Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malwarebytes won't finish scan. Others scans indicate infection.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Haviland Tuf

Haviland Tuf

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 09 September 2010 - 06:15 AM

Initially my wife was complaining that her computer;
Dell Inspiron ME051, Intel Celeron 1.6ghz, Win xp, sp3. Windows firewall, defender and avast free (all up to date).
was running very slow.

I tried to do a disk cleanup but I noticed that the processor jumped to 100% as soon as I did. I left it alone and it finished. The cleanup and defragment did help the machine but the 100% issue occured when I tried any kind of scan. Browsing the forums here I followed this thread;
http://www.bleepingcomputer.com/forums/ind...p;#entry1620993

I ran all of the checks as described;

Malwarebytes, TFC by Old Timer, SUPERAntiSpyware Free (in safe mode), Dr.Web CureIt (safe mode) quick and full.

Dr. web found 8 items;

gtdownde_110.ocx;C:\WINDOWS\system32;Probably DLOADER.Trojan;Incurable.Moved.;
SonEditXControl.ocx;C:\WINDOWS\system32;Trojan.AdSubscribe.20;Deleted.;
GTDownDE_87.ocx;C:\i386;Adware.Gdown;Incurable.Moved.;
Desktop_.ini;C:\Program Files\AMV 2.0;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\classic;Win32.HLLW.Gavir.ini;Deleted.;
Desktop_.ini;C:\Program Files\AMV 2.0\skin\ocean;Win32.HLLW.Gavir.ini;Deleted.;
A0128768.ocx;C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP771;Trojan.AdSubscribe.20;Deleted.;

When I had completed this I open a new topic;
http://www.bleepingcomputer.com/forums/topic344066.html
Where I posted the results.

Cryptodan asked I run Malwarebytes again which I updated and tried but every time I ran it it would run for about 3-4 minutes before it stopped. (MB has encountered a problem and needs to shut down - message). I tried it in Normal mode both quick scan and full and again both scans in safe mode. I uninstalled it, redownloaded it, renamed the file and tried to run it again but the same thing happened.

Then I ran Superantispyware in safe mode, full scan (having updated first). Here is the log;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 09/07/2010 at 02:41 AM

Application Version : 4.15.1000

Core Rules Database Version : 5424
Trace Rules Database Version: 3238

Scan type : Complete Scan
Total Scan Time : 04:37:52

Memory items scanned : 170
Memory threats detected : 0
Registry items scanned : 6616
Registry threats detected : 0
File items scanned : 93687
File threats detected : 1

Adware.Tracking Cookie
C:\Documents and Settings\colum\Cookies\colum@doubleclick[1].txt



I also ran this TDSS rootkit removing tool to see if it could find something that was blocking malwarebytes.

2010/09/07 16:58:41.0546 Scan finished
2010/09/07 16:58:41.0546 ================================================================================
2010/09/07 16:58:41.0578 Detected object count: 2
2010/09/07 16:59:23.0515 sptd (415c3adad45a94dab392cbfabbef00bb) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/07 16:59:23.0515 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 415c3adad45a94dab392cbfabbef00bb
2010/09/07 16:59:23.0546 C:\WINDOWS\system32\Drivers\sptd.sys - quarantined
2010/09/07 16:59:23.0546 Locked file(sptd) - User select action: Quarantine
2010/09/07 16:59:23.0625 vaxscsi (92cebc2bc7be2c8d49391b365569f306) C:\WINDOWS\System32\Drivers\vaxscsi.sys
2010/09/07 16:59:23.0625 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\vaxscsi.sys. md5: 92cebc2bc7be2c8d49391b365569f306
2010/09/07 16:59:23.0750 C:\WINDOWS\System32\Drivers\vaxscsi.sys - quarantined
2010/09/07 16:59:23.0750 Locked file(vaxscsi) - User select action: Quarantine

On the basis of these results Cryptodan gave me instructions on how to open this in a new topic (this here).

So here are the rusults for the DDS scan;


DDS (Ver_10-03-17.01) - NTFSx86
Run by colum at 8:49:30.31 on 09/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1015.495 [GMT 1:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\YPOPs\YPOPs.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\colum\Desktop\dds.scr
C:\WINDOWS\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
TB: {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [fsm]
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Dell QuickSet] c:\program files\dell\quickset\Quickset.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\colum\startm~1\programs\startup\ypops.lnk - c:\program files\ypops\YPOPs.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: クリエ用に変換 - c:\program files\sony\image converter\menu.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9} - hxxp://listen.jp/activex/1006/lmsagent.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://amuzak.miemasu.net/kxhcm10.ocx
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1148142888828
DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} - hxxp://www.facebook.com/controls/contactx.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1258404415506
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://202.222.144.181/activex/AxisCamControl.ocx
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file:///D:/SuperCD/IntraLaunch.CAB
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} - hxxp://static.photobox.co.uk/sg/common/uploader_uni.cab
DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} - hxxp://haishin.ebookjapan.jp/contents/appli/reader_beta/eBookCtl.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\colum\applic~1\mozilla\firefox\profiles\a5ly62nj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/ig|http://mail.google.com/mail/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=ja&q=
FF - component: c:\documents and settings\colum\application data\mozilla\firefox\profiles\a5ly62nj.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colum\application data\mozilla\firefox\profiles\a5ly62nj.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\colum\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-25 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-5-28 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-25 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-25 40384]
R3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [2007-12-29 223128]
S2 gupdate;Google アップデート サービス (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 Ca100v;Smart Cam, WDM Video Capture;c:\windows\system32\drivers\ca100v.sys --> c:\windows\system32\drivers\Ca100v.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-9-7 38224]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 7408]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2008-7-1 1309696]

============== File Associations ===============

regfile=regedit.exe "%1" %*
scrfile="%1" %*

=============== Created Last 30 ================

2010-09-08 11:49:44 0 d-----w- c:\program files\iPod
2010-09-08 11:49:37 0 d-----w- c:\program files\iTunes
2010-09-07 15:59:23 0 d-----w- C:\TDSSKiller_Quarantine
2010-09-07 15:02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:02:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 15:02:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 08:41:12 45 ----a-w- c:\windows\system32\_WKERNEL.FRE
2010-08-31 08:22:53 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-08-31 08:22:53 544768 ----a-w- c:\windows\system32\wbocx.ocx
2010-08-31 08:22:53 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-08-31 08:22:53 33968 ----a-w- c:\windows\system32\anim.dll
2010-08-31 08:22:53 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-08-31 08:22:52 439 ----a-w- c:\windows\system32\shfolder.inf
2010-08-31 08:22:51 0 d-----w- c:\program files\WinUtilities
2010-08-30 22:04:48 0 d-----w- c:\program files\CCleaner
2010-08-30 07:56:13 0 d-----w- c:\documents and settings\colum\DoctorWeb

==================== Find3M ====================

2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-10 10:19:28 67596 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
2010-06-24 16:51:58 11077120 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\dllcache\wininet.dll
2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-06-24 12:22:02 1210368 ----a-w- c:\windows\system32\dllcache\urlmon.dll
2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
2010-06-24 12:22:01 5951488 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-24 12:21:59 25600 ----a-w- c:\windows\system32\dllcache\jsproxy.dll
2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-24 12:21:58 1986560 ----a-w- c:\windows\system32\dllcache\iertutil.dll
2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-24 12:21:55 387584 ----a-w- c:\windows\system32\dllcache\iedkcs32.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
2010-06-23 12:08:09 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31:20 744448 ----a-w- c:\windows\system32\dllcache\helpsvc.exe
2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
1999-06-05 03:13:28 245760 -c--a-w- c:\program files\NPSWF32.dll
2007-04-06 16:38:03 56 --sh--r- c:\windows\system32\46A0400E57.sys
2006-05-21 11:13:49 88 --sh--r- c:\windows\system32\570E40A046.sys
2007-04-06 16:38:06 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-17 00:10:43 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081720080818\index.dat

============= FINISH: 8:50:42.15 ===============


I have also attached the DDS attach.txt file and the file ark.txt

I hope I have completed all the requests are specified. Thank you.
Haviland

Attached Files


Edited by Haviland Tuf, 09 September 2010 - 06:20 AM.

Don't Look Back

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 09 September 2010 - 07:15 AM

Hello Haviland,

Please follow these instructions to disable any CD Emulation programs using DeFogger, you can enable them again when we are done.


Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check all of the boxes. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

unite.jpg


#3 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 09 September 2010 - 02:07 PM

Hi Sylar,

Thanks for the quick response.

OK I used Defogger to disable CD emulation programs as instructed and then ran RKunhooker. Here is the report file;


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>SSDT State
==============================================
ntkrnlpa.exe-->NtClose, Type: Address change 0x805B1CBA-->AA178CF0 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtCreateKey, Type: Address change 0x8061A344-->AA178BAC [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtDeleteKey, Type: Address change 0x8061A7E0-->AA179160 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtDeleteValueKey, Type: Address change 0x8061A9B0-->AA17908A [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtDuplicateObject, Type: Address change 0x805B38CE-->AA178782 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtOpenKey, Type: Address change 0x8061B722-->AA178C86 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtOpenProcess, Type: Address change 0x805C1316-->AA1786C2 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtOpenThread, Type: Address change 0x805C15A2-->AA178726 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtQueryValueKey, Type: Address change 0x80618568-->AA178DA6 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtRenameKey, Type: Address change 0x80619D66-->AA17922E [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtRestoreKey, Type: Address change 0x8061BD24-->AA178D66 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
ntkrnlpa.exe-->NtSetValueKey, Type: Address change 0x806188B6-->AA178EE6 [C:\WINDOWS\System32\Drivers\aswSP.SYS]
==============================================
>Shadow
==============================================
==============================================
>Processes
==============================================
0x871C09C8 [4] System
0x86A3E728 [204] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87017358 [216] C:\WINDOWS\explorer.exe (Microsoft Corporation, Windows Explorer)
0x86ACB7C0 [312] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation, CTF Loader)
0x86E8B020 [504] C:\WINDOWS\system32\WLTRYSVC.EXE
0x86A39888 [516] C:\WINDOWS\system32\BCMWLTRY.EXE (Dell Inc., Dell Wireless WLAN Card Wireless Network Controller)
0x87077670 [568] C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software, avast! Service)
0x86A0B358 [644] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software, avast! Antivirus)
0x866D3B60 [700] C:\WINDOWS\system32\spoolsv.exe (Microsoft Corporation, Spooler SubSystem App)
0x86E8A980 [720] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation, Windows Defender User Interface)
0x86A38CA8 [732] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc., Synaptics TouchPad Enhancements)
0x86A81538 [820] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG, InCD)
0x86EB8538 [948] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation, persistence Module)
0x86EC3500 [964] C:\WINDOWS\stsystra.exe (SigmaTel, Inc., Sigmatel Audio system tray application)
0x87036560 [1016] C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation, igfxsrvc Module)
0x86987DA0 [1116] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc, QuickSet)
0x86ECD358 [1124] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc., Java™ Update Scheduler)
0x86EF2B28 [1148] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc., iTunesHelper)
0x87120588 [1156] C:\WINDOWS\system32\smss.exe (Microsoft Corporation, Windows NT Session Manager)
0x86EB4418 [1208] C:\WINDOWS\system32\csrss.exe (Microsoft Corporation, Client Server Runtime Process)
0x869D8A70 [1232] C:\WINDOWS\system32\winlogon.exe (Microsoft Corporation, Windows NT Logon Application)
0x86A8EDA0 [1276] C:\WINDOWS\system32\services.exe (Microsoft Corporation, Services and Controller app)
0x86F11DA0 [1288] C:\WINDOWS\system32\lsass.exe (Microsoft Corporation, LSA Shell (Export Version))
0x86EEBBD8 [1396] C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software, Digital Line Detection)
0x87120168 [1436] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86EE4948 [1460] C:\Program Files\YPOPs\ypops.exe (http://YPOPsEmail.com/, Free POP3/SMTP access to Yahoo! Mail)
0x86A09978 [1528] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x869E9978 [1564] C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation, Service Executable)
0x87002D78 [1608] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x87036020 [1628] C:\Program Files\Ahead\InCD\InCDsrv.exe (Nero AG, incdsrv)
0x86EC1580 [1768] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86EEF020 [1952] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86EA6020 [2164] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x866C8B28 [2196] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc., Apple Mobile Device Service)
0x866C6DA0 [2208] C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc., Bonjour Service)
0x866BEB28 [2228] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x86683910 [2328] C:\Program Files\Hotspot Shield\bin\openvpnas.exe
0x86581B48 [2388] C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc., -)
0x866C4B28 [2404] C:\Program Files\Hotspot Shield\bin\hsswd.exe
0x869595B0 [2424] C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc., Java™ Quick Starter Service)
0x86575BC0 [2448] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation, Machine Debug Manager)
0x865FFDA0 [2504] C:\Program Files\Dell\NicConfigSvc\NicConfigSvc.exe (Dell Inc., Internal Network Card Power Management Service)
0x865855B8 [2656] C:\WINDOWS\system32\svchost.exe (Microsoft Corporation, Generic Host Process for Win32 Services)
0x868E15C8 [2936] C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation, Windows Update)
0x86669DA0 [3212] C:\Program Files\iPod\bin\iPodService.exe (Apple Inc., iPodService Module (32-bit))
0x869715B0 [3236] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
0x8658D8E8 [3484] C:\Documents and Settings\colum\Desktop\RKUnhookerLE.EXE (UG North, RKULE, SR2 Normandy)
0x86979A08 [3568] C:\WINDOWS\system32\alg.exe (Microsoft Corporation, Application Layer Gateway Service)
0x8698BB18 [3820] C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation, WMI)
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2066816 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2066816 bytes
0x804D7000 RAW 2066816 bytes
0x804D7000 WMIxWDM 2066816 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5E11000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1306624 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xAA440000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 1036288 bytes (Conexant Systems, Inc., HSF_DP driver)
0xAA593000 C:\WINDOWS\system32\drivers\sthda.sys 1003520 bytes (SigmaTel, Inc., NDRC)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 929792 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xAA390000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 720896 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF5D1D000 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys 606208 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0xF7367000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA197000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF5C45000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xAA2EB000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA90B9000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8C78000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xAA53D000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF7498000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA92C8000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF733A000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA207000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF5DD5000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA2C3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xAA170000 C:\WINDOWS\System32\Drivers\aswSP.SYS 159744 bytes (AVAST Software, avast! self protection module)
0xAA232000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xAA56F000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5DB1000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF5CFA000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xAA2A1000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xAA280000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 135168 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806D0000 ACPI_HAL 131840 bytes
0x806D0000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7430000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7468000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7320000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xAA357000 C:\WINDOWS\System32\Drivers\InCDfs.SYS 102400 bytes (Nero AG, InCD File System Driver)
0xF7450000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA9C25000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xA8FB1000 C:\WINDOWS\system32\drivers\tmcomm.sys 98304 bytes (Trend Micro Inc., TrendMicro Common Module)
0xA9A40000 C:\WINDOWS\System32\Drivers\aswMon2.SYS 94208 bytes (AVAST Software, avast! File System Filter Driver for Windows XP)
0xF7407000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5CE3000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9ACF000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xA9503000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF5DFD000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA344000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF73F4000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF741E000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7487000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF5CD2000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xAA092000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF5F80000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF5F60000 C:\WINDOWS\system32\DRIVERS\HssDrv.sys 65536 bytes (AnchorFree Inc., Hotspot Shield Routing Driver)
0xF5FE0000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF7717000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF5F70000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9738000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7727000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xA9D8C000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF7607000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF5FA0000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF5F50000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75E7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF76C7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7777000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF5F90000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF75D7000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF76B7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7737000 C:\WINDOWS\System32\Drivers\aswTdi.SYS 40960 bytes (AVAST Software, avast! TDI Filter Driver)
0xF75C7000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76F7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xA9485000 C:\WINDOWS\system32\DRIVERS\secdrv.sys 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xF76E7000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75F7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF5FB0000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF76D7000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7747000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9158000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7617000 PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7767000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF795F000 C:\WINDOWS\System32\DRIVERS\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xF798F000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF79BF000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF793F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7957000 C:\WINDOWS\System32\Drivers\incdrm.SYS 28672 bytes (Nero AG, Ahead MRW Filter Driver)
0xF7847000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF79C7000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 28672 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF7987000 C:\WINDOWS\system32\DRIVERS\taphss.sys 28672 bytes (AnchorFree Inc, TAP-Win32 Virtual Network Driver)
0xF785F000 C:\WINDOWS\System32\Drivers\Aavmker4.SYS 24576 bytes (AVAST Software, avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP)
0xF7967000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF794F000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7947000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF7937000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF79AF000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xA9C6D000 C:\WINDOWS\System32\Drivers\aswRdr.SYS 20480 bytes (AVAST Software, avast! TDI RDR Driver)
0xF79B7000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF784F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7977000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF797F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF796F000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xA9F1B000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF7A87000 C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS 16384 bytes (Dell Inc, App Support Driver)
0xF79DF000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7AAB000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF72DF000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9B59000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xAA7AC000 C:\WINDOWS\System32\Drivers\aswFsBlk.SYS 12288 bytes (AVAST Software, avast! File System Access Blocking Driver)
0xF79D7000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xF79DB000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAA270000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7AB7000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xF69D3000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF69CF000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xA92A8000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7ABB000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF69CB000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A63000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7B17000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7B4D000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7B15000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7ACB000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF7AC7000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7B19000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B1B000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7B0B000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7B0D000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7B13000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7AC9000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7CD4000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C5D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BB8000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B8F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [Hdaudio.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [imagesrv.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [imagedrv.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [mcd.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\colum\Local Settings\Temporary Internet Files\Content.IE5\QI7LM8L9\eigolistening[1].rss
!-->[Hidden] C:\Documents and Settings\colum\Local Settings\Temporary Internet Files\Content.IE5\QI7LM8L9\rss_convert[2].xml
!-->[Hidden] C:\Documents and Settings\colum\Local Settings\Temporary Internet Files\Content.IE5\RKNXOTN9\rss_convert[1].xml
!-->[Hidden] C:\Documents and Settings\colum\Local Settings\Temporary Internet Files\Content.IE5\RKNXOTN9\top[1].swf
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f108456.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1184168.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1185056.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1188104.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1259136.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1259216.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f126048.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f127680.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1318168.imm
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1334088.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1365232.imm
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1383896.imm
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1395264.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1412824.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1424904.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1425232.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1442552.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1445392.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1456664.exe
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1456968.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1500352.jpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1501600.html
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1501992.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1503168.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1503288.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1503296.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1504312.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1504864.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1512056.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f151448.png
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f153400.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f155328.png
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f159360.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1595568.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1597328.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1598432.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1605288.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f160928.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1609840.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1609976.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1611864.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1613232.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1613240.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1613448.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1620296.exe
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1625584.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1632760.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1633656.imm
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1634304.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1638416.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1638664.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1641832.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1641840.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1642296.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1643536.exe
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1643832.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1652208.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1654784.exe
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1657696.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1793632.xml
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1793888.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1900304.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1900400.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1900736.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1901240.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1916784.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1918368.gif
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f1918592.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f198360.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f198416.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f200584.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f201648.png
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2053752.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2053784.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2070112.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2103992.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2109320.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2132312.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2132992.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2135368.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2136552.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2182808.xml
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2184176.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f219600.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f22080.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f22096.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f22240.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2268864.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2345880.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2345888.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2346048.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f23704.jpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2388176.swc
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2388480.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f2481464.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f31200.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f31312.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f31816.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f32712.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f33128.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f34184.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f35144.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f36392.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f36848.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f38008.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f38048.html
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f38816.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f395472.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f40936.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f41584.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f43920.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f44016.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f460552.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f46224.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f47584.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f48968.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f49280.dll
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f49288.txt
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f56640.mpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f85424.jpg
!-->[Hidden] C:\Program Files\testdisk-6.8.win\testdisk-6.8\win\c\recup_dir.1\f928.mpg
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp112237433.tmp
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp114653794.tmp
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp153365471.tmp
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp165593589.tmp
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp166086235.tmp
!-->[Hidden] C:\WINDOWS\Temp\_avast5_\unp25788420.tmp
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0006AA9A, Type: Inline - RelativeJump 0x80541A9A-->80541AA1 [ntkrnlpa.exe]
ntkrnlpa.exe-->NtCreateProcessEx, Type: Inline - RelativeJump 0x805C73EA-->AA185BB2 [aswSP.SYS]
ntkrnlpa.exe-->NtCreateSection, Type: Inline - RelativeJump 0x805A075C-->AA1859D6 [aswSP.SYS]
ntkrnlpa.exe-->NtLoadDriver, Type: Inline - RelativeJump 0x805795FA-->AA185B10 [aswSP.SYS]
ntkrnlpa.exe-->ObInsertObject, Type: Inline - RelativeJump 0x805B8B58-->AA182FFA [aswSP.SYS]
ntkrnlpa.exe-->ObMakeTemporaryObject, Type: Inline - RelativeJump 0x805B1CE0-->AA1815D4 [aswSP.SYS]
[1276]services.exe-->advapi32.dll-->CreateProcessAsUserW, Type: IAT modification 0x01001094-->00000000 [unknown_code_page]
[1276]services.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x01001114-->00000000 [unknown_code_page]
[216]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[216]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[216]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[216]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[216]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[216]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D9314B0-->00000000 [shimeng.dll]
[216]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
[568]AvastSvc.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x7C84495D-->00000000 [unknown_code_page]


Keeping the machine free from activity and changes until I get further instructions.

Thanks again,
Haviland (ps Although I am in Ireland I am a lifelong Liverpool fan too - tough times ahead! sad.gif Here's hoping for an upswing..)
Don't Look Back

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 09 September 2010 - 06:08 PM

It looks like TDSSKiller got the rootkit, can you tell me how the machine is running now and if their are any more problems?


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


QUOTE
(ps Although I am in Ireland I am a lifelong Liverpool fan too - tough times ahead! sad.gif Here's hoping for an upswing..)


Good to see another Liverpool fan here smile.gif I think the best we can hope for is CL qualification, but you never know they could pull of better.

unite.jpg


#5 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 02:36 AM

I actually ran the scan but did not unhook anything last night as I was not sure what your next step would be. I will re-run it now and choose unhook all items when it has completed? (It has been shut down and off overnight.)

Don't Look Back

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 10 September 2010 - 05:04 AM

QUOTE
I will re-run it now and choose unhook all items when it has completed?


Erm I haven't asked you to unhook anything, don't do that, nothing needs to be done with RKUnHooker, just run
OTL as instructed and answer my question, thanks.

unite.jpg


#7 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 06:41 AM

Sorry, my misunderstanding. OK have not unhooked anything, I will run OTL now.
Don't Look Back

#8 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 07:27 AM

OK here are the two reports.

I tried to do a disk cleanup and the CPU jumped to 100% still. This was the problem from the beginning. This only lasts for about 3-4 mins. It then complestes the task. Malwarebytes runs initially but hits a problem after about 4-5 mins. An error box opens saying 'malwarebytes has encountered a problem and needs to close - send a report to microsoft?' The Malwarebytes error was the first clue to a possible infection.


OTL logfile created on: 10/09/2010 12:54:48 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\colum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1015 1215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 11.93 Gb Free Space | 34.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.00 Gb Total Space | 1.37 Gb Free Space | 45.62% Space Free | Partition Type: NTFS

Computer Name: KAORI
Current User Name: colum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/10 08:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colum\Desktop\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/06/16 22:15:06 | 000,250,416 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/06/16 21:33:44 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/06/16 21:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 15:58:24 | 001,331,200 | ---- | M] (http://YPOPsEmail.com/) -- C:\Program Files\YPOPs\ypops.exe
PRC - [2006/11/03 19:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005/12/15 10:44:40 | 000,839,680 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2005/09/09 23:19:34 | 000,393,216 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/07/25 11:01:23 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/09/10 08:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colum\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/06/16 22:16:06 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/06/16 22:15:06 | 000,250,416 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/06/16 21:33:44 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/06/16 21:33:42 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2005/07/25 11:00:56 | 000,876,032 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Ca100v.sys -- (Ca100v)
DRV - [2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/13 23:05:40 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hssdrv.sys -- (HssDrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/03/26 20:07:02 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2008/05/28 10:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 10:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 10:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 19:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 19:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/10 12:11:59 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/12/29 14:11:35 | 000,223,128 | ---- | M] (Alcohol Soft Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi)
DRV - [2007/12/29 14:07:50 | 000,642,560 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/07/25 17:59:16 | 010,372,096 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2007/06/28 06:35:50 | 001,309,696 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2007/03/02 11:18:46 | 000,088,960 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/10/12 23:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/29 04:36:56 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/09/09 23:15:32 | 001,032,472 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/05 03:32:16 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005/07/25 10:53:28 | 000,101,504 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/07/25 10:53:04 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/07/25 10:52:59 | 000,028,672 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2005/07/22 03:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 03:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 03:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2002/08/10 03:36:14 | 000,016,509 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.jp/ig?hl=en [binary data]
IE - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..babylon.toolbar.keyword.enabled: "true"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.jp/ig|http://mail.google.com/mail/"
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:4.0.0.87683
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: SSLPasswdWarning@c4i.gmu.edu:0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=ja&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://pac.onspeed.com/pac/?id=08410bbf0638b7a47a2a326097b4b4f4"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/08 15:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/08 15:09:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/09/08 12:46:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/09/08 12:46:16 | 000,000,000 | ---D | M]

[2008/07/31 22:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Extensions
[2008/07/31 22:35:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\colum\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010/09/09 16:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions
[2010/05/08 10:11:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/09 12:25:17 | 000,000,000 | ---D | M] (Babylon Toolbar) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{27915FC8-E347-45a9-8502-4ADA5EF2E0E8}
[2010/08/06 16:42:02 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/28 12:03:25 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2007/11/14 12:35:53 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(2)
[2010/07/27 19:32:56 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/05/19 09:52:35 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/01/27 12:07:20 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010/05/29 16:37:43 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/06/26 11:01:22 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010/04/11 11:37:31 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/09 10:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\bitlypreview@jay.ridgeway
[2009/10/04 16:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010/05/19 09:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\SSLPasswdWarning@c4i.gmu.edu
[2010/05/19 09:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\twitternotifier@naan.net
[2009/06/08 08:00:54 | 000,002,428 | ---- | M] () -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\searchplugins\babylon.xml
[2010/01/07 14:02:38 | 000,002,129 | ---- | M] () -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\searchplugins\it-e-words.xml
[2008/06/28 15:26:55 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\searchplugins\wikipedia.xml
[2010/09/08 15:12:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/28 18:24:43 | 000,000,000 | ---D | M] (SDI Progressive Decoders) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}(3)
[2007/08/28 18:24:05 | 000,000,000 | ---D | M] (SDI Progressive Decoders) -- C:\Program Files\Mozilla Firefox\extensions\{41697025-CA0B-4687-99DE-ABC82C5A630B}(4)
[2007/08/28 18:24:43 | 000,000,000 | ---D | M] (Web Accelerator Integrator) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}(3)
[2007/08/28 18:24:05 | 000,000,000 | ---D | M] (Web Accelerator Integrator) -- C:\Program Files\Mozilla Firefox\extensions\{9d613b03-9b7c-4fa0-b2f8-32f7cc24873f}(4)
[2010/08/14 09:52:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2007/08/28 18:24:43 | 000,000,000 | ---D | M] (SDI Uninstaller) -- C:\Program Files\Mozilla Firefox\extensions\{fd613b03-9b7c-4fa0-b2f8-32f7cc24873f}(2)
[2007/08/28 18:24:05 | 000,000,000 | ---D | M] (SDI Uninstaller) -- C:\Program Files\Mozilla Firefox\extensions\{fd613b03-9b7c-4fa0-b2f8-32f7cc24873f}(3)
[2007/08/29 22:47:44 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/11/19 14:32:26 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2010/06/23 21:24:19 | 000,001,842 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-jp.xml
[2010/06/23 21:24:19 | 000,002,630 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google-jp.xml
[2010/06/23 21:24:19 | 000,001,269 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\oshiete-goo.xml
[2010/06/23 21:24:19 | 000,000,814 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\rakuten.xml
[2010/06/23 21:24:19 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-ja.xml
[2010/06/23 21:24:19 | 000,000,889 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp-auctions.xml
[2010/06/23 21:24:19 | 000,000,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-jp.xml

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No CLSID value found.
O3 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006..\Run: [fsm] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\colum\Start Menu\Programs\Startup\YPOPs.lnk = C:\Program Files\YPOPs\ypops.exe (http://YPOPsEmail.com/)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: クリエ用に変換 - C:\Program Files\SONY\Image Converter\menu.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9} http://listen.jp/activex/1006/lmsagent.cab (LMSAgent Control)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://amuzak.miemasu.net/kxhcm10.ocx (KXHCM10 Control)
O16 - DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} http://comics.yahoo.co.jp/component/ToonsXYJ.cab (ToonsXYJ Control)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1148142888828 (WUWebControl Class)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1258404415506 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://202.222.144.181/activex/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} file:///D:/SuperCD/IntraLaunch.CAB (IntraLaunch.MainControl)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} http://static.photobox.co.uk/sg/common/uploader_uni.cab (PB_Uploader Class)
O16 - DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} http://haishin.ebookjapan.jp/contents/appl...ta/eBookCtl.cab (EBookCtl Class)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/colum/LOCALS~1/Temp/msohtml1/05/clip_image002.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\colum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\colum\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell - "" = AutoRun
O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell - "" = AutoRun
O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell - "" = AutoRun
O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell - "" = AutoRun
O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell - "" = AutoRun
O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell - "" = AutoRun
O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell - "" = AutoRun
O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell - "" = AutoRun
O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell - "" = AutoRun
O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell - "" = AutoRun
O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell - "" = AutoRun
O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell - "" = AutoRun
O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell - "" = AutoRun
O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell - "" = AutoRun
O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell - "" = AutoRun
O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell - "" = AutoRun
O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell - "" = AutoRun
O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell - "" = AutoRun
O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell - "" = AutoRun
O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell - "" = AutoRun
O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "DefWatch"
MsConfig - Services: "Norton AntiVirus Server"
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "usnjsvc"
MsConfig - Services: "LightScribeService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe - (Adobe Systems Inc.)
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync マネージャ.lnk - C:\Program Files\SonyPDA\HOTSYNC.EXE - (Palm, Inc.)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ASuite - hkey= - key= - E:\Lupo PenSuite v6.76 Full\Launcher\ASuite.exe File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
MsConfig - StartUpReg: Cm106Sound - hkey= - key= - File not found
MsConfig - StartUpReg: Dell QuickSet - hkey= - key= - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
MsConfig - StartUpReg: DMXLauncher - hkey= - key= - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
MsConfig - StartUpReg: FixCamera - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\colum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: HuaWeiEVDO.exe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: MSKDetectorExe - hkey= - key= - C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: ShowLOMControl - hkey= - key= - File not found
MsConfig - StartUpReg: SlipStream - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: snpstd3 - hkey= - key= - C:\WINDOWS\vsnpstd3.exe ()
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: tsnpstd3 - hkey= - key= - C:\WINDOWS\tsnpstd3.exe ()
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56871556046913536)

========== Files/Folders - Created Within 30 Days ==========

[2010/09/10 12:51:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\colum\Desktop\OTL.exe
[2010/09/08 12:49:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/09/08 12:49:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/09/08 12:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/09/07 16:59:23 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2010/09/07 16:02:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/07 16:02:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/07 16:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/31 09:22:53 | 000,544,768 | ---- | C] (Stardock Corporation) -- C:\WINDOWS\System32\wbocx.ocx
[2010/08/31 09:22:53 | 000,056,496 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbhelp2.dll
[2010/08/31 09:22:53 | 000,033,968 | ---- | C] (Neil Banfield) -- C:\WINDOWS\System32\anim.dll
[2010/08/31 09:22:53 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF32.DLL
[2010/08/31 09:22:53 | 000,002,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\W95INF16.DLL
[2010/08/31 09:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2010/08/30 23:07:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\colum\Recent
[2010/08/30 23:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/30 08:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\colum\DoctorWeb
[2010/08/14 09:52:04 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/08/14 09:52:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/08/14 09:52:04 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2008/12/02 15:54:02 | 000,245,760 | ---- | C] (Macromedia, Inc.) -- C:\Program Files\NPSWF32.dll
[2007/12/19 17:15:36 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2007/12/19 17:15:36 | 000,057,344 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2007/12/19 17:15:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2007/12/19 17:15:36 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/10 13:00:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/10 12:57:05 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C08CC376-AD83-49B4-B707-C4741BDE2C85}.job
[2010/09/10 12:19:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/10 12:19:04 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/10 12:12:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3812025280-1438908105-2236764183-1006UA.job
[2010/09/10 08:45:19 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\colum\Desktop\OTL.exe
[2010/09/10 08:41:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/10 08:41:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/10 08:40:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 08:40:33 | 1064,763,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/10 08:39:47 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\colum\ntuser.dat
[2010/09/10 08:39:37 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\colum\ntuser.ini
[2010/09/09 17:00:44 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\colum\defogger_reenable
[2010/09/09 16:46:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\colum\Desktop\Defogger.exe
[2010/09/09 16:45:27 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\colum\Desktop\RKUnhookerLE.EXE
[2010/09/09 16:45:08 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/09/09 08:33:40 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/09/08 13:10:20 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\colum\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/07 16:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010/09/07 16:11:54 | 000,167,592 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/09/07 15:52:25 | 000,046,672 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/09/07 15:52:03 | 000,165,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/09/07 15:47:46 | 000,023,376 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/09/07 15:47:19 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/09/07 15:47:16 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/09/07 15:47:07 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/09/07 15:46:51 | 000,028,880 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/09/07 11:29:59 | 011,796,480 | ---- | M] () -- C:\Documents and Settings\colum\ntuser.dat.regbk109
[2010/09/07 11:26:33 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2010/09/06 12:04:33 | 000,001,816 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/02 13:03:25 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/31 22:12:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3812025280-1438908105-2236764183-1006Core.job
[2010/08/30 23:06:36 | 000,357,728 | ---- | M] () -- C:\Documents and Settings\colum\My Documents\cc_20100830_230616.reg
[2010/08/28 23:27:07 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/28 23:27:07 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2010/08/12 10:47:53 | 000,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/12 10:11:50 | 000,508,468 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/12 10:11:50 | 000,446,126 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/12 10:11:50 | 000,073,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/09 17:00:23 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\colum\defogger_reenable
[2010/09/09 16:48:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\colum\Desktop\Defogger.exe
[2010/09/09 16:48:19 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\colum\Desktop\RKUnhookerLE.EXE
[2010/09/08 12:18:42 | 1064,763,392 | -HS- | C] () -- C:\hiberfil.sys
[2010/09/07 11:29:09 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\colum\ntuser.dat.regan613.LOG
[2010/08/31 09:41:12 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\_WKERNEL.FRE
[2010/08/31 09:22:52 | 000,000,439 | ---- | C] () -- C:\WINDOWS\System32\shfolder.inf
[2010/08/30 23:06:20 | 000,357,728 | ---- | C] () -- C:\Documents and Settings\colum\My Documents\cc_20100830_230616.reg
[2010/06/08 14:35:43 | 000,000,174 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/22 17:07:16 | 000,000,401 | ---- | C] () -- C:\Documents and Settings\colum\Application Data\TweetDeckFast_state.xml
[2009/04/21 14:13:46 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll
[2009/01/24 13:31:12 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008/11/13 14:00:35 | 002,965,504 | ---- | C] () -- C:\WINDOWS\System32\TranscodingDLL.dll
[2008/11/13 14:00:35 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2008/11/13 14:00:34 | 000,864,256 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2008/11/13 14:00:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/11/13 14:00:34 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008/07/01 14:13:27 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\CM106rm.dll
[2008/07/01 14:13:27 | 000,000,192 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2008/07/01 14:12:19 | 000,003,900 | R--- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2008/05/02 09:20:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/03/20 11:38:33 | 000,000,070 | ---- | C] () -- C:\Documents and Settings\colum\Local Settings\Application Data\FASTWiz.log
[2008/01/09 14:48:53 | 007,437,824 | ---- | C] () -- C:\WINDOWS\System32\smfcore.dll
[2008/01/09 14:48:53 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2007/12/19 17:15:51 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2007/12/16 19:31:53 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/12/16 19:31:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/28 19:54:51 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/11/10 14:51:45 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/11/10 14:51:45 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/11/03 19:43:29 | 000,000,014 | ---- | C] () -- C:\WINDOWS\Powerplayer.ini
[2007/11/03 19:42:26 | 000,000,308 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2007/09/24 20:51:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\PirateFish5.ini
[2007/09/19 13:25:10 | 000,000,035 | ---- | C] () -- C:\WINDOWS\tadaTool.INI
[2007/05/19 18:09:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007/01/27 15:22:22 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/11/21 14:13:08 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/20 16:48:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2006/07/22 17:01:57 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\46A0400E57.sys
[2006/07/05 10:14:50 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/07/05 10:14:49 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/31 21:50:08 | 000,201,216 | ---- | C] () -- C:\Documents and Settings\colum\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/05/30 20:41:48 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\nmocod.dll
[2006/05/20 21:04:36 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/20 20:40:58 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\570E40A046.sys
[2006/05/20 20:40:57 | 000,005,486 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/19 18:22:37 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\colum\Application Data\dvd.bmk
[2006/05/19 18:10:34 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\colum\Local Settings\Application Data\fusioncache.dat
[2006/05/18 03:14:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/18 03:10:24 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/18 03:00:20 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/05/18 02:38:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/05/18 02:38:30 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/05/18 02:37:54 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/03/28 02:26:36 | 000,415,232 | ---- | C] () -- C:\WINDOWS\System32\Sparkle.dll
[2003/11/18 10:03:28 | 000,200,704 | --S- | C] () -- C:\WINDOWS\System32\archlib.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/24 07:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
[2001/05/24 13:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
< End of report >



OTL Extras logfile created on: 10/09/2010 12:54:48 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\colum\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1,015.00 Mb Total Physical Memory | 496.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 1015 1215 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.17 Gb Total Space | 11.93 Gb Free Space | 34.91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.00 Gb Total Space | 1.37 Gb Free Space | 45.62% Space Free | Partition Type: NTFS

Computer Name: KAORI
Current User Name: colum
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe" = C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe:*:Enabled:3 DDataModem HSDPA -- (Huawei Technologies)
"C:\Program Files\Chrysanth\NETime\Mail Manager\CSMailManager.exe" = C:\Program Files\Chrysanth\NETime\Mail Manager\CSMailManager.exe:*:Enabled:Chrysanth Mail Manager -- (Chrysanth Software Sdn. Bhd.)
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\YPOPs\ypops.exe" = C:\Program Files\YPOPs\ypops.exe:*:Enabled:Free POP3/SMTP access to Yahoo! Mail -- (http://YPOPsEmail.com/)
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\launch4j-tmp\Stanza.exe" = C:\Program Files\Java\jre6\launch4j-tmp\Stanza.exe:*:Disabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\SapporoWorks\BlackJumboDog\BlackJumboDog.exe" = C:\Program Files\SapporoWorks\BlackJumboDog\BlackJumboDog.exe:*:Disabled:SapporoWorks -- (SapporoWorks)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{28B51C15-7F65-411C-B843-CB915C1FA0D6}" = GR-1100
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{38EE230F-F631-451F-8800-E29F5E5C9E7D}" = iTunes Library Updater
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3AF47C4E-065B-FF3F-93DE-8D9AD4E8C10D}" = TweetDeck
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55F502E5-6E86-4321-8D35-D9F9C794E58E}" = SunPlus PMP Transcoding
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{59FEFE3F-8119-457C-A4EE-CF24202DD9D2}" = Visual Basic 6.0 SP6 ランタイムライブラリ 第4版
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{6B77AF19-BEA2-4CC6-B468-027F04814801}" = Memory Stick Export
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iPhone Explorer 0.992
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8C894BAC-AAAB-4EF2-93A7-5AA8E4EF4798}_is1" = Chrysanth Mail Manager
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{903B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{9969E257-F5B5-4F48-A45C-12899852383D}" = デコの輪ツール
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{BA0F44C2-A883-11D1-AD0A-006097D15E2C}" = CLIE Palm Desktop
"{BDA3D2C3-3197-4FE3-A50F-0A569EC172FA}" = Image Converter 1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2D518A1-7D97-43CF-B18E-B5055E1A828B}" = CLIE MS SCSI ドライバー
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBBC37B3-6920-4C33-842F-EBD0B8E3FC74}" = ebi.BookReader3J
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = 168-USB PC Camera
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FBDEA5B0-DBC1-420E-9A5E-FB97A8F5388D}" = ピクネット tada ツール
"{FC274982-5AAD-4C20-848D-4424A5043010}_is1" = WinUtilities 9.71 Free Edition
"3 DataModem HSDPA" = 3 DataModem HSDPA
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe FrameMaker 7.0" = Adobe FrameMaker v7.0
"Adobe Photoshop 5.5" = Adobe Photoshop 5.5
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Effect Maker Free Edition_is1" = Advanced Effect Maker Free Edition Version 2 (With VAC 2.0 B1)
"avast5" = avast! Free Antivirus
"BlackJumboDog" = BlackJumboDog
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DellSupport" = Dell Support 5.0.0 (630)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EPSON Printer and Utilities" = EPSON Printer Software
"Eraser_is1" = Eraser
"ffdshow_is1" = ffdshow [rev 1579] [2007-10-26]
"Flash FLV to Video Audio Converter_is1" = Flash FLV to Video Audio Converter v3.0
"FLVPlayer" = FLV Player 1.3.3
"Free Download Manager_is1" = Free Download Manager 2.5
"Free DVD Decrypter_is1" = Free DVD Decrypter version 1.2
"Generic USB 106 Sound" = USB Multi-Channel Audio Device
"getPlus®_ocx" = getPlus®_ocx
"G-Force" = G-Force
"HotspotShield" = Hotspot Shield 1.47
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"IrfanView" = IrfanView (remove only)
"Macromedia Flash 4J" = Macromedia Flash 4J
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PolderBackup" = PolderBackup
"Powerbullet Presenter_is1" = Powerbullet Presenter 1.44
"PrintFolder_is1" = PrintFolder 1.3
"RealPlayer 12.0" = RealPlayer
"Rename" = Rename
"Revo Uninstaller" = Revo Uninstaller 1.71
"Senselang" = Senselang
"Software Informer_is1" = Software Informer 1.0 BETA
"Stanza" = Stanza
"Sunplus CA504A" = Smart Cam, WDM Video Capture
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tenebril Uninstaller_is1" = Tenebril Uninstaller 1.20
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"Winamp" = Winamp
"Winamp Essentials Pack" = Winamp Essentials Pack v5.34
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YPOPs_is1" = YPOPs! 0.9.5.3

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"QUICKMEDIACONVERTER" = Converter

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/09/2010 12:10:20 | Computer Name = KAORI | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x0001fffe.

Error - 07/09/2010 12:49:21 | Computer Name = KAORI | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.46.0.1, faulting module mbam.dll,
version 1.46.0.0, fault address 0x0001fffe.

Error - 07/09/2010 14:43:17 | Computer Name = KAORI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 07/09/2010 14:43:17 | Computer Name = KAORI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 256: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 08/09/2010 07:42:09 | Computer Name = KAORI | Source = Bonjour Service | ID = 100
Description = 420: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 08/09/2010 03:23:07 | Computer Name = KAORI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 08/09/2010 03:23:12 | Computer Name = KAORI | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/09/2010 07:20:04 | Computer Name = KAORI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 0016CE46EC13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/09/2010 03:29:25 | Computer Name = KAORI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.5 for the Network Card with network
address 0016CE46EC13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 09/09/2010 03:33:40 | Computer Name = KAORI | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 09/09/2010 03:33:41 | Computer Name = KAORI | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 09/09/2010 03:33:41 | Computer Name = KAORI | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 09/09/2010 07:14:20 | Computer Name = KAORI | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 09/09/2010 07:14:23 | Computer Name = KAORI | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 10/09/2010 03:33:38 | Computer Name = KAORI | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.3 for the Network Card with network
address 0016CE46EC13 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Don't Look Back

#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 10 September 2010 - 12:27 PM

No problem, It would have most likely crashed you computer if you had unhooked them all.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#10 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 02:17 PM

Hi Sylar,

OK here is the combo fix log. I ran the flash disinfector on 3 external hard drives 4, pen drives 3 sd cards, and anything else I could find including usb mp3 players etc. (got em all), crazy how these things build up! Thanks for your guidance.


ComboFix 10-09-09.04 - colum 10/09/2010 20:00:48.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.932.81.1033.18.1015.515 [GMT 1:00]
Running from: c:\documents and settings\colum\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\RSMR
c:\documents and settings\All Users\Application Data\RSMR\bkht.ddt
c:\documents and settings\colum\My Documents\cc_20100830_230616.reg
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

.
((((((((((((((((((((((((( Files Created from 2010-08-10 to 2010-09-10 )))))))))))))))))))))))))))))))
.

2010-09-08 11:49 . 2010-09-08 11:49 -------- d-----w- c:\program files\iPod
2010-09-08 11:49 . 2010-09-08 11:50 -------- d-----w- c:\program files\iTunes
2010-09-08 11:45 . 2010-09-08 11:46 -------- d-----w- c:\program files\QuickTime
2010-09-08 11:33 . 2010-09-08 11:33 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-07 15:59 . 2010-09-07 15:59 -------- d-----w- C:\TDSSKiller_Quarantine
2010-09-07 15:02 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 15:02 . 2010-09-07 15:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 15:02 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-31 08:22 . 2007-08-31 11:52 56496 ----a-w- c:\windows\system32\wbhelp2.dll
2010-08-31 08:22 . 2007-08-31 11:52 33968 ----a-w- c:\windows\system32\anim.dll
2010-08-31 08:22 . 1999-11-22 14:50 4608 ----a-w- c:\windows\system32\W95INF32.DLL
2010-08-31 08:22 . 1999-11-22 14:50 2272 ----a-w- c:\windows\system32\W95INF16.DLL
2010-08-31 08:22 . 2010-09-07 10:25 -------- d-----w- c:\program files\WinUtilities
2010-08-30 22:04 . 2010-08-30 22:04 -------- d-----w- c:\program files\CCleaner
2010-08-30 07:56 . 2010-08-30 09:07 -------- d-----w- c:\documents and settings\colum\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-10 18:25 . 2008-02-14 16:29 -------- d-----w- c:\program files\YPOPs
2010-09-09 15:58 . 2007-11-26 15:32 -------- d-----w- c:\documents and settings\colum\Application Data\Skype
2010-09-09 15:45 . 2007-11-28 18:54 -------- d-----w- c:\documents and settings\colum\Application Data\skypePM
2010-09-08 11:49 . 2008-10-13 22:44 -------- d-----w- c:\program files\Common Files\Apple
2010-09-07 15:12 . 2010-06-29 09:20 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-25 08:22 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-25 08:22 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-25 08:22 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-25 08:22 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-25 08:22 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-25 08:22 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-25 08:22 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-25 08:22 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-07 10:20 . 2008-02-04 13:08 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-06 14:43 . 2009-10-03 13:52 -------- d-----w- c:\documents and settings\colum\Application Data\Dropbox
2010-08-14 08:53 . 2006-05-18 01:54 -------- d-----w- c:\program files\Common Files\Java
2010-08-14 08:51 . 2006-05-18 01:54 -------- d-----w- c:\program files\Java
2010-08-10 10:19 . 2008-10-19 12:00 67596 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-08-04 09:18 . 2010-08-04 09:18 503808 ----a-w- c:\documents and settings\colum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3fe77695-n\msvcp71.dll
2010-08-04 09:18 . 2010-08-04 09:18 499712 ----a-w- c:\documents and settings\colum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3fe77695-n\jmc.dll
2010-08-04 09:18 . 2010-08-04 09:18 348160 ----a-w- c:\documents and settings\colum\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3fe77695-n\msvcr71.dll
2010-08-04 09:18 . 2010-08-04 09:18 61440 ----a-w- c:\documents and settings\colum\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-357c80e9-n\decora-sse.dll
2010-08-04 09:18 . 2010-08-04 09:18 12800 ----a-w- c:\documents and settings\colum\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-357c80e9-n\decora-d3d.dll
2010-07-23 16:22 . 2010-08-06 15:42 1496064 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-06 15:42 43008 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-06 15:42 338944 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-06 15:42 346112 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-22 11:00 . 2007-11-26 15:31 -------- d-----r- c:\program files\Skype
2010-07-22 11:00 . 2010-07-22 11:00 -------- d-----w- c:\program files\Common Files\Skype
2010-07-22 10:58 . 2007-11-26 15:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-07-17 04:00 . 2010-04-17 11:17 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31 . 2004-08-10 11:51 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2004-08-10 11:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2004-08-10 11:51 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 10:58 . 2010-06-26 10:01 241664 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enclip.dll
2010-06-22 10:58 . 2010-06-26 10:01 114688 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\ENImaDLL.dll
2010-06-22 10:58 . 2010-06-26 10:01 90112 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\entbcompose.dll
2010-06-22 10:58 . 2010-06-26 10:01 167936 ----a-w- c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
2010-06-21 15:27 . 2006-05-18 01:37 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-10 11:51 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-10 12:02 744448 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2004-08-10 11:51 1172480 ----a-w- c:\windows\system32\msxml3.dll
1999-06-05 03:13 . 2008-12-02 14:54 245760 -c--a-w- c:\program files\NPSWF32.dll
2007-04-06 16:38 . 2006-07-22 16:01 56 --sh--r- c:\windows\system32\46A0400E57.sys
2006-05-21 11:13 . 2006-05-20 19:40 88 --sh--r- c:\windows\system32\570E40A046.sys
2007-04-06 16:38 . 2006-05-20 19:40 5486 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\colum\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\colum\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\colum\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"InCD"="c:\program files\Ahead\InCD\InCD.exe" [2005-07-25 1397760]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-09 393216]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"Dell QuickSet"="c:\program files\Dell\QuickSet\Quickset.exe" [2005-12-15 839680]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

c:\documents and settings\colum\Start Menu\Programs\Startup\
YPOPs.lnk - c:\program files\YPOPs\YPOPs.exe [2008-2-14 1331200]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-18 24576]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync マネージャ.lnk]
backup=c:\windows\pss\HotSync マネージャ.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowLOMControl]
 [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2006-11-01 19:48 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2005-12-15 09:44 839680 ----a-w- c:\program files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-11-01 02:12 94208 -c--a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-06-06 10:57 133104 ----atw- c:\documents and settings\colum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-10-14 19:46 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-06-10 09:44 249856 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-06-10 09:44 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 15:16 1121792 -c--a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 04:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
2007-05-10 13:18 835584 ----a-w- c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2003-11-19 16:48 32881 -c--a-w- c:\program files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-19 15:20 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
2007-04-21 09:37 270336 ----a-w- c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-10-18 19:05 204288 -c----w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"DefWatch"=2 (0x2)
"Norton AntiVirus Server"=2 (0x2)
"WMPNetworkSvc"=2 (0x2)
"usnjsvc"=3 (0x3)
"LightScribeService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Huawei technologies\\Huawei UMTS Data Card\\3 DataModem HSDPA.exe"=
"c:\\Program Files\\Chrysanth\\NETime\\Mail Manager\\CSMailManager.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\YPOPs\\ypops.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\Stanza.exe"=
"c:\\Program Files\\SapporoWorks\\BlackJumboDog\\BlackJumboDog.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25/06/2010 09:22 165584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/05/2008 10:33 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/05/2008 10:33 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25/06/2010 09:22 17744]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S2 gupdate;Google アップデート サービス (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19/12/2009 14:04 135664]
S3 Ca100v;Smart Cam, WDM Video Capture;c:\windows\system32\Drivers\Ca100v.sys --> c:\windows\system32\Drivers\Ca100v.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [07/09/2010 16:02 38224]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/05/2008 10:33 7408]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [01/07/2008 18:36 1309696]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [29/12/2007 14:11 223128]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29/12/2007 14:07 642560]
.
Contents of the 'Scheduled Tasks' folder

2010-09-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 10:50]

2006-05-21 c:\windows\Tasks\dfrg.job
- c:\windows\system32\dfrg.msc [2004-08-10 04:00]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 20:52]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 20:52]

2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3812025280-1438908105-2236764183-1006Core.job
- c:\documents and settings\colum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-06 10:57]

2010-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3812025280-1438908105-2236764183-1006UA.job
- c:\documents and settings\colum\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-06 10:57]

2010-09-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2010-09-10 c:\windows\Tasks\User_Feed_Synchronization-{C08CC376-AD83-49B4-B707-C4741BDE2C85}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: クリエ用に変換 - c:\program files\Sony\Image Converter\menu.htm
DPF: {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9} - hxxp://listen.jp/activex/1006/lmsagent.cab
DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} - hxxp://amuzak.miemasu.net/kxhcm10.ocx
DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} - hxxp://comics.yahoo.co.jp/component/ToonsXYJ.cab
DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} - file:///D:/SuperCD/IntraLaunch.CAB
DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} - hxxp://haishin.ebookjapan.jp/contents/appli/reader_beta/eBookCtl.cab
FF - ProfilePath - c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.jp/ig|http://mail.google.com/mail/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=ja&q=
FF - component: c:\documents and settings\colum\Application Data\Mozilla\Firefox\Profiles\a5ly62nj.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\colum\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-fsm - (no file)
MSConfigStartUp-ASuite - e:\lupo pensuite v6.76 full\Launcher\ASuite.exe
MSConfigStartUp-Cm106Sound - cm106.cpl
MSConfigStartUp-HuaWeiEVDO - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-10 20:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\colum\LOCALS~1\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1236)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\NavLogon.dll
.
Completion time: 2010-09-10 20:12:05
ComboFix-quarantined-files.txt 2010-09-10 19:11

Pre-Run: 12,793,368,576 bytes free
Post-Run: 13,227,741,184 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=5 Default=5 Failed=2 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 48B2EDA141B1E679E900D7DFF5C767F6

Don't Look Back

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 10 September 2010 - 05:29 PM

Hi Haviland,

Have you tried uninstalling Malwarebytes, then reinstalling it? if not give it a try and see if you can get it to complete a
full scan.


You still have some leftovers from an incomplete uninstallation of Norton security products on your computer.
To remove the leftovers please download and run the Norton Removal Tool.

Note: The Norton Removal Tool uninstalls all Norton 2008/2007/2006/2005/2004/2003 products and Norton 360 from your computer.
If you use ACT! or WinFAX, back up those databases before you proceed.




Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Bulk100.sys -- (USBCamera) DSC Still Image Capture (CA100)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\Ca100v.sys -- (Ca100v)
    O2 - BHO: (no name) - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No CLSID value found.
    O3 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-84BA-B830E8D4E122} - No CLSID value found.
    O3 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006\..\Toolbar\WebBrowser: (no name) - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No CLSID value found.
    O4 - HKLM..\Run: [KernelFaultCheck] File not found
    O4 - HKU\S-1-5-21-3812025280-1438908105-2236764183-1006..\Run: [fsm] File not found
    O16 - DPF: {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9} http://listen.jp/activex/1006/lmsagent.cab (LMSAgent Control)
    O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://amuzak.miemasu.net/kxhcm10.ocx (KXHCM10 Control)
    O16 - DPF: {3BA66EC1-3F6A-49DD-A359-CBAA1290469F} http://comics.yahoo.co.jp/component/ToonsXYJ.cab (ToonsXYJ Control)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41} http://haishin.ebookjapan.jp/contents/appl...ta/eBookCtl.cab (EBookCtl Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell - "" = AutoRun
    O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell - "" = AutoRun
    O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell - "" = AutoRun
    O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell - "" = AutoRun
    O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell - "" = AutoRun
    O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell - "" = AutoRun
    O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found
    O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell - "" = AutoRun
    O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell - "" = AutoRun
    O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell - "" = AutoRun
    O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell - "" = AutoRun
    O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell - "" = AutoRun
    O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell - "" = AutoRun
    O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell - "" = AutoRun
    O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell - "" = AutoRun
    O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell - "" = AutoRun
    O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    MsConfig - Services: "DefWatch"
    MsConfig - Services: "Norton AntiVirus Server"
    MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - Reg Error: Value error. File not found
    MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
    MsConfig - StartUpReg: Broadcom Wireless Manager UI - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
    MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
    MsConfig - StartUpReg: ShowLOMControl - hkey= - key= - File not found
    MsConfig - StartUpReg: SlipStream - hkey= - key= - Reg Error: Value error. File not found
    Drivers32: VIDC.SP54 - SP5X_32.DLL File not found
    Drivers32: VIDC.SP55 - SP5X_32.DLL File not found
    Drivers32: VIDC.SP56 - SP5X_32.DLL File not found
    Drivers32: VIDC.SP57 - SP5X_32.DLL File not found
    Drivers32: VIDC.SP58 - SP5X_32.DLL File not found
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=dword:00000000
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan by clicking Run Scan and post the new OTL log.

unite.jpg


#12 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 05:34 PM

I did try renewing MB but with no luck. I will run the tools you have listed here and post the results.
Don't Look Back

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:02:24 PM

Posted 10 September 2010 - 05:36 PM

thumbup2.gif

unite.jpg


#14 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 06:08 PM

Firstly, here is the OTL log file generated with the code supplied;


All processes killed
========== OTL ==========
Error: No service named USBCamera) DSC Still Image Capture (CA100 was found to stop!
Service\Driver key USBCamera) DSC Still Image Capture (CA100 not found.
File C:\WINDOWS\System32\Drivers\Bulk100.sys not found.
Service Ca100v stopped successfully!
Service Ca100v deleted successfully!
File C:\WINDOWS\System32\Drivers\Ca100v.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-84BA-B830E8D4E122} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-84BA-B830E8D4E122}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B79EE88-E62D-4AA8-B530-CC357BA112B7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Windows\CurrentVersion\Run\\fsm not found.
Starting removal of ActiveX control {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}
C:\WINDOWS\Downloaded Program Files\LMSAgent.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ not found.
Starting removal of ActiveX control {2E28242B-A689-11D4-80F2-0040266CBB8D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Starting removal of ActiveX control {3BA66EC1-3F6A-49DD-A359-CBAA1290469F}
C:\WINDOWS\Downloaded Program Files\ToonsXYJ.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}
C:\WINDOWS\Downloaded Program Files\eBookctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\DefWatch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\Norton AntiVirus Server deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BitTorrent DNA\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BluetoothAuthenticationAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Broadcom Wireless Manager UI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxhkcmd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ShowLOMControl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SlipStream\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP54 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP55 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP56 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP57 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP58 deleted successfully.
C:\Program Files\GLF104(2).tmp\sliplsp(2).dll deleted successfully.
C:\Program Files\GLF104(2).tmp folder deleted successfully.
C:\Program Files\GLF1D.tmp folder deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: colum
->Temp folder emptied: 18932754 bytes
->Temporary Internet Files folder emptied: 6160568 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32623764 bytes
->Google Chrome cache emptied: 5969855 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 985 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 718562 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: All Users

User: colum
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09102010_235831

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Don't Look Back

#15 Haviland Tuf

Haviland Tuf
  • Topic Starter

  • Members
  • 94 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roscommon, Ireland
  • Local time:01:24 PM

Posted 10 September 2010 - 06:19 PM

And here is the OTL log after a reboot;


All processes killed
========== OTL ==========
Error: No service named USBCamera) DSC Still Image Capture (CA100 was found to stop!
Service\Driver key USBCamera) DSC Still Image Capture (CA100 not found.
File C:\WINDOWS\System32\Drivers\Bulk100.sys not found.
Service Ca100v stopped successfully!
Service Ca100v deleted successfully!
File C:\WINDOWS\System32\Drivers\Ca100v.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AA2F14F-E956-44B8-8694-A5B615CDF341}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4E7BD74F-2B8D-469E-84BA-B830E8D4E122} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-84BA-B830E8D4E122}\ not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8B79EE88-E62D-4AA8-B530-CC357BA112B7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B79EE88-E62D-4AA8-B530-CC357BA112B7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-3812025280-1438908105-2236764183-1006\Software\Microsoft\Windows\CurrentVersion\Run\\fsm not found.
Starting removal of ActiveX control {24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}
C:\WINDOWS\Downloaded Program Files\LMSAgent.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24C45F1F-B31D-4D17-8A3A-9CC21662D8D9}\ not found.
Starting removal of ActiveX control {2E28242B-A689-11D4-80F2-0040266CBB8D}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E28242B-A689-11D4-80F2-0040266CBB8D}\ not found.
Starting removal of ActiveX control {3BA66EC1-3F6A-49DD-A359-CBAA1290469F}
C:\WINDOWS\Downloaded Program Files\ToonsXYJ.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3BA66EC1-3F6A-49DD-A359-CBAA1290469F}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}
C:\WINDOWS\Downloaded Program Files\eBookctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D51813A7-2D98-4BE3-8BAB-8B47B7BC6F41}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab354-26f0-11dc-9255-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0dfab356-26f0-11dc-9255-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e5ccdc0-3067-11dc-927b-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{123e9d50-1a30-11df-9c1b-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14cdfce0-2686-11dd-96b6-87e984a73ea9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a2c3f52-5590-11dc-92f7-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb4-5654-11dc-9303-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ac01fb5-5654-11dc-9303-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1dd47c80-1a43-11df-9c1d-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ed934d7-d368-11dd-99b7-fc83cdfe2da8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2530d0be-287e-11dc-9259-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b1c0aee-3498-11de-9a9e-9a05c039c9c1}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34b14c98-c45b-11dc-94ab-a70b38964a93}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39be84d8-2fd3-11dd-96e1-fd02a57661a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c3e-a0f5-11dd-98e1-b261728774a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cd83c42-a0f5-11dd-98e1-b261728774a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{451de42e-a0f6-11dd-98e2-f6baacaae0a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f8672e5-5657-11dc-9305-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7bd3eeb4-5593-11dc-92fa-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8440515a-cc34-11dd-999b-8a1399280da8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea4-29d7-11df-9c32-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8798fea5-29d7-11df-9c32-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9e617546-1a30-11df-9c1c-0016ce46ec13}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b5e3d14d-62e3-11dd-97d6-fa4acd0f35a6}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bd0d73d0-7804-11dc-9387-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632c-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ce04632d-72b0-11dd-9823-fb89cb0fcfa7}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfd6f26e-0f22-11de-9a5c-f78b1a3abefa}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5ee6810-557a-11dc-92f2-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f5d0152e-2678-11dd-96b3-9086105b06a9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbbecf0a-264d-11dd-96b0-d067960931a8}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fd480a84-309f-11dc-927e-001422a8ba39}\ not found.
File E:\AutoRun.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\DefWatch deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\\Norton AntiVirus Server deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BitTorrent DNA\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BluetoothAuthenticationAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Broadcom Wireless Manager UI\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxhkcmd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\KernelFaultCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ShowLOMControl\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\SlipStream\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP54 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP55 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP56 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP57 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\VIDC.SP58 deleted successfully.
C:\Program Files\GLF104(2).tmp\sliplsp(2).dll deleted successfully.
C:\Program Files\GLF104(2).tmp folder deleted successfully.
C:\Program Files\GLF1D.tmp folder deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: colum
->Temp folder emptied: 18932754 bytes
->Temporary Internet Files folder emptied: 6160568 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 32623764 bytes
->Google Chrome cache emptied: 5969855 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 985 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 970 bytes
->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1546 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 718562 bytes

Total Files Cleaned = 61.00 mb


[EMPTYFLASH]

User: All Users

User: colum
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09102010_235831

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Don't Look Back




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users