sys [6/24/2008 8:27 PM 114768]
S2 aswFsBlk;aswFsBlk;e:\windows\system32\drivers\aswFsBlk.sys [6/24/2008 8:27 PM 20560]
S2 GLOGODrv;GLOGODrv;e:\windows\system32\drivers\GLOGODrv.sys [7/5/2007 1:39 PM 13332]
S2 gupdate1c9c792beec09e4;Google Update Service (gupdate1c9c792beec09e4);e:\program files\Google\Update\GoogleUpdate.exe [4/28/2009 10:49 AM 133104]
S3 ECTIVA;ECTIVA Audio 5.1 (WDM);e:\windows\system32\drivers\ECTIVA.sys [9/20/2005 9:18 PM 1124864]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);e:\windows\system32\drivers\LV551AV.sys [5/18/2008 4:59 PM 220055]
.
Contents of the 'Scheduled Tasks' folder

2010-01-22 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:34]

2010-02-22 e:\windows\Tasks\Google Software Updater.job
- e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-15 04:08]

2010-02-22 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 23:49]

2010-02-12 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2009-04-27 23:49]

2010-02-22 e:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- e:\program files\Ask.com\UpdateTask.exe [2009-04-02 08:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
IE: Google Sidewiki... - e:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - e:\documents and settings\Axel.HOME\Application Data\Mozilla\Firefox\Profiles\o50flmlv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - google.com.au
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: e:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: e:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: e:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-23 19:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1396)
e:\windows\system32\WININET.dll
.
Completion time: 2010-02-23 19:27:28
ComboFix-quarantined-files.txt 2010-02-23 08:27
ComboFix2.txt 2010-02-20 23:46

Pre-Run: 51,648,184,320 bytes free
Post-Run: 51,593,109,504 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin /safeboot:minimal
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition (Backup)" /fastdetect

- - End Of File - - 75DCAACA7FBCF483FFE75C4CECF0CC8F


#10 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 24 February 2010 - 03:35 AM

Hi again, Sorry about this double post,
Just to update you, I managed to get my internet connection up & running by going to network
connections & right clicking.
Even though I ran KavRemover & It couldn't find Kaspersky, when I turned my Avast anti-virus
back on, the computer said that Kaspersky was running in the backround. It doesn't seem to be
a big problem as Avast seems to be working alright
Is there anything else I should be doing now? as my computer seems to
be running as before I got infected with malware.

Many Thanks

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 26 February 2010 - 11:10 AM

Hi,

In reference to the "Kaspersky" warning you probably have remnants that Avast has detected. Lets fix that.

Please do this.....

1. Click on the Start menu.
2. Select Run...
3. Type wbemtest and click OK
4. Connect to root\SecurityCenter
5. Click on Query
6. Type in SELECT * FROM AntiVirusProduct and click on Apply



If there is more than one result, it means there is more than one Antivirus program installed. Double click on each result to view the properties for that Antivirus product. Identify the product(s) installed and DELETE any records for an Antivirus software that is no longer installed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 01 March 2010 - 05:33 PM

Hi Again
Have run the above program & it showed I had two anti-virus running, so
I deleted Kaspersky. Re-started computer but it still comes up saying that
there is a conflict with the on access of avast and kaspersky. I have run
Microsoft search engine of all my files & found a hidden Kaspersky folder
which I deleted. Re-started again but still the same result I'm at a lose
as to where the Kaspersky remnant is hiding. At least we're getting closer.
The computer is probably back to 90-95%.

Thanks again for your time & effort .



#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 01 March 2010 - 06:11 PM

Hi,

could you please repeat the instructions from my last reply and make sure that Kaspersky is really gone.

Then please provide a new complete otl log:
  1. Double click on the icon on your desktop.
  2. Click the "Scan All Users" checkbox.
  3. Under Extra registry select use safelist.
  4. Push the button.
  5. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 AxelH

AxelH
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:12:08 AM

Posted 01 March 2010 - 07:05 PM

Hi Again,
Have re-run yesterday's check & only 1 anti-virus is showing (Avast).
Have re-run OTL & I have attached both reports for you


Thank you

Attached Files



#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:08 PM

Posted 02 March 2010 - 07:26 AM

Hi,

let's see if we can take it out with a script:
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    SRV - File not found [On_Demand | Stopped] --  -- (AVP)
    DRV - [2007/01/25 19:27:38 | 000,109,848 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- E:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
    :commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users