Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Im being Redirected


  • This topic is locked This topic is locked
16 replies to this topic

#1 Superpiggy95

Superpiggy95

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 28 April 2010 - 04:39 PM

Help
Im am being redirect and my computer is SO slow

Here is my HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:39:38, on 28/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Michael\Desktop\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ft.com/home/uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} (FBootloaderAX) - http://static.ak.facebook.com/fbplugin/win...fbootloader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPGService - Hauppauge Computer Works - C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 8536 bytes

Hi, here is my DDS log:
Please help

DDS (Ver_10-03-17.01) - NTFSx86
Run by Michael at 19:16:06.60 on 29/04/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3061.2407 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michael\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ft.com/home/uk
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [AdobeBridge]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {61878FA3-6AD5-386A-048B-4DE251DBDCAE} - c:\windows\system32:msdllrv.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michael\applic~1\mozilla\firefox\profiles\jpaes89a.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\michael\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\parallelgraphics\cortona\npCortona.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-3-29 162768]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-3-29 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-29 40384]
R2 EPGService;EPGService;c:\progra~1\wintv\epg services\system\EPGService.exe [2009-10-27 437248]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-29 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-29 40384]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2009-10-27 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [2009-10-27 15616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-18 135664]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\wintv\HCWTVS~1.EXE [2009-10-27 823296]

=============== Created Last 30 ================

2010-04-27 22:06:56 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-27 21:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-04-27 21:31:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-27 21:31:12 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
2010-04-27 21:01:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-04-27 21:01:37 0 d-----w- c:\docume~1\michael\applic~1\Azureus
2010-04-27 21:00:38 0 d-----w- c:\program files\Vuze
2010-04-27 19:35:23 0 d-----w- c:\program files\Spyware Doctor
2010-04-25 12:30:26 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 21:41:24 0 d-----w- c:\docume~1\michael\applic~1\Facebook
2010-04-02 12:44:47 0 d-----w- c:\program files\iPod
2010-04-02 12:44:40 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 12:39:09 0 d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-03-29 23:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 22:26:58 58104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-02-16 21:06:36 150951 ----a-w- c:\windows\hpoins30.dat
2010-02-12 10:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe

============= FINISH: 19:16:17.31 ===============

EDIT: Posts Merged ~BP

Attached Files


Edited by Budapest, 01 May 2010 - 05:25 PM.


BC AdBot (Login to Remove)

 


#2 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 02 May 2010 - 12:46 PM

Can someone help me ? please

#3 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 03 May 2010 - 10:11 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#4 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 05 May 2010 - 03:34 PM

Hi Thanks.

OTL:
OTL logfile created on: 05/05/2010 21:23:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 280.68 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15.00 Gb Total Space | 11.47 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
Drive K: | 27.94 Gb Total Space | 23.52 Gb Free Space | 84.20% Space Free | Partition Type: FAT32

Computer Name: CJ2
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/14 17:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008/06/12 02:25:18 | 000,037,232 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe
PRC - [2008/04/14 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 00:00:00 | 000,196,608 | ---- | M] () -- \\?\C:\WINDOWS\System32\WBEM\WMIADAP.EXE
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/15 14:12:54 | 000,339,968 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\Accessor\HDD1\SPUHDD1AppLauncher.exe
PRC - [2007/01/15 14:12:42 | 001,523,712 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\Accessor\HDD1\SPUHDD1Utility.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
PRC - [2007/01/15 13:23:08 | 003,801,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\Browser\SPUBrowser.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
MOD - [2008/08/14 09:14:14 | 000,079,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
MOD - [2008/04/14 00:00:00 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/14 00:00:00 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 00:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 00:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 00:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 00:00:00 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/18 14:49:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/02 16:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/22 09:45:32 | 000,371,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/04 17:51:28 | 004,943,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/30 22:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/17 16:59:02 | 000,015,616 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008/04/17 16:58:00 | 000,560,640 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2007/04/16 15:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ft.com/home/uk
IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 0F 21 36 D3 88 CA 01 [binary data]
IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/02/16 21:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 23:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 21:37:03 | 000,000,000 | ---D | M]

[2009/10/27 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/04/28 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions
[2010/03/13 14:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\{31a48160-39fc-11de-8a39-0800200c9a66}
[2010/04/28 22:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/29 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\facepad@lazyrussian.com
[2010/04/28 22:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 13:30:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/13 14:01:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 14:01:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 14:01:01 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 14:01:01 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/27 20:41:03 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/27 17:11:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/10/27 16:55:04 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/05 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Sony Corporation
[2010/05/05 21:16:21 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2010/05/05 21:16:21 | 000,102,220 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvs1.sys
[2010/05/05 21:16:21 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\SONYHCY.DLL
[2010/05/05 21:16:21 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2010/05/05 21:16:21 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2010/05/05 21:16:21 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/05/05 21:16:08 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/05/05 21:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/05/05 21:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/05/05 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Videos
[2010/05/05 20:50:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/05/02 19:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/05/02 19:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 18:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/02 18:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Conduit
[2010/05/02 18:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Vuze_Remote
[2010/05/02 18:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2010/05/02 17:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 17:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/01 21:37:43 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/05/01 21:37:43 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/04/30 22:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sibelius Software
[2010/04/30 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Scores
[2010/04/29 19:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\gmer
[2010/04/28 22:36:48 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Michael\Desktop\HijackThis.exe
[2010/04/28 22:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 23:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/27 22:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/27 22:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/27 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/27 22:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Vuze Downloads
[2010/04/27 22:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/27 22:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Azureus
[2010/04/27 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/04/27 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 13:30:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/23 22:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Facebook
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 21:23:23 | 000,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 21:23:23 | 000,395,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 21:23:23 | 000,059,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 21:18:35 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 21:18:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 21:18:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 21:17:13 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Michael\NTUSER.DAT
[2010/05/05 21:17:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010/05/05 21:16:03 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/05/05 21:14:07 | 000,001,683 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Picture Motion Browser.lnk
[2010/05/05 20:56:15 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/05/05 20:46:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/03 09:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/02 17:30:34 | 002,167,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 21:40:33 | 000,074,920 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/30 22:57:53 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
[2010/04/30 22:56:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/04/28 23:25:11 | 011,779,584 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Vincent Van Gogh.ppt
[2010/04/28 21:02:12 | 000,000,786 | -H-- | M] () -- C:\IPH.PH
[2010/04/27 20:41:03 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 21:34:32 | 000,000,483 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/16 17:51:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/16 13:27:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\TFL complaint.doc
[2010/04/15 18:50:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Naruto Openings and endings.doc
[2010/04/15 18:50:16 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\One Piece openings and endings.doc
[2010/04/15 18:48:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Bleach Openings and Endings.doc
[2010/04/15 09:19:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/14 17:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 17:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 17:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 21:16:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/05/05 21:16:03 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/05/05 21:14:07 | 000,001,683 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Picture Motion Browser.lnk
[2010/04/30 22:57:53 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/04/30 22:55:38 | 000,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/04/25 13:09:59 | 011,779,584 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Vincent Van Gogh.ppt
[2010/04/16 12:09:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\TFL complaint.doc
[2010/04/15 18:50:16 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\One Piece openings and endings.doc
[2010/04/15 18:49:37 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Naruto Openings and endings.doc
[2010/04/15 18:48:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Bleach Openings and Endings.doc
[2010/01/03 20:05:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/16 17:20:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/12/08 23:24:56 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/10/27 19:08:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/10/27 17:53:30 | 000,032,297 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/27 17:53:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/10/27 17:53:08 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/27 17:53:07 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009/10/27 17:51:18 | 000,006,691 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/10/27 17:50:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/27 17:25:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %appdata%\*.* >
[2009/10/27 17:00:47 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Michael\Application Data\desktop.ini
[2010/04/04 00:11:28 | 000,038,456 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft Excel.ADR
[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: ATAPI.SYS >
[2008/04/14 00:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 00:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: BEEP.SYS >
[2008/04/14 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2008/04/14 00:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 00:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/07/20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\WINDOWS\Dell\Intel\IaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 00:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2008/04/14 00:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\dllcache\proquota.exe
[2008/04/14 00:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2008/04/14 00:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 00:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2008/04/14 00:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\dllcache\sfcfiles.dll
[2008/04/14 00:00:00 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 3398 bytes -> C:\WINDOWS\system32:msdllrv
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >


Extras.Txt:
OTL Extras logfile created on: 05/05/2010 21:23:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 280.68 Gb Free Space | 62.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15.00 Gb Total Space | 11.47 Gb Free Space | 76.50% Space Free | Partition Type: NTFS
Drive K: | 27.94 Gb Total Space | 23.52 Gb Free Space | 84.20% Space Free | Partition Type: FAT32

Computer Name: CJ2
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\PROGRA~1\MICROS~2\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\PROGRA~1\MICROS~2\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"J:\setup\hpznui01.exe" = J:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"J:\setup\hpznui01.exe" = J:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe:*:Enabled:Age of Empires III - The WarChiefs -- (Ensemble Studios)
"C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe" = C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:*:Enabled:Age of Empires III - The Asian Dynasties -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- File not found
"C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat" = C:\Program Files\Steam\steamapps\common\zero gear\ZeroGear.bat:*:Enabled:Zero Gear -- File not found
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe" = C:\Program Files\Sibelius Software\Sibelius 6\RegTool.exe:*:Enabled:RegTool.exe -- ()
"C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe" = C:\Program Files\Sibelius Software\Sibelius 6\Sibelius.exe:*:Enabled:Sibelius.exe -- (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status
"{0451FD8E-D80E-4BA6-AE02-EBE80A059CB0}" = Sibelius Scorch (ActiveX Only)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}" = Sibelius 6
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{403E07CF-040C-4653-85C6-1053B992CA53}" = C4580
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47ECCB1F-2811-49C0-B6A7-26778639ABA0}" = 32 Bit HP CIO Components Installer
"{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6EED4269-588D-45b8-A80C-26A9CA62EE4E}" = HPSSupply
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9603DE6D-4567-4b78-B941-849322373DE2}" = SolutionCenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
"{9D1B99B7-DAD8-440d-B4FB-1915332FBCC2}" = HPProductAssistant
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1" = Sibelius Sounds Essentials for Sibelius 6
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F648FD09-7CEA-4257-BC68-A8389189FD51}" = GPBaseService2
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AIM_7" = AIM 7
"avast5" = avast! Free Antivirus
"BitTorrent" = BitTorrent
"Bridge_Base_Online" = Bridge Base Online
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DAE4A0A1-BB7C-4D9F-A853-A39A81F8A82B" = Mac OS X Cursors
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV" = Hauppauge WinTV
"Hauppauge WinTV Diversity Tool" = Hauppauge WinTV Diversity Tool
"Hauppauge WinTV DVB-T EPG Service" = Hauppauge WinTV DVB-T EPG Service
"Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote
"Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler
"Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 12.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 12.0
"HPExtendedCapabilities" = HP Customer Participation Program 12.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"RocketDock_is1" = RocketDock 1.3.5
"Shop for HP Supplies" = Shop for HP Supplies
"Spotify" = Spotify
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-448539723-1343024091-1801674531-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25/04/2010 17:11:17 | Computer Name = CJ2 | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/04/2010 17:11:17 | Computer Name = CJ2 | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 25/04/2010 17:11:17 | Computer Name = CJ2 | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 27/04/2010 15:35:56 | Computer Name = CJ2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 27/04/2010 15:35:59 | Computer Name = CJ2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 29/04/2010 15:10:23 | Computer Name = CJ2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/04/2010 15:11:47 | Computer Name = CJ2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 29/04/2010 16:02:55 | Computer Name = CJ2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 17:19:11 | Computer Name = CJ2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x001c6779.

Error - 30/04/2010 18:01:35 | Computer Name = CJ2 | Source = Application Hang | ID = 1002
Description = Hanging application Sibelius.exe, version 6.0.0.54, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 07/04/2010 15:25:51 | Computer Name = CJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 07/04/2010 15:26:42 | Computer Name = CJ2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 07/04/2010 15:26:42 | Computer Name = CJ2 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 08/04/2010 13:57:20 | Computer Name = CJ2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 08/04/2010 13:59:35 | Computer Name = CJ2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the iPod Service service
to connect.

Error - 08/04/2010 13:59:35 | Computer Name = CJ2 | Source = Service Control Manager | ID = 7000
Description = The iPod Service service failed to start due to the following error:
%%1053

Error - 19/04/2010 09:10:49 | Computer Name = CJ2 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 19/04/2010 10:09:48 | Computer Name = CJ2 | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 28/04/2010 17:14:12 | Computer Name = CJ2 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 a6f0b000, parameter2 00000000, parameter3
8052e519, parameter4 00000000.

Error - 30/04/2010 18:24:28 | Computer Name = CJ2 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 05 May 2010 - 06:31 PM

Hi Superpiggy95,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O3 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-448539723-1343024091-1801674531-1005..\Run: [AdobeBridge] File not found
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\cf - No CLSID value found[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]@Alternate Data Stream - 3398 bytes -> C:\WINDOWS\system32:msdllrv
    @Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#6 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 06 May 2010 - 03:40 PM

here is the custom scan results
still being redirected

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-448539723-1343024091-1801674531-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-448539723-1343024091-1801674531-1005\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Starting removal of ActiveX control {32C3FEAE-0877-4767-8C20-62A5829A0945}
C:\WINDOWS\Downloaded Program Files\axfbootloader.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32C3FEAE-0877-4767-8C20-62A5829A0945}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cf\ deleted successfully.
File Protocol\Handler\cf - No CLSID value found[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]@Alternate Data Stream - 3398 bytes -> C:\WINDOWS\system32:msdllrv not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: CJ
->Temp folder emptied: 686215 bytes
->Temporary Internet Files folder emptied: 6158814 bytes
->Java cache emptied: 37891446 bytes
->FireFox cache emptied: 66915170 bytes
->Flash cache emptied: 3819 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Jordan
->Temp folder emptied: 722708 bytes
->Temporary Internet Files folder emptied: 53547946 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 2850 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: Michael
->Temp folder emptied: 156156359 bytes
->Temporary Internet Files folder emptied: 135185079 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 34472027 bytes
->Apple Safari cache emptied: 17935561 bytes
->Flash cache emptied: 64189 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Tamy
->Temp folder emptied: 643268 bytes
->Temporary Internet Files folder emptied: 8012538 bytes
->Java cache emptied: 14381721 bytes
->FireFox cache emptied: 38933259 bytes
->Flash cache emptied: 3152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 3690001 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 662458 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3695845565 bytes

Total Files Cleaned = 4,076.00 mb


[EMPTYFLASH]

User: All Users

User: CJ
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jordan
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

User: Tamy
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05062010_212623

Files\Folders moved on Reboot...
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\V9WC4PVL\10[2].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\V9WC4PVL\10[3].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\UCM9W25T\10[1].htm moved successfully.
File\Folder C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\UCM9W25T\profile[1].htm not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\UCM9W25T\profile[2].htm not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\SDUWT4WX\nickyau[1].htm not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RYB2PAG6\home[1].htm not found!
File\Folder C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RYB2PAG6\profile[1].htm not found!
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\RYB2PAG6\redirectiframe[1].html moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\9J7COLGB\10[1].htm moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


#7 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 06 May 2010 - 03:49 PM

Here is normal otl logfile

OTL logfile created on: 06/05/2010 21:45:51 - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 450.70 Gb Total Space | 281.83 Gb Free Space | 62.53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 15.00 Gb Total Space | 11.47 Gb Free Space | 76.50% Space Free | Partition Type: NTFS

Computer Name: CJ2
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/14 17:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/09/30 20:58:42 | 000,026,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe
PRC - [2008/04/14 00:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/02 14:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
PRC - [2007/01/15 13:23:48 | 000,344,064 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe


========== Modules (SafeList) ==========

MOD - [2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
MOD - [2008/04/14 00:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/09/02 14:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/04/14 17:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/18 14:49:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/02 16:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Program Files\WinTV\HCWTVServer.exe -- (HauppaugeTVServer)
SRV - [2008/05/30 12:07:20 | 000,437,248 | ---- | M] (Hauppauge Computer Works) [Auto | Running] -- C:\Program Files\WinTV\EPG Services\System\EPGService.exe -- (EPGService)


========== Driver Services (SafeList) ==========

DRV - [2010/04/22 09:45:32 | 000,371,248 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/11/04 17:51:28 | 004,943,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/10/30 22:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2008/04/17 16:59:02 | 000,015,616 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95rc.sys -- (hcw95rc)
DRV - [2008/04/17 16:58:00 | 000,560,640 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcw95bda.sys -- (hcw95bda)
DRV - [2008/04/14 01:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008/04/14 00:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2007/04/16 15:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ft.com/home/uk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 0F 21 36 D3 88 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: facepad@lazyrussian.com:0.7.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: ""


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/02/16 21:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 23:25:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/01 21:37:03 | 000,000,000 | ---D | M]

[2009/10/27 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Extensions
[2010/04/28 22:54:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions
[2010/03/13 14:08:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\{31a48160-39fc-11de-8a39-0800200c9a66}
[2010/04/28 22:14:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/03/29 11:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\extensions\facepad@lazyrussian.com
[2010/04/28 22:54:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 13:30:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/08/16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008/08/16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008/08/16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008/05/21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008/05/21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008/05/21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/08/16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2007/03/10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2008/08/16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2010/03/13 14:01:01 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/13 14:01:01 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/13 14:01:01 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/13 14:01:01 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/27 20:41:03 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/27 17:11:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/06 21:26:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/05 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/05 21:19:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Sony Corporation
[2010/05/05 21:16:21 | 000,299,923 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcs.sys
[2010/05/05 21:16:21 | 000,102,220 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonypvs1.sys
[2010/05/05 21:16:21 | 000,053,248 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\SONYHCY.DLL
[2010/05/05 21:16:21 | 000,038,739 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcc.sys
[2010/05/05 21:16:21 | 000,006,097 | ---- | C] (Sony Corporation) -- C:\WINDOWS\System32\drivers\sonyhcb.sys
[2010/05/05 21:16:21 | 000,000,000 | ---D | C] -- C:\Drivers
[2010/05/05 21:16:08 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2010/05/05 21:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2010/05/05 21:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010/05/05 20:52:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Desktop\Videos
[2010/05/05 20:50:21 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/05/02 19:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Security Scan
[2010/05/02 19:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2010/05/02 18:39:18 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/02 18:39:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Conduit
[2010/05/02 18:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Local Settings\Application Data\Vuze_Remote
[2010/05/02 18:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze_Remote
[2010/05/02 17:44:13 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/02 17:39:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/01 21:37:43 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\WINDOWS\System32\AdobePDF.dll
[2010/05/01 21:37:43 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\WINDOWS\System32\AdobePDFUI.dll
[2010/04/30 22:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sibelius Software
[2010/04/30 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Scores
[2010/04/28 22:12:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 23:06:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/27 22:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/27 22:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/04/27 22:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/04/27 22:03:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Vuze Downloads
[2010/04/27 22:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/04/27 22:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Azureus
[2010/04/27 22:00:38 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2010/04/27 20:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/04/25 13:30:26 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/23 22:41:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Facebook
[2010/04/08 13:20:02 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/06 21:41:00 | 000,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/06 21:41:00 | 000,395,974 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/06 21:41:00 | 000,059,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/06 21:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/06 21:36:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/06 21:36:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/06 21:36:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/06 21:35:33 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Michael\NTUSER.DAT
[2010/05/06 21:35:33 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010/05/05 21:16:03 | 000,001,983 | ---- | M] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/05/05 20:56:15 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/05 20:50:22 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\Desktop\OTL.exe
[2010/05/05 20:46:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/02 17:30:34 | 002,167,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/01 21:40:33 | 000,074,920 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/30 22:57:53 | 000,000,604 | -H-- | M] () -- C:\Program Files\STLL Notifier
[2010/04/30 22:56:43 | 000,000,452 | ---- | M] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/04/28 23:25:11 | 011,779,584 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Vincent Van Gogh.ppt
[2010/04/28 21:02:12 | 000,000,786 | -H-- | M] () -- C:\IPH.PH
[2010/04/27 20:41:03 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/21 21:34:32 | 000,000,483 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/16 17:51:20 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/04/16 13:27:47 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\TFL complaint.doc
[2010/04/15 18:50:42 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Naruto Openings and endings.doc
[2010/04/15 18:50:16 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\One Piece openings and endings.doc
[2010/04/15 18:48:00 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Michael\My Documents\Bleach Openings and Endings.doc
[2010/04/15 09:19:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/14 17:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/14 17:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/14 17:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/14 17:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/14 17:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/14 17:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/14 17:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/14 17:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/14 17:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/12 17:29:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/12 17:29:26 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/12 15:19:02 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/08 13:20:02 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2010/04/08 13:20:02 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[1 C:\Documents and Settings\Michael\Application Data\*.tmp files -> C:\Documents and Settings\Michael\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/05 21:16:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2010/05/05 21:16:03 | 000,001,983 | ---- | C] () -- C:\Documents and Settings\Michael\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2010/04/30 22:57:53 | 000,000,604 | -H-- | C] () -- C:\Program Files\STLL Notifier
[2010/04/30 22:55:38 | 000,000,452 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2010/04/25 13:09:59 | 011,779,584 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Vincent Van Gogh.ppt
[2010/04/16 12:09:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\TFL complaint.doc
[2010/04/15 18:50:16 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\One Piece openings and endings.doc
[2010/04/15 18:49:37 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Naruto Openings and endings.doc
[2010/04/15 18:48:00 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Michael\My Documents\Bleach Openings and Endings.doc
[2010/01/03 20:05:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/16 17:20:27 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/12/08 23:24:56 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2009/10/27 19:08:08 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2009/10/27 17:53:30 | 000,032,297 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/27 17:53:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2009/10/27 17:53:08 | 000,000,483 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/27 17:53:07 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll
[2009/10/27 17:51:18 | 000,006,691 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2009/10/27 17:50:45 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/27 17:25:51 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 3398 bytes -> C:\WINDOWS\system32:msdllrv
< End of report >


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 06 May 2010 - 05:31 PM

Hello,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#9 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 07 May 2010 - 04:54 PM

Hi,

I can do this tomorrow
bit busy at the moment sorry

Edited by Superpiggy95, 07 May 2010 - 04:55 PM.


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 07 May 2010 - 06:48 PM

No problem thumbup2.gif

unite.jpg


#11 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 08 May 2010 - 02:16 PM

ComboFix 10-05-07.07 - Michael 08/05/2010 19:55:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3061.2665 [GMT 1:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\AbaleZip.dll
c:\windows\usgwmt
c:\windows\usgwmt\BReWErS.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-08 to 2010-05-08 )))))))))))))))))))))))))))))))
.

2010-05-06 20:26 . 2010-05-06 20:26 -------- d-----w- C:\_OTL
2010-05-05 21:00 . 2010-05-05 21:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-05 20:19 . 2010-05-05 20:19 -------- d-----w- c:\documents and settings\Michael\Application Data\Sony Corporation
2010-05-05 20:16 . 2010-05-05 20:16 -------- d-----w- C:\Drivers
2010-05-05 20:16 . 2006-10-30 12:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-05-05 20:16 . 2006-10-30 12:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-05-05 20:16 . 2006-10-30 12:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-05-05 20:16 . 2006-10-30 12:46 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-05-05 20:16 . 2006-10-30 12:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-05-05 20:16 . 2006-10-30 12:46 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-05-05 20:14 . 2010-05-05 20:14 -------- d-----w- c:\program files\Sony
2010-05-05 20:13 . 2010-05-05 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-05-02 18:31 . 2010-05-02 20:32 -------- d-----w- c:\program files\Norton Security Scan
2010-05-02 18:31 . 2010-05-02 20:33 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 17:39 . 2010-05-02 17:39 -------- d-----w- c:\program files\Conduit
2010-05-02 17:39 . 2010-05-02 17:39 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Conduit
2010-05-02 17:39 . 2010-05-02 17:51 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Vuze_Remote
2010-05-02 17:39 . 2010-05-02 17:51 -------- d-----w- c:\program files\Vuze_Remote
2010-05-02 16:44 . 2010-05-02 16:44 -------- d-----w- c:\program files\iPod
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\Bonjour
2010-05-02 16:37 . 2010-05-02 16:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 20:37 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-01 20:37 . 2008-04-07 04:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-30 21:57 . 2010-04-30 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software
2010-04-30 21:46 . 2010-04-30 21:49 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Adobe
2010-04-30 21:44 . 2010-04-30 21:44 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\HP
2010-04-30 21:43 . 2010-04-30 21:43 72664 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 21:42 . 2010-04-30 21:42 -------- d-----w- c:\documents and settings\Jordan\Application Data\HP
2010-04-27 22:06 . 2010-04-28 21:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-27 21:31 . 2010-05-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-27 21:31 . 2010-04-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-27 21:31 . 2010-04-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-27 21:01 . 2010-04-27 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-04-27 21:01 . 2010-05-02 20:33 -------- d-----w- c:\documents and settings\Michael\Application Data\Azureus
2010-04-27 21:00 . 2010-05-02 18:31 -------- d-----w- c:\program files\Vuze
2010-04-27 19:35 . 2010-04-28 19:08 -------- d-----w- c:\program files\Spyware Doctor
2010-04-25 12:30 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-24 22:42 . 2010-04-24 22:42 503808 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\msvcp71.dll
2010-04-24 22:42 . 2010-04-24 22:42 499712 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\jmc.dll
2010-04-24 22:42 . 2010-04-24 22:42 348160 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\msvcr71.dll
2010-04-24 22:42 . 2010-04-24 22:42 61440 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37ec8dc6-n\decora-sse.dll
2010-04-24 22:42 . 2010-04-24 22:42 12800 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37ec8dc6-n\decora-d3d.dll
2010-04-23 21:41 . 2010-04-23 21:41 50354 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\uninstall.exe
2010-04-23 21:41 . 2010-04-23 21:41 2114184 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Michael\Application Data\Facebook
2010-04-22 21:24 . 2010-04-30 20:21 -------- d-----w- c:\documents and settings\Jordan\Tracing
2010-04-21 20:35 . 2010-04-21 20:35 503808 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\msvcp71.dll
2010-04-21 20:35 . 2010-04-21 20:35 499712 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\jmc.dll
2010-04-21 20:35 . 2010-04-21 20:35 348160 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\msvcr71.dll
2010-04-21 20:35 . 2010-04-21 20:35 61440 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54905363-n\decora-sse.dll
2010-04-21 20:35 . 2010-04-21 20:35 12800 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54905363-n\decora-d3d.dll
2010-04-21 20:31 . 2010-04-21 20:31 -------- d-sh--w- c:\documents and settings\Jordan\PrivacIE
2010-04-21 20:31 . 2010-04-30 20:27 -------- d-----w- c:\documents and settings\Jordan\Application Data\HPAppData
2010-04-21 20:31 . 2010-04-21 20:31 -------- d-----w- c:\documents and settings\Jordan\Application Data\Apple Computer
2010-04-10 12:20 . 2010-04-25 22:24 -------- d-----w- c:\documents and settings\CJ\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 18:52 . 2009-10-27 16:52 -------- d-----w- c:\program files\WinTV
2010-05-08 17:52 . 2010-02-16 22:37 -------- d-----w- c:\documents and settings\Michael\Application Data\HPAppData
2010-05-07 21:15 . 2009-12-04 23:27 74920 ----a-w- c:\documents and settings\CJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 23:02 . 2009-12-25 22:56 -------- d-----w- c:\documents and settings\Michael\Application Data\Skype
2010-05-06 23:02 . 2009-12-25 22:58 -------- d-----w- c:\documents and settings\Michael\Application Data\skypePM
2010-05-06 20:37 . 2010-03-28 21:33 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-05 20:16 . 2009-10-27 16:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-05 20:04 . 2010-04-04 21:40 -------- d-----w- c:\documents and settings\Michael\Application Data\vlc
2010-05-02 16:44 . 2009-12-22 11:45 -------- d-----w- c:\program files\iTunes
2010-05-02 16:44 . 2009-10-31 11:50 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 20:53 . 2009-11-28 19:10 -------- d-----w- c:\documents and settings\Michael\Application Data\BitTorrent
2010-05-01 20:40 . 2009-10-31 11:14 74920 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 21:57 . 2009-12-16 20:27 -------- d-----w- c:\documents and settings\Michael\Application Data\Sibelius Software
2010-04-30 21:57 . 2010-04-30 21:57 604 ---ha-w- c:\program files\STLL Notifier
2010-04-30 21:57 . 2009-12-16 20:26 -------- d-----w- c:\program files\Sibelius Software
2010-04-28 22:37 . 2009-10-31 11:36 1 ----a-w- c:\documents and settings\Michael\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-28 21:16 . 2009-12-22 14:09 -------- d-----w- c:\program files\Yahoo!
2010-04-28 21:15 . 2009-12-25 22:55 -------- d-----r- c:\program files\Skype
2010-04-28 20:02 . 2010-02-20 00:51 -------- d-----w- c:\program files\AIM
2010-04-27 19:52 . 2010-03-27 18:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-25 12:30 . 2009-10-31 11:34 -------- d-----w- c:\program files\Java
2010-04-14 16:47 . 2010-03-28 23:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2010-03-28 23:02 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2010-03-28 23:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2010-03-28 23:02 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2010-03-28 23:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2010-03-28 23:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2010-03-28 23:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2010-03-28 23:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2010-03-28 23:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 21:35 . 2010-03-28 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 12:45 . 2010-04-02 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 12:42 . 2010-04-02 12:41 -------- d-----w- c:\program files\QuickTime
2010-04-02 12:34 . 2009-12-22 11:39 -------- d-----w- c:\program files\Safari
2010-04-02 12:31 . 2010-04-02 12:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-01 22:30 . 2009-11-06 22:29 -------- d-----w- c:\documents and settings\CJ\Application Data\HPAppData
2010-04-01 21:51 . 2010-02-23 23:31 -------- d-----w- c:\documents and settings\Michael\Application Data\Spotify
2010-04-01 11:42 . 2010-04-01 11:42 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 11:42 . 2010-04-01 11:42 503808 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\msvcp71.dll
2010-04-01 11:42 . 2010-04-01 11:42 61440 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15ce0e3a-n\decora-sse.dll
2010-04-01 11:42 . 2010-04-01 11:42 499712 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\jmc.dll
2010-04-01 11:42 . 2010-04-01 11:42 348160 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\msvcr71.dll
2010-04-01 11:42 . 2010-04-01 11:42 12800 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15ce0e3a-n\decora-d3d.dll
2010-04-01 10:37 . 2010-03-28 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-01 10:36 . 2010-04-01 10:36 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-29 23:46 . 2010-03-28 23:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-03-28 23:13 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 15:06 . 2010-03-28 23:03 -------- d-----w- c:\program files\CCleaner
2010-03-28 23:01 . 2010-03-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-28 23:01 . 2010-01-14 23:50 -------- d-----w- c:\program files\Alwil Software
2010-03-28 21:42 . 2010-03-28 21:42 -------- d-----w- c:\program files\Root Repeal
2010-03-28 21:33 . 2010-03-28 21:33 52224 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 18:11 . 2010-03-26 18:11 388096 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-13 22:26 . 2009-12-22 11:48 58104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-03-09 23:35 . 2010-01-18 22:25 -------- d-----w- c:\program files\Google
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-16 21:06 . 2010-02-16 20:41 150951 ----a-w- c:\windows\hpoins30.dat
2008-08-16 17:42 . 2008-08-16 17:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 17:42 . 2008-08-16 17:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 17:42 . 2008-08-16 17:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 17:42 . 2008-08-16 17:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 17:43 . 2008-08-16 17:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 17:42 . 2008-08-16 17:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 17:42 . 2008-08-16 17:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 08:41 . 2008-05-21 08:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 08:41 . 2008-05-21 08:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 08:41 . 2008-05-21 08:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 13:58 . 2008-06-05 13:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 17:42 . 2008-08-16 17:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-04 17421824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-5-5 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/29/2010 12:02 AM 162768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/29/2010 12:02 AM 19024]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [10/27/2009 7:08 PM 437248]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [10/27/2009 5:50 PM 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [10/27/2009 5:50 PM 15616]
S0 cerc6;cerc6; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 11:25 PM 135664]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [10/27/2009 7:07 PM 823296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:25]

2010-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ft.com/home/uk
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\Michael\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-{61878FA3-6AD5-386A-048B-4DE251DBDCAE} - c:\windows\system32:msdllrv.exe
AddRemove-HijackThis - c:\documents and settings\Michael\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-08 20:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A4438C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f14b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9e0abb0
PacketIndicateHandler -> NDIS.sys @ 0xb9e17a21
SendHandler -> NDIS.sys @ 0xb9df587b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-05-08 20:05:10
ComboFix-quarantined-files.txt 2010-05-08 19:05

Pre-Run: 302,314,885,120 bytes free
Post-Run: 302,335,156,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(3)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(3)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 429EDBD1A4DA59965863C2D71F75B71A



hmm still have problems

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 10 May 2010 - 07:55 AM

We need to replace a file using the recovery console.

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
CMD /K COPY C:\windows\system32\drivers\atapi.sys C:\atapi.sys
  • The command prompt should pop up and say 1 file(s) copied, if it doesn't please let me know before continuing.



Reboot your computer

On the black screen with the startup menu select Microsoft Windows Recovery Console.

When the recovery console has started there is a menu where your asked to select which windows installation you want to login to, usually there is only one:

1. C:\WINDOWS

select the number and press Enter

If it ask you to type the administrator password, do so then press Enter.

It should then come up with C:\WINDOWS>

Now type in the following line, then press Enter.

COPY c:\atapi.sys C:\windows\system32\drivers\atapi.sys

It will then ask if you want to overwrite atapi.sys, press Y then Enter

If successful it should say "1 file(s) copied"

Then type EXIT and press Enter to reboot the machine.



1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
Driver::
cerc6


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#13 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 12 May 2010 - 01:43 PM

Reboot your computer

On the black screen with the startup menu select Microsoft Windows Recovery Console.

When the recovery console has started there is a menu where your asked to select which windows installation you want to login to, usually there is only one:


Hi i cant manage to do this
is this because i have a dell
emmm
its skips the phrase really quickly

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:36 PM

Posted 12 May 2010 - 08:08 PM

You need to be more specific, it skips what phrase? do you see the option to boot into the recovery console? it
should give you 2 seconds to see it.

unite.jpg


#15 Superpiggy95

Superpiggy95
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:12:36 PM

Posted 13 May 2010 - 02:33 PM


ComboFix 10-05-12.03 - Michael 13/05/2010 9:18.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3061.2579 [GMT 1:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_cerc6


((((((((((((((((((((((((( Files Created from 2010-04-13 to 2010-05-13 )))))))))))))))))))))))))))))))
.

2010-05-11 18:31 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-11 18:31 . 2008-04-14 00:10 96512 ----a-w- C:\atapi.sys
2010-05-08 23:24 . 2010-05-09 00:06 -------- d-----w- c:\program files\Tansee iPhone Transfer SMS
2010-05-06 20:26 . 2010-05-06 20:26 -------- d-----w- C:\_OTL
2010-05-05 21:00 . 2010-05-05 21:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-05 20:19 . 2010-05-05 20:19 -------- d-----w- c:\documents and settings\Michael\Application Data\Sony Corporation
2010-05-05 20:16 . 2010-05-05 20:16 -------- d-----w- C:\Drivers
2010-05-05 20:16 . 2006-10-30 12:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2010-05-05 20:16 . 2006-10-30 12:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2010-05-05 20:16 . 2006-10-30 12:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2010-05-05 20:16 . 2006-10-30 12:46 3654 ----a-w- c:\windows\system32\drivers\Sonyhcp.dll
2010-05-05 20:16 . 2006-10-30 12:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2010-05-05 20:16 . 2006-10-30 12:46 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2010-05-05 20:14 . 2010-05-05 20:14 -------- d-----w- c:\program files\Sony
2010-05-05 20:13 . 2010-05-05 20:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-05-02 18:31 . 2010-05-02 20:32 -------- d-----w- c:\program files\Norton Security Scan
2010-05-02 18:31 . 2010-05-02 20:33 -------- d-----w- c:\program files\NortonInstaller
2010-05-02 17:39 . 2010-05-02 17:39 -------- d-----w- c:\program files\Conduit
2010-05-02 17:39 . 2010-05-02 17:39 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Conduit
2010-05-02 17:39 . 2010-05-02 17:51 -------- d-----w- c:\documents and settings\Michael\Local Settings\Application Data\Vuze_Remote
2010-05-02 17:39 . 2010-05-02 17:51 -------- d-----w- c:\program files\Vuze_Remote
2010-05-02 16:44 . 2010-05-02 16:44 -------- d-----w- c:\program files\iPod
2010-05-02 16:39 . 2010-05-02 16:39 -------- d-----w- c:\program files\Bonjour
2010-05-01 20:37 . 2008-04-07 04:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-01 20:37 . 2008-04-07 04:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-04-30 21:57 . 2010-04-30 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Sibelius Software
2010-04-30 21:46 . 2010-04-30 21:49 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\Adobe
2010-04-30 21:44 . 2010-04-30 21:44 -------- d-----w- c:\documents and settings\Jordan\Local Settings\Application Data\HP
2010-04-30 21:43 . 2010-04-30 21:43 72664 ----a-w- c:\documents and settings\Jordan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 21:42 . 2010-04-30 21:42 -------- d-----w- c:\documents and settings\Jordan\Application Data\HP
2010-04-27 22:06 . 2010-04-28 21:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-27 21:31 . 2010-05-02 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-27 21:31 . 2010-04-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-04-27 21:31 . 2010-04-27 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-27 21:01 . 2010-04-27 21:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-04-27 21:01 . 2010-05-12 22:13 -------- d-----w- c:\documents and settings\Michael\Application Data\Azureus
2010-04-27 21:00 . 2010-05-12 22:13 -------- d-----w- c:\program files\Vuze
2010-04-27 19:35 . 2010-04-28 19:08 -------- d-----w- c:\program files\Spyware Doctor
2010-04-25 12:30 . 2010-04-12 16:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 21:41 . 2010-04-23 21:41 -------- d-----w- c:\documents and settings\Michael\Application Data\Facebook
2010-04-22 21:24 . 2010-04-30 20:21 -------- d-----w- c:\documents and settings\Jordan\Tracing
2010-04-21 20:31 . 2010-04-21 20:31 -------- d-sh--w- c:\documents and settings\Jordan\PrivacIE
2010-04-21 20:31 . 2010-04-30 20:27 -------- d-----w- c:\documents and settings\Jordan\Application Data\HPAppData
2010-04-21 20:31 . 2010-04-21 20:31 -------- d-----w- c:\documents and settings\Jordan\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-13 08:25 . 2009-10-27 16:52 -------- d-----w- c:\program files\WinTV
2010-05-13 08:14 . 2010-02-16 22:37 -------- d-----w- c:\documents and settings\Michael\Application Data\HPAppData
2010-05-12 22:13 . 2010-04-04 21:40 -------- d-----w- c:\documents and settings\Michael\Application Data\vlc
2010-05-09 21:43 . 2009-12-25 22:56 -------- d-----w- c:\documents and settings\Michael\Application Data\Skype
2010-05-09 15:04 . 2009-12-25 22:58 -------- d-----w- c:\documents and settings\Michael\Application Data\skypePM
2010-05-08 22:38 . 2009-12-22 11:48 58104 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-07 21:15 . 2009-12-04 23:27 74920 ----a-w- c:\documents and settings\CJ\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 20:59 . 2010-03-28 23:02 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2010-03-28 23:02 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2010-03-28 23:02 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:37 . 2010-03-28 21:33 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-06 20:34 . 2010-03-28 23:02 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2010-03-28 23:02 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2010-03-28 23:02 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2010-03-28 23:02 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2010-03-28 23:02 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-05 20:16 . 2009-10-27 16:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 16:44 . 2009-12-22 11:45 -------- d-----w- c:\program files\iTunes
2010-05-02 16:44 . 2009-10-31 11:50 -------- d-----w- c:\program files\Common Files\Apple
2010-05-02 16:37 . 2010-05-02 16:37 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-01 20:53 . 2009-11-28 19:10 -------- d-----w- c:\documents and settings\Michael\Application Data\BitTorrent
2010-05-01 20:40 . 2009-10-31 11:14 74920 ----a-w- c:\documents and settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-30 21:57 . 2009-12-16 20:27 -------- d-----w- c:\documents and settings\Michael\Application Data\Sibelius Software
2010-04-30 21:57 . 2010-04-30 21:57 604 ---ha-w- c:\program files\STLL Notifier
2010-04-30 21:57 . 2009-12-16 20:26 -------- d-----w- c:\program files\Sibelius Software
2010-04-28 22:37 . 2009-10-31 11:36 1 ----a-w- c:\documents and settings\Michael\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-28 21:16 . 2009-12-22 14:09 -------- d-----w- c:\program files\Yahoo!
2010-04-28 21:15 . 2009-12-25 22:55 -------- d-----r- c:\program files\Skype
2010-04-28 20:02 . 2010-02-20 00:51 -------- d-----w- c:\program files\AIM
2010-04-27 19:52 . 2010-03-27 18:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-25 22:24 . 2010-04-10 12:20 -------- d-----w- c:\documents and settings\CJ\Application Data\Apple Computer
2010-04-25 12:30 . 2009-10-31 11:34 -------- d-----w- c:\program files\Java
2010-04-24 22:42 . 2010-04-24 22:42 503808 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\msvcp71.dll
2010-04-24 22:42 . 2010-04-24 22:42 499712 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\jmc.dll
2010-04-24 22:42 . 2010-04-24 22:42 348160 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-6a5d2c01-n\msvcr71.dll
2010-04-24 22:42 . 2010-04-24 22:42 61440 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37ec8dc6-n\decora-sse.dll
2010-04-24 22:42 . 2010-04-24 22:42 12800 ----a-w- c:\documents and settings\CJ\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-37ec8dc6-n\decora-d3d.dll
2010-04-23 21:41 . 2010-04-23 21:41 50354 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\uninstall.exe
2010-04-23 21:41 . 2010-04-23 21:41 2114184 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\Install_Facebook_Plug-In_1.0.3.exe
2010-04-21 20:35 . 2010-04-21 20:35 503808 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\msvcp71.dll
2010-04-21 20:35 . 2010-04-21 20:35 499712 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\jmc.dll
2010-04-21 20:35 . 2010-04-21 20:35 348160 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-32deca56-n\msvcr71.dll
2010-04-21 20:35 . 2010-04-21 20:35 61440 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54905363-n\decora-sse.dll
2010-04-21 20:35 . 2010-04-21 20:35 12800 ----a-w- c:\documents and settings\Jordan\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-54905363-n\decora-d3d.dll
2010-04-14 16:47 . 2010-03-28 23:02 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-08 12:20 . 2010-04-08 12:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20 . 2010-04-08 12:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-04 21:35 . 2010-03-28 21:33 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 12:45 . 2010-04-02 12:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-02 12:42 . 2010-04-02 12:41 -------- d-----w- c:\program files\QuickTime
2010-04-02 12:34 . 2009-12-22 11:39 -------- d-----w- c:\program files\Safari
2010-04-02 12:31 . 2010-04-02 12:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-01 22:30 . 2009-11-06 22:29 -------- d-----w- c:\documents and settings\CJ\Application Data\HPAppData
2010-04-01 21:51 . 2010-02-23 23:31 -------- d-----w- c:\documents and settings\Michael\Application Data\Spotify
2010-04-01 11:42 . 2010-04-01 11:42 -------- d-----w- c:\program files\Common Files\Java
2010-04-01 11:42 . 2010-04-01 11:42 503808 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\msvcp71.dll
2010-04-01 11:42 . 2010-04-01 11:42 61440 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15ce0e3a-n\decora-sse.dll
2010-04-01 11:42 . 2010-04-01 11:42 499712 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\jmc.dll
2010-04-01 11:42 . 2010-04-01 11:42 348160 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-36930eda-n\msvcr71.dll
2010-04-01 11:42 . 2010-04-01 11:42 12800 ----a-w- c:\documents and settings\Michael\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-15ce0e3a-n\decora-d3d.dll
2010-04-01 10:37 . 2010-03-28 23:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-29 23:46 . 2010-03-28 23:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2010-03-28 23:13 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-29 15:06 . 2010-03-28 23:03 -------- d-----w- c:\program files\CCleaner
2010-03-28 23:01 . 2010-03-28 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-28 23:01 . 2010-01-14 23:50 -------- d-----w- c:\program files\Alwil Software
2010-03-28 21:42 . 2010-03-28 21:42 -------- d-----w- c:\program files\Root Repeal
2010-03-28 21:33 . 2010-03-28 21:33 52224 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2010-03-28 21:33 . 2010-03-28 21:33 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-26 18:11 . 2010-03-26 18:11 388096 ----a-r- c:\documents and settings\Michael\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-06 05:30 . 2010-03-06 05:30 847040 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\axfbootloader.dll
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Michael\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-02-16 21:06 . 2010-02-16 20:41 150951 ----a-w- c:\windows\hpoins30.dat
2008-08-16 17:42 . 2008-08-16 17:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-16 17:42 . 2008-08-16 17:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-16 17:42 . 2008-08-16 17:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-16 17:42 . 2008-08-16 17:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-16 17:43 . 2008-08-16 17:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-16 17:42 . 2008-08-16 17:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-16 17:42 . 2008-08-16 17:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 08:41 . 2008-05-21 08:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 08:41 . 2008-05-21 08:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 08:41 . 2008-05-21 08:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 13:58 . 2008-06-05 13:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-16 17:42 . 2008-08-16 17:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-05-08_19.03.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-13 08:25 . 2010-05-13 08:25 16384 c:\windows\Temp\Perflib_Perfdata_220.dat
+ 2008-04-13 23:00 . 2010-05-13 08:29 59896 c:\windows\system32\perfc009.dat
- 2008-04-13 23:00 . 2010-05-08 18:56 59896 c:\windows\system32\perfc009.dat
+ 2008-04-13 23:00 . 2010-05-13 08:29 395974 c:\windows\system32\perfh009.dat
- 2008-04-13 23:00 . 2010-05-08 18:56 395974 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-18 2012912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
"RTHDCPL"="RTHDCPL.EXE" [2008-11-04 17421824]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-17 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Michael\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-5-5 344064]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\RegTool.exe"=
"c:\\Program Files\\Sibelius Software\\Sibelius 6\\Sibelius.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/29/2010 12:02 AM 164048]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/29/2010 12:02 AM 19024]
R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [10/27/2009 7:08 PM 437248]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [10/27/2009 5:50 PM 560640]
R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\drivers\hcw95rc.sys [10/27/2009 5:50 PM 15616]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/18/2010 11:25 PM 135664]
S3 HauppaugeTVServer;HauppaugeTVServer;c:\progra~1\WinTV\HCWTVS~1.EXE [10/27/2009 7:07 PM 823296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:25]

2010-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ft.com/home/uk
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = <local>;*.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\jpaes89a.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - plugin: c:\documents and settings\Michael\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-13 09:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(3036)
c:\program files\RocketDock\RocketDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-13 09:35:46 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-13 08:35
ComboFix2.txt 2010-05-08 19:05

Pre-Run: 300,457,222,144 bytes free
Post-Run: 300,666,216,448 bytes free

- - End Of File - - DA01178227CBA341652F5A1C2371F8B7


Everything seems to be fine. thanks
will post again if breaking
smile.gif
thank you so much




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users