Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Many Trojans: PSW.Generic8.NPL...Agent2.GGRQ...Agent2.BGRQ


  • This topic is locked This topic is locked
8 replies to this topic

#1 Ari87

Ari87

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 28 August 2010 - 12:50 PM

Hi there,
Been having problems with one of my computers at home. Seems to be getting worse everyday.
Main problem was that internet explorer didnt work and wouldnt load any web pages. It gives up if you give it a chance and says that it cant connect. If it does manage to connect and show a web page, then it is extremely slow at loading web pages. It also sometimes redirects to other websites or just leaves a blank screen with a different web address in the address bar.

The computer also kept bringing up alerts from avg saying theres trojans and viruses found such as PSW.Generic8.NPL, Agent2.GGRQ, Agent2.BGRQ. I keep either healing or moving to vault but many come back.

The computer is conncted to a router (wired), i have another 2 laptops wireless and the internet works fine on them, so I think
that the slow internet on that computer is mainly due to the viruses and trojans found by avg.

In the last couple of days, i have been trying to run the programs that are requested on this site to make log files for. I have spent nealry two days getting the last ark.txt file because the computer is running extremley slow or not loading up at all. Sometimes gets to the black screen on xp just before the blue welcome screen, or gets stuck on the blue welcome screen. If it gets past them screens then it would take ages till you could get any use out of the computer.

Please help...
thanks



DDS (Ver_10-03-17.01) - NTFSx86
Run by OWNER at 22:00:51.26 on 23/08/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.948 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\KEMailKb\KEMailKb.EXE
C:\Program Files\Common Files\AOL\1231951189\ee\AOLSoftware.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AOL 9.0\aoltray.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AOL 9.0\waol.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\OWNER\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [{31CA545E-1D38-5DD1-F150-C29BF473220D}] "c:\documents and settings\owner\application data\ibbu\exycu.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [KEMailKb] c:\progra~1\kemailkb\KEMailKb.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe
mRun: [HostManager] c:\program files\common files\aol\1231951189\ee\AOLSoftware.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [vhqnlmys] c:\documents and settings\networkservice\local settings\application data\bhahiyvhj\tbaecaxshdw.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aol90t~1.lnk - c:\program files\aol 9.0\aoltray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: halifax-online.co.uk\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230590571171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1254846461703
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {0B1F1A9A-0A09-4F3F-96BD-5BE464B000C0} = 205.188.146.145
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-17 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-10-17 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-17 108552]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-10-17 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-10-17 297752]
S2 gupdate1c9904d55f2c5a8;Google Update Service (gupdate1c9904d55f2c5a8);c:\program files\google\update\GoogleUpdate.exe [2009-2-16 133104]

=============== Created Last 30 ================

2010-08-23 12:35:51 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-11 19:33:28 397 ----a-w- c:\documents and settings\owner\exe.js
2010-08-11 19:33:28 0 d-----w- c:\docume~1\owner\applic~1\Ifnaf
2010-08-11 19:33:28 0 d-----w- c:\docume~1\owner\applic~1\Amenyc

==================== Find3M ====================


============= FINISH: 22:02:09.68 ===============

Attached Files


Edited by Ari87, 28 August 2010 - 12:54 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:56 AM

Posted 03 September 2010 - 09:26 AM

Hello Ari87, My name is Syler and I will be helping you to solve your malware issues. Sorry for the delay
in replying, we are very busy at the moment.

Please note because we are very busy, if I don't hear from you within 5 days the topic will be closed, If you
have since resolved your issues I would appreciate if you would let me no so I can close this topic.


Before you do any of the next step you need to temporarily disable the TeaTimer protection in spybot, as it may
stop the tools we use from doing their job. Please keep it disabled whilst I am helping you then you can enable it again
when your clean.

To disable Teatimer, open Spybot and click on the Mode tab and select Advanced mode.
It will ask you if your sure you want to go into advanced mode, select yes.
Now go to tools and click on the resident tab.
Uncheck the box that says "Resident "TeaTimer" (Protection of over-all system settings) active".
Then close Spybot and reboot your computer.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please follow these instructions to disable any CD Emulation programs using DeFogger, you can enable them again when we are done.

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"




We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


Then please post back here with the following logs:
  • MBAM log
  • RKUnHooker report
  • OTL.txt
  • Extra.txt

Thanks

unite.jpg


#3 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 06 September 2010 - 01:23 PM

Thanks syler for looking into my problem.

My computer wont boot up as I have said in my original post so the logs and scans have been done in safe mode. I hope this doesnt mess with the logs or cause it to miss vital stuff that you need.

Malware bytes has been run plenty of times before and so has not found anything new. So I have added below 3 of the last logs where files have been found infected. I hope that the files it removed before where nothing to do with booting up windows as its still getting stuck on either the black screen or the welcome screen.

Rootkit unhooker could not be run. Says something about error loading driver, so I have skipped this. Maybe because its in safe mode. If thats the reason, then maybe you know of a way to get it to work.

I have managed to do the OTL/EXTRA logs.

So below are 3 Malware bytes logs, OTL and Extra.

Hope that helps
Thanks for your time
Ari


Malwarebytes' Anti-Malware 1.44
Database version: 3635
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

25/01/2010 16:29:40
mbam-log-2010-01-25 (16-29-40).txt

Scan type: Quick Scan
Objects scanned: 110282
Time elapsed: 5 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\OWNER\Desktop\setup.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Documents and Settings\OWNER\Desktop\Explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
______________________

Malwarebytes' Anti-Malware 1.44
Database version: 3635
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

25/07/2010 14:39:21
mbam-log-2010-07-25 (14-39-21).txt

Scan type: Full Scan (C:\|)
Objects scanned: 201741
Time elapsed: 1 hour(s), 11 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
____________________________--

Malwarebytes' Anti-Malware 1.44
Database version: 3635
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

31/07/2010 16:52:35
mbam-log-2010-07-31 (16-52-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 197422
Time elapsed: 1 hour(s), 13 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{3446af26-b8d7-199b-4cfc-6fd764ca5c9f} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{4776c4dc-e894-7c06-2148-5d73cef5f905} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)
______________________________-

OTL logfile created on: 06/09/2010 18:15:41 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\OWNER\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 168.40 Gb Free Space | 72.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME_PC
Current User Name: OWNER
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/06 18:14:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
PRC - [2004/08/04 05:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/09/06 18:14:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
MOD - [2004/08/04 05:57:02 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004/08/04 04:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/16 09:49:11 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/16 09:49:07 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2006/10/23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 11:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\cngfv.sys -- (gsqd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\OWNER\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/08/16 09:49:15 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/16 09:49:15 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/07 16:40:05 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/10/26 14:13:23 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/11/01 07:38:56 | 004,620,288 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/23 11:51:04 | 000,103,296 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/05/15 09:56:57 | 000,017,071 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...mp;sourceid=ie7
IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

FF - HKLM\software\mozilla\Firefox\extensions\\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA} [2010/08/24 17:45:02 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/22 16:16:16 | 000,414,692 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14321 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-823518204-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL File not found
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1231951189\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [KEMailKb] C:\Program Files\KEMailKb\KEMailKb.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Nnohiyovupomu] C:\WINDOWS\orecejaqapejuco.DLL (Sonic Solutions)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
O4 - HKLM..\Run: [vhqnlmys] C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhahiyvhj\tbaecaxshdw.exe File not found
O4 - HKU\.DEFAULT..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
O4 - HKU\.DEFAULT..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
O4 - HKU\.DEFAULT..\Run: [XBV6RD5SZF] C:\WINDOWS\Temp\Isj.exe (OpenSC Project)
O4 - HKU\S-1-5-18..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
O4 - HKU\S-1-5-18..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
O4 - HKU\S-1-5-18..\Run: [XBV6RD5SZF] C:\WINDOWS\Temp\Isj.exe (OpenSC Project)
O4 - HKU\S-1-5-21-823518204-838170752-725345543-1003..\Run: [{31CA545E-1D38-5DD1-F150-C29BF473220D}] C:\Documents and Settings\OWNER\Application Data\Ibbu\exycu.exe File not found
O4 - HKU\S-1-5-21-823518204-838170752-725345543-1003..\Run: [Aceqiracevenupe] C:\WINDOWS\pxtunt.DLL File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 2nvtu0 = C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\ui15cr.exe File not found
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-823518204-838170752-725345543-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-823518204-838170752-725345543-1003\..Trusted Domains: halifax-online.co.uk ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1230590571171 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1254846461703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/OWNER/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/16 18:22:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/06 18:14:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2010/08/30 22:10:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/08/28 19:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Street-Ads
[2010/08/28 19:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco
[2010/08/28 19:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\8D0A574B2653C1C939CEE8C7BE6E4650
[2010/08/24 17:45:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA}
[2010/08/23 22:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\gmer
[2010/08/23 13:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/14 13:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhahiyvhj
[2010/08/11 20:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\Identities
[2010/08/11 20:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Ifnaf
[2010/08/11 20:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Amenyc
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/06 18:14:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2010/09/06 18:14:05 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\RKUnhookerLE.EXE
[2010/09/06 18:13:14 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\OWNER\ntuser.dat
[2010/09/06 18:00:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 18:00:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/03 20:14:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/30 22:59:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\OWNER\ntuser.ini
[2010/08/30 22:22:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 22:18:46 | 064,103,018 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/30 22:17:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jjusowohone.bin
[2010/08/30 22:14:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 22:14:56 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 21:31:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 18:50:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tdinuyokuyepe.dat
[2010/08/28 18:43:13 | 004,253,630 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\penguin-plays-table-tennis.wmv
[2010/08/28 18:37:45 | 000,000,939 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/26 23:03:02 | 002,874,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Mixalis_Xatzigiannis_-_To_Kalokairi_Mou.mp3
[2010/08/26 22:29:59 | 007,121,203 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Labrinth_-_Let_The_Sun_Shine_(CDQ).mp3
[2010/08/26 09:49:18 | 000,001,362 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2010/08/26 09:49:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/08/23 21:59:55 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\dds.scr
[2010/08/23 13:35:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 19:17:50 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 16:16:16 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/22 15:41:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/14 14:39:54 | 004,317,850 | -H-- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\IconCache.db
[2010/08/12 23:46:24 | 000,289,914 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Gatwick Airport official parking BAA Advance.mht
[2010/08/11 20:33:28 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\OWNER\exe.js
[2010/08/09 20:57:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/06 18:14:04 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\RKUnhookerLE.EXE
[2010/08/28 21:51:15 | 011,272,192 | ---- | C] () -- C:\Documents and Settings\OWNER\ntuser.dat
[2010/08/28 19:57:08 | 000,000,252 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 18:41:49 | 004,253,630 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\penguin-plays-table-tennis.wmv
[2010/08/26 23:03:01 | 002,874,337 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Mixalis_Xatzigiannis_-_To_Kalokairi_Mou.mp3
[2010/08/26 22:29:59 | 007,121,203 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Labrinth_-_Let_The_Sun_Shine_(CDQ).mp3
[2010/08/24 17:45:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tdinuyokuyepe.dat
[2010/08/24 17:45:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jjusowohone.bin
[2010/08/23 21:59:49 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\dds.scr
[2010/08/23 13:35:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/12 23:49:59 | 000,289,914 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Gatwick Airport official parking BAA Advance.mht
[2010/08/11 20:33:28 | 000,000,397 | ---- | C] () -- C:\Documents and Settings\OWNER\exe.js
[2010/07/21 23:29:46 | 000,000,263 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/01/11 18:56:56 | 000,093,704 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/09/22 18:16:13 | 000,000,087 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/21 18:49:31 | 000,000,191 | ---- | C] () -- C:\WINDOWS\sc.INI
[2009/03/03 08:47:04 | 000,081,262 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2008/12/13 17:43:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/21 22:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/21 22:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/21 22:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/21 22:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/27 00:20:13 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/27 00:19:57 | 000,035,328 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/26 14:54:40 | 000,001,362 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2008/10/26 14:54:40 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2008/10/26 14:54:40 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/10/26 14:13:22 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/26 14:13:03 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/26 14:13:03 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/19 23:06:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SelSet.INI
[2008/10/17 08:12:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/17 08:10:21 | 000,004,473 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/10/17 08:10:20 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/06/11 12:47:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\fpprintmon.dll
[2004/07/17 16:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/08/26 08:24:28 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/08/26 08:24:28 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/16 19:11:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/16 19:11:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/16 19:11:09 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

< >

< 3 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
[2010/09/06 18:17:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Desktop
[2010/09/06 18:14:41 | 000,458,752 | -H-- | M] () -- C:\Documents and Settings\OWNER\ntuser.dat.LOG
[2010/09/06 18:14:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2010/09/06 18:14:05 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\RKUnhookerLE.EXE
[2010/09/06 18:13:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\OWNER\Cookies
[2010/09/06 18:13:14 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\OWNER\ntuser.dat
[2010/09/06 18:13:14 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\OWNER\Recent
[2010/09/06 18:00:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 18:00:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/03 20:14:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/30 22:59:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\OWNER\ntuser.ini
[2010/08/30 22:26:54 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2010/08/30 22:22:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 22:18:46 | 064,103,018 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/30 22:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Tracing
[2010/08/30 22:17:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jjusowohone.bin
[2010/08/30 22:14:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 22:14:56 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 21:31:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 19:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Street-Ads
[2010/08/28 19:56:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco
[2010/08/28 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\8D0A574B2653C1C939CEE8C7BE6E4650
[2010/08/28 18:50:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tdinuyokuyepe.dat
[2010/08/28 18:43:13 | 004,253,630 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\penguin-plays-table-tennis.wmv
[2010/08/28 18:37:45 | 000,000,939 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/27 17:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2010/08/26 23:38:49 | 000,000,000 | ---D | M] -- C:\Program Files\KEMailKb
[2010/08/26 23:06:40 | 000,000,000 | R--D | M] -- C:\Documents and Settings\OWNER\Favorites
[2010/08/26 23:03:02 | 002,874,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Mixalis_Xatzigiannis_-_To_Kalokairi_Mou.mp3
[2010/08/26 22:29:59 | 007,121,203 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Labrinth_-_Let_The_Sun_Shine_(CDQ).mp3
[2010/08/26 09:49:18 | 000,001,362 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2010/08/26 09:49:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/08/26 09:48:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Canon
[2010/08/26 09:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Ibbu
[2010/08/24 17:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA}
[2010/08/23 21:59:55 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\dds.scr
[2010/08/23 16:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Qomab
[2010/08/23 16:22:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\OWNER\Application Data
[2010/08/23 13:35:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/23 13:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2010/08/22 19:17:50 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 16:16:16 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/22 15:41:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/22 15:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2010/08/22 12:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhahiyvhj
[2010/08/14 14:39:54 | 004,317,850 | -H-- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\IconCache.db
[2010/08/14 14:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Amenyc
[2010/08/14 14:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acxe
[2010/08/13 18:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Misip
[2010/08/12 23:46:24 | 000,289,914 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Gatwick Airport official parking BAA Advance.mht
[2010/08/11 20:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Ifnaf
[2010/08/11 20:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Local Settings\Application Data\Identities
[2010/08/11 20:33:28 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\OWNER\exe.js
[2010/08/10 22:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Obraa
[2010/08/09 20:57:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/09 20:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg8
[2010/08/08 14:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Lapu
[2010/07/22 22:49:32 | 000,035,328 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 20:04:04 | 000,042,752 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/11 18:56:56 | 000,093,704 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2008/10/16 19:14:25 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\OWNER\Application Data\desktop.ini
[2008/10/16 19:14:25 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/06 18:14:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2010/09/06 18:14:05 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\RKUnhookerLE.EXE
[2010/09/06 18:13:14 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\OWNER\ntuser.dat
[2010/09/06 18:00:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/06 18:00:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/03 20:14:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/30 22:59:38 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\OWNER\ntuser.ini
[2010/08/30 22:22:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/30 22:18:46 | 064,103,018 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/08/30 22:17:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jjusowohone.bin
[2010/08/30 22:14:56 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/30 22:14:56 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/28 21:31:25 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/28 18:50:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tdinuyokuyepe.dat
[2010/08/28 18:43:13 | 004,253,630 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\penguin-plays-table-tennis.wmv
[2010/08/28 18:37:45 | 000,000,939 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/26 23:03:02 | 002,874,337 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Mixalis_Xatzigiannis_-_To_Kalokairi_Mou.mp3
[2010/08/26 22:29:59 | 007,121,203 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Labrinth_-_Let_The_Sun_Shine_(CDQ).mp3
[2010/08/26 09:49:18 | 000,001,362 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2010/08/26 09:49:18 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2010/08/23 21:59:55 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\dds.scr
[2010/08/23 13:35:51 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/22 19:17:50 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 16:16:16 | 000,414,692 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/22 15:41:46 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/08/14 14:39:54 | 004,317,850 | -H-- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\IconCache.db
[2010/08/12 23:46:24 | 000,289,914 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Gatwick Airport official parking BAA Advance.mht
[2010/08/11 20:33:28 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\OWNER\exe.js
[2010/08/09 20:57:10 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/08/26 08:24:28 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008/08/26 08:24:28 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/10/16 19:11:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/10/16 19:11:09 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/10/16 19:11:09 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

< >

< 3 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
_________________________________--

OTL Extras logfile created on: 06/09/2010 18:15:41 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\OWNER\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 168.40 Gb Free Space | 72.31% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME_PC
Current User Name: OWNER
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe" = C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe:*:Enabled:burst! download engine -- ()
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Common Files\AOL\1231951189\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1231951189\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1185566F-12ED-3EF0-89CC-38866DCE1EEE}" = Microsoft .NET Framework 3.0 Client Service Pack 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49E4D4B9-566D-40FB-B3D7-8779B007C33B}" = Watchtower Library 2009 - Ελληνική Έκδοση
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6781EC-3CB9-4926-8FE9-3EEB1E060FEF}" = Watchtower Library 2008 - Ελληνική Έκδοση
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}" = Microsoft .NET Framework 2.0 Client Service Pack 2
"{D617A4DC-C915-3F25-BE43-57E5FD99B441}" = Microsoft .NET Framework 3.5 Client Service Pack 1
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cult3D ActiveX Player" = Cult3D ActiveX Player
"Google Updater" = Google Updater
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KEMailKb" = KEMailKb
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"SoundCapture" = SoundCapture
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:02:11 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:02:43 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:14 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:45 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:02:11 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:02:43 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:14 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:45 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 30/08/2010 18:01:12 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 31/08/2010 18:54:44 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 31/08/2010 18:54:44 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 03/09/2010 15:07:03 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 03/09/2010 15:07:03 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/09/2010 13:00:38 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06/09/2010 13:00:38 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/09/2010 13:00:52 | Computer Name = HOME_PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/09/2010 13:01:40 | Computer Name = HOME_PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm

Error - 06/09/2010 13:05:35 | Computer Name = HOME_PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe" = C:\Program Files\burst\core-new1.1.3\btdownloadheadless.exe:*:Enabled:burst! download engine -- ()
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialler -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Services -- (AOL LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\SopCast\adv\SopAdver.exe" = C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Program Files\SopCast\SopCast.exe" = C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Program Files\Common Files\AOL\1231951189\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1231951189\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1185566F-12ED-3EF0-89CC-38866DCE1EEE}" = Microsoft .NET Framework 3.0 Client Service Pack 2
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{49E4D4B9-566D-40FB-B3D7-8779B007C33B}" = Watchtower Library 2009 - Ελληνική Έκδοση
"{4ABB4D92-0682-4887-A0BC-CE5F920DDD23}" = Watchtower Library 2009 - English
"{4B9535BF-CC90-4158-AF32-CAF57A8820CA}" = Macromedia Contribute 3.11
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6781EC-3CB9-4926-8FE9-3EEB1E060FEF}" = Watchtower Library 2008 - Ελληνική Έκδοση
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CAAFB8F9-F8D1-3D27-9AAA-6301A4429440}" = Microsoft .NET Framework 2.0 Client Service Pack 2
"{D617A4DC-C915-3F25-BE43-57E5FD99B441}" = Microsoft .NET Framework 3.5 Client Service Pack 1
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"AOLCoach uk" = AOL Coach Version 1.0(Build:20040229.1 uk)
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"Canon ScanGear Toolbox 3.0" = Canon ScanGear Toolbox 3.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cult3D ActiveX Player" = Cult3D ActiveX Player
"Google Updater" = Google Updater
"hp deskjet 940c series" = hp deskjet 940c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KEMailKb" = KEMailKb
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LimeWire" = LimeWire PRO 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"SopCast" = SopCast 2.0.4
"SoundCapture" = SoundCapture
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD 1.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-838170752-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:02:11 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:02:43 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:14 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:45 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ Application Events ]
Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 03/09/2010 15:06:50 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:00:30 | Computer Name = HOME_PC | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 06/09/2010 13:02:11 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:02:43 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:14 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/09/2010 13:03:45 | Computer Name = HOME_PC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 30/08/2010 18:01:12 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 31/08/2010 18:54:44 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 31/08/2010 18:54:44 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 03/09/2010 15:07:03 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 03/09/2010 15:07:03 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/09/2010 13:00:38 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 06/09/2010 13:00:38 | Computer Name = HOME_PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 06/09/2010 13:00:52 | Computer Name = HOME_PC | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 06/09/2010 13:01:40 | Computer Name = HOME_PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm

Error - 06/09/2010 13:05:35 | Computer Name = HOME_PC | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:56 AM

Posted 06 September 2010 - 02:13 PM

Hi Ari,

Your rite that Rootkit unhooker doesn't run in safe mode, if you get back in normal mode after running the OTL fix please
try running Rootkit unhooker again.


One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Peer-to-Peer Programs
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\S-1-5-21-823518204-838170752-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
    FF - HKLM\software\mozilla\Firefox\extensions\\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA}: C:\Documents and Settings\OWNER\Local Settings\Application Data\{D107E0EF-06F7-47B3-BB46-94EDF1F293EA} [2010/08/24 17:45:02 | 000,000,000 | ---D | M]
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-823518204-838170752-725345543-1003\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [bipro] C:\WINDOWS\$NtUninstallMTF1011$\mmduch.DLL File not found
    O4 - HKLM..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
    O4 - HKLM..\Run: [Nnohiyovupomu] C:\WINDOWS\orecejaqapejuco.DLL (Sonic Solutions)
    O4 - HKLM..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
    O4 - HKLM..\Run: [vhqnlmys] C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhahiyvhj\tbaecaxshdw.exe File not found
    O4 - HKU\.DEFAULT..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
    O4 - HKU\.DEFAULT..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
    O4 - HKU\.DEFAULT..\Run: [XBV6RD5SZF] C:\WINDOWS\Temp\Isj.exe (OpenSC Project)
    O4 - HKU\S-1-5-18..\Run: [ndigjavk] C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\qlkqvjtjl\uuehlreshdw.exe ()
    O4 - HKU\S-1-5-18..\Run: [tjodtwrh] C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco\udigseoshdw.exe ()
    O4 - HKU\S-1-5-18..\Run: [XBV6RD5SZF] C:\WINDOWS\Temp\Isj.exe (OpenSC Project)
    O4 - HKU\S-1-5-21-823518204-838170752-725345543-1003..\Run: [{31CA545E-1D38-5DD1-F150-C29BF473220D}] C:\Documents and Settings\OWNER\Application Data\Ibbu\exycu.exe File not found
    O4 - HKU\S-1-5-21-823518204-838170752-725345543-1003..\Run: [Aceqiracevenupe] C:\WINDOWS\pxtunt.DLL File not found
    O4 - Startup: C:\Documents and Settings\OWNER\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: 2nvtu0 = C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\ui15cr.exe File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.162.233,93.188.161.233
    [2010/08/28 19:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Street-Ads
    [2010/08/28 19:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\hmqqvcuco
    [2010/08/14 13:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\bhahiyvhj
    [2010/08/11 20:33:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Application Data\Ifnaf
    [2010/08/30 22:17:53 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Jjusowohone.bin
    [2010/08/30 22:14:56 | 000,000,252 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
    [2010/08/28 18:50:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tdinuyokuyepe.dat
    [2010/08/11 20:33:28 | 000,000,397 | ---- | M] () -- C:\Documents and Settings\OWNER\exe.js
    [2010/08/28 19:56:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\8D0A574B2653C1C939CEE8C7BE6E4650
    [2010/08/26 09:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Ibbu
    [2010/08/23 16:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Qomab
    [2010/08/14 14:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Amenyc
    [2010/08/14 14:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Acxe
    [2010/08/13 18:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Misip
    [2010/08/10 22:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Obraa
    [2010/08/08 14:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Lapu
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#5 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 06 September 2010 - 04:04 PM

Thanks very much for replying so quick.

From reading your post and the links about this type of trojan, i think i'll be formating the pc and reinstalling windows.
I have used credit cards and logging onto bank websites, but i'm pretty sure we stopped using such websites once we found there to be a problem. I will keep an eye out for any dodgey transactions.

One thing I would like some help with is:

I would like to back up my files on that pc but can only access them through safe mode. When i plug in my removable hard drive, it dosnt reconize it. Is there a way to get this to work?

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:56 AM

Posted 06 September 2010 - 04:41 PM

I think formatting is wise since you do online banking. As for backing up, do you get any message when you plug the hard drive in, or does it just do nothing?

unite.jpg


#7 Ari87

Ari87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:56 AM

Posted 06 September 2010 - 05:21 PM

well the light on the back of the case comes on and i hear a ticking noise from but nothing pops up or cant see it in my computer. i may try plugging it directly in the back of the pc. up to now i'v been plugging it in a card reader/usb slot in the front of the pc.

i'll let you know when i try that

thanks again

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:56 AM

Posted 07 September 2010 - 10:49 AM

Im honestly not sure why it's not working, the drive could be faulting, could you try plugging it into another machine and see if it works. If it is working then maybe the malware is causing problems with it, you might want to try running the OTL script I gave you to see if you can get back into normal mode, then see if the drive works.

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:12:56 AM

Posted 12 September 2010 - 01:18 PM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users