TechSpot

Explorer.exe infected with bamital AF- Explorer will not run

By generalkenobi2
Oct 22, 2010
  1. If i made a mistake or posted wrong to cause you to avoid helping me, please let me know what i did wrong. dont just click away please, help is appreciated. now I've looked at some of the other user's posts and have tried, ive been running programs with the command prompt from a black screen. can you guys work some magic for me too?

    MBR

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Compaq Presario CQ50 Notebook PC
    Logical Drives Mask: 0x0000041c

    Kernel Drivers (total 196):
    0x82A41000 \SystemRoot\system32\ntkrnlpa.exe
    0x82A0E000 \SystemRoot\system32\hal.dll
    0x80400000 \SystemRoot\system32\kdcom.dll
    0x80407000 \SystemRoot\system32\PSHED.dll
    0x80418000 \SystemRoot\system32\BOOTVID.dll
    0x80420000 \SystemRoot\system32\CLFS.SYS
    0x80461000 \SystemRoot\system32\CI.dll
    0x80541000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805B2000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80603000 \SystemRoot\system32\drivers\acpi.sys
    0x80649000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80652000 \SystemRoot\system32\drivers\msisadrv.sys
    0x8065A000 \SystemRoot\system32\drivers\pci.sys
    0x80681000 \SystemRoot\system32\drivers\isapnp.sys
    0x80690000 \SystemRoot\system32\drivers\mpio.sys
    0x806AC000 \SystemRoot\System32\drivers\partmgr.sys
    0x806BB000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x806BE000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806C8000 \SystemRoot\system32\drivers\volmgr.sys
    0x806D7000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80721000 \SystemRoot\system32\drivers\intelide.sys
    0x80728000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80736000 \SystemRoot\system32\drivers\pciide.sys
    0x8073D000 \SystemRoot\system32\drivers\aliide.sys
    0x80744000 \SystemRoot\system32\drivers\amdide.sys
    0x8074B000 \SystemRoot\system32\drivers\cmdide.sys
    0x80753000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80763000 \SystemRoot\system32\drivers\msdsm.sys
    0x8077D000 \SystemRoot\system32\drivers\nvraid.sys
    0x80798000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807B9000 \SystemRoot\system32\drivers\viaide.sys
    0x88204000 \SystemRoot\system32\drivers\iastorv.sys
    0x882A5000 \SystemRoot\system32\drivers\atapi.sys
    0x882AD000 \SystemRoot\system32\drivers\ataport.SYS
    0x882CB000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x882E5000 \SystemRoot\system32\drivers\storport.sys
    0x88326000 \SystemRoot\system32\drivers\nvstor.sys
    0x88333000 \SystemRoot\system32\drivers\hpcisss.sys
    0x8833E000 \SystemRoot\system32\drivers\adp94xx.sys
    0x883A8000 \SystemRoot\system32\drivers\adpahci.sys
    0x807C1000 \SystemRoot\system32\drivers\adpu160m.sys
    0x805C0000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x88404000 \SystemRoot\system32\drivers\adpu320.sys
    0x8842A000 \SystemRoot\system32\drivers\djsvs.sys
    0x8843E000 \SystemRoot\system32\drivers\arc.sys
    0x88454000 \SystemRoot\system32\drivers\arcsas.sys
    0x8846A000 \SystemRoot\system32\drivers\elxstor.sys
    0x884FE000 \SystemRoot\system32\drivers\i2omp.sys
    0x88508000 \SystemRoot\system32\drivers\iirsp.sys
    0x88518000 \SystemRoot\system32\drivers\iteatapi.sys
    0x88524000 \SystemRoot\system32\drivers\iteraid.sys
    0x88530000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x8854A000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x88562000 \SystemRoot\system32\drivers\megasas.sys
    0x88604000 \SystemRoot\system32\drivers\megasr.sys
    0x886BB000 \SystemRoot\system32\drivers\mraid35x.sys
    0x886C6000 \SystemRoot\system32\drivers\msahci.sys
    0x886D0000 \SystemRoot\system32\drivers\nfrd960.sys
    0x88807000 \SystemRoot\system32\drivers\ql2300.sys
    0x8893F000 \SystemRoot\system32\drivers\ql40xx.sys
    0x88994000 \SystemRoot\system32\drivers\sisraid2.sys
    0x889A1000 \SystemRoot\system32\drivers\sisraid4.sys
    0x889B6000 \SystemRoot\system32\drivers\symc8xx.sys
    0x889C2000 \SystemRoot\system32\drivers\sym_hi.sys
    0x889CD000 \SystemRoot\system32\drivers\sym_u3.sys
    0x886DE000 \SystemRoot\system32\drivers\uliahci.sys
    0x889D8000 \SystemRoot\system32\drivers\ulsata.sys
    0x8871A000 \SystemRoot\system32\drivers\ulsata2.sys
    0x88746000 \SystemRoot\system32\drivers\vsmraid.sys
    0x88767000 \SystemRoot\system32\drivers\fltmgr.sys
    0x88799000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8856C000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88A03000 \SystemRoot\system32\drivers\ndis.sys
    0x88B0E000 \SystemRoot\system32\drivers\msrpc.sys
    0x88B39000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88C00000 \SystemRoot\System32\drivers\tcpip.sys
    0x88CEA000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88E08000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88F18000 \SystemRoot\system32\drivers\wd.sys
    0x88F20000 \SystemRoot\system32\drivers\volsnap.sys
    0x88F59000 \SystemRoot\System32\Drivers\spldr.sys
    0x88F61000 \SystemRoot\system32\drivers\sbp2port.sys
    0x88F76000 \SystemRoot\System32\Drivers\mup.sys
    0x88F85000 \SystemRoot\System32\drivers\ecache.sys
    0x88FAC000 \SystemRoot\system32\drivers\disk.sys
    0x88FBD000 \SystemRoot\system32\drivers\crcdisk.sys
    0x88FD3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x88FDE000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88FE7000 \SystemRoot\system32\DRIVERS\processr.sys
    0x88FF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x88D05000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x88FC6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x88D18000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x88FD1000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x88D48000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x88E00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x88D53000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x88D5B000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x88D65000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x88DA3000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8C80C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8C899000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8C8B1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8C8BB000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8CA00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8D47E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8D480000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D521000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D60C000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8D754000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8D783000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8D78E000 \SystemRoot\system32\drivers\windrvr6.sys
    0x8D7BE000 \SystemRoot\system32\DRIVERS\bridge.sys
    0x8D7D9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8D7F0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8D52D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8D550000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8D55F000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8D573000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8D588000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8D7FB000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8D598000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8D5C2000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
    0x8D600000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C9B8000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C9C5000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x88DB2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x88DC3000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x88B74000 \SystemRoot\system32\drivers\portcls.sys
    0x88BA1000 \SystemRoot\system32\drivers\drmk.sys
    0x887A9000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8DA03000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8DB06000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8DBBB000 \SystemRoot\system32\drivers\modem.sys
    0x8DBC8000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x8DBE5000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0x88BC6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x88BDD000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8C800000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8DBF9000 \SystemRoot\System32\Drivers\Null.SYS
    0x88DF9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x889F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x887F0000 \SystemRoot\System32\drivers\vga.sys
    0x885DD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x887E7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x883F4000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x807DC000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x807E7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x807F5000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x805E6000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8DC0B000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8DC15000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8DC29000 \SystemRoot\system32\drivers\afd.sys
    0x8DC71000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8DC76000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8DCA8000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8DCBE000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8DCCC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8DCDF000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8DD1B000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8DD25000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8DD3C000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x968E0000 \SystemRoot\System32\win32k.sys
    0x8DD70000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8DD7A000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x96B00000 \SystemRoot\System32\TSDDD.dll
    0x96B20000 \SystemRoot\System32\cdd.dll
    0x8DD89000 \SystemRoot\system32\drivers\luafv.sys
    0x8DDA4000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x8DDDB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x8DDDE000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8200E000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8201E000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x82048000 \SystemRoot\system32\drivers\spsys.sys
    0x820F8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x82102000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x82115000 \SystemRoot\system32\drivers\HTTP.sys
    0x82182000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x8219F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x821B8000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x821CD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9D40D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9D446000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9D45E000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9D486000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9D4EC000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9D4F0000 \SystemRoot\system32\drivers\npf.sys
    0x9D4F7000 \SystemRoot\system32\drivers\peauth.sys
    0x9D5D5000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9D5DF000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9D5EB000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9D5F3000 \SystemRoot\system32\drivers\tdtcp.sys
    0x9D400000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0xA1409000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xA143C000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77B60000 \Windows\System32\ntdll.dll

    Processes (total 54):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    492 csrss.exe
    544 C:\Windows\System32\wininit.exe
    556 csrss.exe
    588 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    760 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\nvvsvc.exe
    848 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    980 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\winlogon.exe
    1192 C:\Windows\System32\audiodg.exe
    1224 C:\Windows\System32\svchost.exe
    1240 C:\Windows\System32\SLsvc.exe
    1284 C:\Windows\System32\svchost.exe
    1340 C:\Windows\System32\nvvsvc.exe
    1476 C:\Windows\System32\svchost.exe
    1612 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1648 C:\Windows\System32\wlanext.exe
    1972 C:\Windows\System32\spoolsv.exe
    1996 C:\Windows\System32\svchost.exe
    432 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    468 C:\Program Files\Bonjour\mDNSResponder.exe
    456 C:\Windows\System32\svchost.exe
    608 C:\Windows\System32\inetsrv\inetinfo.exe
    956 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1388 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2060 C:\Windows\System32\svchost.exe
    2104 C:\Windows\System32\svchost.exe
    2128 C:\Windows\System32\svchost.exe
    2148 C:\Windows\SMINST\BLService.exe
    2208 C:\Windows\System32\TCPSVCS.EXE
    2232 C:\Windows\System32\svchost.exe
    2272 C:\Windows\System32\svchost.exe
    2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2364 C:\Windows\System32\SearchIndexer.exe
    2412 C:\Windows\System32\drivers\XAudio.exe
    2428 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2476 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2504 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3416 C:\Windows\System32\taskeng.exe
    3488 C:\Windows\System32\dwm.exe
    2468 C:\Windows\System32\taskmgr.exe
    2800 C:\Windows\System32\taskeng.exe
    2860 C:\Program Files\Mozilla Firefox\firefox.exe
    3344 C:\Windows\System32\SearchProtocolHost.exe
    1392 C:\Windows\System32\SearchFilterHost.exe
    3936 C:\Users\Maaike new\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 08F21ADD893776C287CC68A3558F8D095B50ED3C


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  2. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    Mbam log

    MBAM log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4910

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    10/22/2010 3:32:57 AM
    mbam-log-2010-10-22 (03-32-57).txt

    Scan type: Quick scan
    Objects scanned: 151955
    Time elapsed: 7 minute(s), 49 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    DDS

    DDS


    DDS (Ver_10-10-21.02) - NTFSx86
    Run by Maaike new at 3:55:17.64 on Fri 10/22/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_20
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.953 [GMT -7:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\SMINST\BLService.exe
    C:\Windows\System32\tcpsvcs.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\Taskmgr.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Maaike new\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = local
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\maaike~1\appdata\roaming\mozilla\firefox\profiles\3436nbe5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\maaike new\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.order.1 - Search
    FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-26 165584]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-26 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-4-26 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
    R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-5-21 361808]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-26 40384]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-9-1 105576]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-10-16 1153368]
    S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\viewpoint\common\viewpointservice.exe" --> c:\program files\viewpoint\common\ViewpointService.exe [?]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]
    S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]
    S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-1-20 11264]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-9-24 268528]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-22 10:19:02 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-10-22 09:46:52 -------- d-----w- c:\users\maaike~1\appdata\local\temp
    2010-10-22 08:54:08 98816 ----a-w- c:\windows\sed.exe
    2010-10-22 08:54:08 77312 ----a-w- c:\windows\MBR.exe
    2010-10-22 08:54:08 256512 ----a-w- c:\windows\PEV.exe
    2010-10-22 08:54:08 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-22 08:40:46 -------- d-----w- C:\_OTL
    2010-10-22 08:26:32 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{ac9e4d4a-b48e-4e1f-bcfe-4e011daa5594}\mpengine.dll
    2010-10-22 05:25:24 -------- d-----w- c:\users\maaike new\DoctorWeb
    2010-10-22 04:35:15 -------- d-----w- c:\users\maaike~1\appdata\roaming\SpaceMonger
    2010-10-22 04:35:15 -------- d-----w- c:\program files\SpaceMonger
    2010-10-22 03:31:08 3063561 ----a-w- c:\progra~2\MobileTV.exe
    2010-10-22 03:31:07 2989660 ----a-w- c:\progra~2\DVD.exe
    2010-10-22 03:31:06 2864396 ----a-w- c:\progra~2\MPV.exe
    2010-10-22 03:31:06 2331174 ----a-w- c:\progra~2\Karaoke.exe
    2010-10-22 03:31:06 2231606 ----a-w- c:\progra~2\Games.exe
    2010-10-22 03:31:05 -------- d-----w- c:\progra~2\ENU
    2010-10-21 19:39:23 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2010-10-21 19:36:54 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
    2010-10-20 23:44:44 -------- d-----w- c:\windows\system32\catroot2
    2010-10-20 19:14:46 -------- d-----w- c:\progra~2\WSTB
    2010-10-19 00:39:44 10240 ----a-w- c:\windows\system32\virport.dll
    2010-10-19 00:27:27 -------- d-----w- C:\swsetup
    2010-10-18 23:46:16 -------- d-----w- c:\users\maaike new\Tracing
    2010-10-18 23:42:13 -------- d-----w- c:\windows\en
    2010-10-18 23:35:33 94040 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\DSETUP.dll
    2010-10-18 23:35:33 525656 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\DXSETUP.exe
    2010-10-18 23:35:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\27a35d351cb6f1d03\dsetup32.dll
    2010-10-18 23:35:25 94040 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\DSETUP.dll
    2010-10-18 23:35:25 525656 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\DXSETUP.exe
    2010-10-18 23:35:25 1691480 ----a-w- c:\program files\common files\windows live\.cache\212316851cb6f1d02\dsetup32.dll
    2010-10-18 23:34:36 -------- d-----w- c:\users\maaike~1\appdata\local\Windows Live
    2010-10-16 07:26:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-16 07:26:18 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-10-15 06:55:15 -------- d-----w- c:\program files\WinPcap
    2010-10-15 06:25:14 -------- d-----w- c:\program files\PFConfig
    2010-10-15 05:21:11 -------- d-----w- c:\program files\XBC
    2010-10-14 03:02:02 -------- d-----w- c:\progra~2\LightScribe
    2010-10-14 01:39:54 -------- d-----w- c:\program files\Nero
    2010-10-13 17:46:23 -------- d-----w- c:\users\maaike~1\appdata\local\Nero
    2010-10-13 17:35:46 -------- d-----w- c:\users\maaike~1\appdata\roaming\NeroDigital(TM)
    2010-10-13 16:54:06 -------- d-----w- c:\users\maaike~1\appdata\local\Nero_AG
    2010-10-13 16:51:25 -------- d-----w- c:\program files\MSXML 4.0
    2010-10-13 07:19:53 -------- d-----w- c:\progra~2\Nero
    2010-10-13 04:48:34 -------- d-----w- c:\windows\system32\DLA
    2010-10-13 02:18:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-13 02:18:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 02:16:59 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-13 02:16:57 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 02:13:00 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-11 19:45:38 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
    2010-10-11 19:45:31 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
    2010-10-11 19:45:19 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
    2010-10-11 19:45:14 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
    2010-10-11 19:44:59 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
    2010-10-11 19:44:48 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
    2010-10-11 19:44:27 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
    2010-10-11 19:10:35 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-11 06:03:34 -------- d-----w- c:\users\maaike~1\appdata\roaming\MozillaControl
    2010-10-11 06:03:21 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
    2010-10-09 02:43:30 -------- d-----w- c:\program files\QWIX
    2010-10-05 17:18:23 -------- d-----w- c:\windows\Freecorder
    2010-10-04 21:05:13 165232 ---ha-w- c:\users\maaike~1\appdata\roaming\microsoft\virtual pc\VPCKeyboard.dll
    2010-09-29 07:26:40 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:26:27 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
    2010-09-24 22:48:11 -------- d-----w- c:\users\maaike~1\appdata\roaming\FlashFXP
    2010-09-24 22:47:49 90112 ----a-w- c:\windows\unvise32.exe
    2010-09-24 22:47:47 -------- d-----w- c:\program files\FlashFXP
    2010-09-24 20:19:16 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 05:26:40 -------- d-----w- c:\progra~2\FlashFXP
    2010-09-24 01:50:13 864256 ----a-w- c:\windows\system32\cg.dll
    2010-09-23 22:51:57 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
    2010-09-23 21:42:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-23 07:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 07:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-23 04:58:39 -------- d-----w- c:\program files\Misc Apps
    2010-09-23 00:01:01 1347344 ----a-w- c:\windows\system32\Msvbvm50.dll

    ==================== Find3M ====================

    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-09-02 05:30:20 8192 ----a-w- c:\windows\system32\streamci.dll
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

    ============= FINISH: 3:55:55.79 ===============
     
  4. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-21.02)

    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/17/2008 5:52:30 PM
    System Uptime: 10/22/2010 3:45:44 AM (0 hours ago)

    Motherboard: Wistron | | 360A
    Processor: AMD Athlon Dual-Core QL-60 | Socket A | 1900/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 102 GiB total, 20.369 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, .013 GiB free.
    E: is CDROM ()
    K: is NetworkDisk (NTFS) - 102 GiB total, 20.369 GiB free.

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP466: 10/18/2010 5:27:57 PM - Device Driver Package Install: Conexant Sound, video and game controllers
    RP467: 10/19/2010 10:09:33 AM - Scheduled Checkpoint
    RP468: 10/19/2010 11:58:50 AM - Windows Update
    RP469: 10/20/2010 5:39:06 PM - Scheduled Checkpoint
    RP470: 10/22/2010 1:12:55 AM - Restore Operation
    RP471: 10/22/2010 1:26:05 AM - Windows Update

    ==== Installed Programs ======================

    "Nero SoundTrax Help
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.5
    Adobe Shockwave Player
    Adobe Shockwave Player 11.5
    Advertising Center
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    Blu-ray Disc Authoring Plug-in
    Bonjour
    Broadcom 802.11 Wireless LAN Adapter
    CCleaner
    Character Builder
    Command & Conquer Generals
    Command and ConquerTM Generals Zero Hour
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink YouCam
    D3DX10
    DolbyFiles
    DTS Plug-in
    Duplicate Music Files Finder 1.5.5
    erLT
    FlashFXP v3.2.0 (Build 1080) Scene Edition
    GearDrvs
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Doc Viewer
    HP DVD Play 3.7
    HP User Guides 0110
    HP Wireless Assistant
    HPNetworkAssistant
    HPTCSSetup
    ImagXpress
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) 6 Update 5
    K-Lite Codec Pack 4.0.0 (Full)
    LightScribe System Software
    Malwarebytes' Anti-Malware
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.5
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher 2007
    Microsoft Office Publisher 2007 Trial
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Primary Interoperability Assemblies 2005
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Microsoft Xbox 360 Accessories 1.2
    Mobile Broadband Generic Drivers
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.11)
    mp3PRO Plug-in
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9
    Nero BackItUp 4
    Nero BurningROM
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero CoverDesigner Help
    Nero Disc Copy Gadget
    Nero Disc Copy Gadget Help
    Nero DiscSpeed
    Nero DriveSpeed
    Nero Express
    Nero InfoTool
    Nero Installer
    Nero Live
    Nero Live Help
    Nero Move it
    Nero PhotoSnap
    Nero PhotoSnap Help
    Nero Recode
    Nero Recode Help
    Nero Rescue Agent
    Nero RescueAgent Help
    Nero ShowTime
    Nero StartSmart
    Nero StartSmart Help
    Nero Vision
    Nero WaveEditor
    Nero WaveEditor Help
    NeroBurningROM
    NeroExpress
    neroxml
    NVIDIA Display Control Panel
    NVIDIA Drivers
    OGA Notifier 2.0.0048.0
    PeaZip 2.9.1
    PVSonyDll
    QuickTime
    Realtek USB 2.0 Card Reader
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB982312)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Segoe UI
    Sonic Activation Module
    SoundTrax
    SpaceMonger 2.1.1
    Spybot - Search & Destroy
    Synaptics Pointing Device Driver
    The Battle for Middle-earth (tm) II
    Unlocker 1.9.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Mobile Device Updater Component
    WinPcap 4.1.2
    XBC 5.1
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Messenger
    Yahoo! Software Update
    Zune
    Zune Language Pack (DEU)
    Zune Language Pack (ESP)
    Zune Language Pack (FRA)
    Zune Language Pack (ITA)
    Zune Language Pack (NLD)
    Zune Language Pack (PTB)
    Zune Language Pack (PTG)

    ==== End Of File ===========================
     
  5. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    GMER stops working.

    gmer gets as far as my ntsc drive then it scans shadowcopy something and it stops working.
     
  6. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    56 views no reply? guys did i do something wrong?
     
  7. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    We're all volunteers around here.
    We work, we sleep, we eat and we have private lives too.
    Bumping your topic won't speed up anything.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  8. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    i must apologize for my seeming impatient, i didnt realize the time frame refreshed after every post and i saw others on the page between an hour and ten minutes that were active, thought i was being ignored because of a mistake i made, deepest apologies broni.

    Good news is my desktop is working again, here is the log.

    ComboFix 10-10-22.03 - Maaike new 10/22/2010 18:44:43.3.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.1125 [GMT -7:00]
    Running from: c:\users\Maaike new\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    Infected copy of c:\windows\explorer.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
    .

    2010-10-23 01:53 . 2010-10-23 01:55 -------- d-----w- c:\users\Maaike new\AppData\Local\temp
    2010-10-23 01:53 . 2010-10-23 01:53 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2010-10-23 01:53 . 2010-10-23 01:53 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-22 20:01 . 2010-10-23 01:32 -------- d-----w- c:\users\Maaike new\AppData\Local\QuickPlay
    2010-10-22 19:47 . 2010-10-22 19:47 -------- d-----w- c:\program files\ESET
    2010-10-22 08:40 . 2010-10-22 08:40 -------- d-----w- C:\_OTL
    2010-10-22 08:26 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC9E4D4A-B48E-4E1F-BCFE-4E011DAA5594}\mpengine.dll
    2010-10-22 05:25 . 2010-10-22 07:19 -------- d-----w- c:\users\Maaike new\DoctorWeb
    2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\program files\SpaceMonger
    2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\users\Maaike new\AppData\Roaming\SpaceMonger
    2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\users\Maaike new\AppData\Roaming\HP
    2010-10-22 03:31 . 2010-10-22 03:31 3063561 ----a-w- c:\programdata\MobileTV.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2989660 ----a-w- c:\programdata\DVD.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2864396 ----a-w- c:\programdata\MPV.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2331174 ----a-w- c:\programdata\Karaoke.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2231606 ----a-w- c:\programdata\Games.exe
    2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\programdata\ENU
    2010-10-21 19:39 . 2009-01-12 23:50 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2010-10-21 19:36 . 2007-03-14 03:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-10-20 23:44 . 2010-10-20 23:48 -------- d-----w- c:\windows\system32\catroot2
    2010-10-20 22:46 . 2010-10-20 22:46 -------- d-----w- c:\users\Maaike new\AppData\Roaming\DAEMON Tools
    2010-10-20 19:14 . 2010-10-20 19:14 -------- d-----w- c:\programdata\WSTB
    2010-10-19 00:39 . 2003-09-16 08:19 10240 ----a-w- c:\windows\system32\virport.dll
    2010-10-19 00:27 . 2010-10-19 00:27 -------- d-----w- C:\swsetup
    2010-10-18 23:46 . 2010-10-19 00:44 -------- d-----w- c:\users\Maaike new\Tracing
    2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\windows\en
    2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DSETUP.dll
    2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DXSETUP.exe
    2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\dsetup32.dll
    2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DSETUP.dll
    2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DXSETUP.exe
    2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\dsetup32.dll
    2010-10-18 23:34 . 2010-10-19 03:26 -------- d-----w- c:\users\Maaike new\AppData\Local\Windows Live
    2010-10-16 07:26 . 2010-10-22 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-10-16 07:26 . 2010-10-16 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-15 06:55 . 2010-10-15 06:55 -------- d-----w- c:\program files\WinPcap
    2010-10-15 06:25 . 2010-10-15 08:23 -------- d-----w- c:\program files\PFConfig
    2010-10-15 05:21 . 2010-10-16 20:33 -------- d-----w- c:\program files\XBC
    2010-10-14 03:02 . 2010-10-14 03:02 -------- d-----w- c:\programdata\LightScribe
    2010-10-14 01:39 . 2010-10-14 01:52 -------- d-----w- c:\program files\Nero
    2010-10-14 01:39 . 2010-10-14 02:07 -------- d-----w- c:\program files\Common Files\Nero
    2010-10-13 17:46 . 2010-10-13 17:46 -------- d-----w- c:\users\Maaike new\AppData\Local\Nero
    2010-10-13 16:51 . 2010-10-13 16:51 -------- d-----w- c:\program files\MSXML 4.0
    2010-10-13 08:02 . 2010-10-14 22:33 -------- d-----w- c:\users\Maaike new\AppData\Roaming\Nero
    2010-10-13 07:19 . 2010-10-14 07:38 -------- d-----w- c:\programdata\Nero
    2010-10-13 04:48 . 2010-10-13 08:15 -------- d-----w- c:\windows\system32\DLA
    2010-10-13 04:48 . 2010-10-13 04:48 -------- d-----w- c:\programdata\InstallShield
    2010-10-13 02:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 02:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 02:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-13 02:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 02:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
    2010-10-11 19:10 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-11 06:03 . 2010-10-20 21:54 -------- d-----w- c:\users\Maaike new\AppData\Roaming\MozillaControl
    2010-10-11 06:03 . 2010-10-11 06:03 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
    2010-10-09 02:43 . 2010-10-09 02:58 -------- d-----w- c:\program files\QWIX
    2010-10-05 17:18 . 2010-10-05 17:18 -------- d-----w- c:\windows\Freecorder
    2010-10-04 21:05 . 2010-10-06 05:08 165232 ---ha-w- c:\users\Maaike new\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2010-09-29 07:26 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:26 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-24 22:48 . 2010-09-24 22:48 -------- d-----w- c:\users\Maaike new\AppData\Roaming\FlashFXP
    2010-09-24 22:47 . 2003-03-16 08:15 90112 ----a-w- c:\windows\unvise32.exe
    2010-09-24 22:47 . 2010-09-24 22:48 -------- d-----w- c:\program files\FlashFXP
    2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 05:26 . 2010-09-24 05:26 -------- d-----w- c:\programdata\FlashFXP
    2010-09-24 01:50 . 2004-01-24 09:35 864256 ----a-w- c:\windows\system32\cg.dll
    2010-09-23 22:51 . 2010-09-23 22:52 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
    2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-23 04:58 . 2010-10-02 20:35 -------- d-----w- c:\program files\Misc Apps

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 18:41 . 2010-08-27 22:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-07 15:12 . 2010-09-03 05:20 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-04-27 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-04-27 04:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-04-27 04:03 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-04-27 04:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-04-27 04:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2010-04-27 04:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 05:30 . 2010-09-02 05:30 8192 ----a-w- c:\windows\system32\streamci.dll
    2010-08-17 14:11 . 2010-09-15 16:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-10-03 18:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2009-03-11 03:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
    2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
    "EnableNotificationsRef"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    FF - ProfilePath - c:\users\Maaike new\AppData\Roaming\Mozilla\Firefox\Profiles\3436nbe5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Maaike new\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.order.1 - Search
    FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-22 18:55
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk30]
    "ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
    "ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SMINST\BLService.exe
    c:\windows\System32\tcpsvcs.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-22 19:02:04 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-23 02:02
    ComboFix2.txt 2010-10-22 09:46

    Pre-Run: 20,616,597,504 bytes free
    Post-Run: 20,558,077,952 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - D2FD9374F6687875F11598E4CAAD8486
     
  9. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Good news :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\system32\Drivers\PsSdk30.drv
    
    Driver::
    PsSdk30
    
    Registry::
    [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PsSdk30]
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  10. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    ran it and it rebooted, whats next?

    ComboFix 10-10-22.03 - Maaike new 10/22/2010 22:11:56.4.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1790.924 [GMT -7:00]
    Running from: c:\users\Maaike new\Desktop\ComboFix.exe
    Command switches used :: c:\users\Maaike new\Desktop\cfscript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    FILE ::
    "c:\windows\system32\Drivers\PsSdk30.drv"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PSSDK30
    -------\Service_PsSdk30


    ((((((((((((((((((((((((( Files Created from 2010-09-23 to 2010-10-23 )))))))))))))))))))))))))))))))
    .

    2010-10-23 05:21 . 2010-10-23 05:21 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
    2010-10-23 05:21 . 2010-10-23 05:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-23 02:02 . 2010-10-23 05:24 -------- d-----w- c:\users\Maaike new\AppData\Local\temp
    2010-10-22 20:01 . 2010-10-23 01:32 -------- d-----w- c:\users\Maaike new\AppData\Local\QuickPlay
    2010-10-22 19:47 . 2010-10-22 19:47 -------- d-----w- c:\program files\ESET
    2010-10-22 08:40 . 2010-10-22 08:40 -------- d-----w- C:\_OTL
    2010-10-22 08:26 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC9E4D4A-B48E-4E1F-BCFE-4E011DAA5594}\mpengine.dll
    2010-10-22 05:25 . 2010-10-22 07:19 -------- d-----w- c:\users\Maaike new\DoctorWeb
    2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\program files\SpaceMonger
    2010-10-22 04:35 . 2010-10-22 04:35 -------- d-----w- c:\users\Maaike new\AppData\Roaming\SpaceMonger
    2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\users\Maaike new\AppData\Roaming\HP
    2010-10-22 03:31 . 2010-10-22 03:31 3063561 ----a-w- c:\programdata\MobileTV.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2989660 ----a-w- c:\programdata\DVD.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2864396 ----a-w- c:\programdata\MPV.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2331174 ----a-w- c:\programdata\Karaoke.exe
    2010-10-22 03:31 . 2010-10-22 03:31 2231606 ----a-w- c:\programdata\Games.exe
    2010-10-22 03:31 . 2010-10-22 03:31 -------- d-----w- c:\programdata\ENU
    2010-10-21 19:39 . 2009-01-12 23:50 44544 ----a-w- c:\windows\system32\msxml4a.dll
    2010-10-21 19:36 . 2007-03-14 03:54 610436 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
    2010-10-20 23:44 . 2010-10-20 23:48 -------- d-----w- c:\windows\system32\catroot2
    2010-10-20 22:46 . 2010-10-20 22:46 -------- d-----w- c:\users\Maaike new\AppData\Roaming\DAEMON Tools
    2010-10-20 19:14 . 2010-10-20 19:14 -------- d-----w- c:\programdata\WSTB
    2010-10-19 00:39 . 2003-09-16 08:19 10240 ----a-w- c:\windows\system32\virport.dll
    2010-10-19 00:27 . 2010-10-19 00:27 -------- d-----w- C:\swsetup
    2010-10-18 23:46 . 2010-10-19 00:44 -------- d-----w- c:\users\Maaike new\Tracing
    2010-10-18 23:42 . 2010-10-18 23:42 -------- d-----w- c:\windows\en
    2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DSETUP.dll
    2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\DXSETUP.exe
    2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\27a35d351cb6f1d03\dsetup32.dll
    2010-10-18 23:35 . 2010-10-18 23:35 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DSETUP.dll
    2010-10-18 23:35 . 2010-10-18 23:35 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\DXSETUP.exe
    2010-10-18 23:35 . 2010-10-18 23:35 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\212316851cb6f1d02\dsetup32.dll
    2010-10-18 23:34 . 2010-10-19 03:26 -------- d-----w- c:\users\Maaike new\AppData\Local\Windows Live
    2010-10-16 07:26 . 2010-10-22 04:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2010-10-16 07:26 . 2010-10-16 07:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2010-10-15 06:55 . 2010-10-15 06:55 -------- d-----w- c:\program files\WinPcap
    2010-10-15 06:25 . 2010-10-15 08:23 -------- d-----w- c:\program files\PFConfig
    2010-10-15 05:21 . 2010-10-16 20:33 -------- d-----w- c:\program files\XBC
    2010-10-14 03:02 . 2010-10-14 03:02 -------- d-----w- c:\programdata\LightScribe
    2010-10-14 01:39 . 2010-10-14 01:52 -------- d-----w- c:\program files\Nero
    2010-10-14 01:39 . 2010-10-14 02:07 -------- d-----w- c:\program files\Common Files\Nero
    2010-10-13 17:46 . 2010-10-13 17:46 -------- d-----w- c:\users\Maaike new\AppData\Local\Nero
    2010-10-13 16:51 . 2010-10-13 16:51 -------- d-----w- c:\program files\MSXML 4.0
    2010-10-13 08:02 . 2010-10-14 22:33 -------- d-----w- c:\users\Maaike new\AppData\Roaming\Nero
    2010-10-13 07:19 . 2010-10-14 07:38 -------- d-----w- c:\programdata\Nero
    2010-10-13 04:48 . 2010-10-13 08:15 -------- d-----w- c:\windows\system32\DLA
    2010-10-13 04:48 . 2010-10-13 04:48 -------- d-----w- c:\programdata\InstallShield
    2010-10-13 02:18 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-13 02:18 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-13 02:16 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
    2010-10-13 02:16 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-10-13 02:13 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
    2010-10-11 19:45 . 2010-10-11 19:45 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\de-DE
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\fr-FR
    2010-10-11 19:44 . 2010-10-11 19:44 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
    2010-10-11 19:10 . 2009-07-27 15:00 1547776 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2010-10-11 06:03 . 2010-10-20 21:54 -------- d-----w- c:\users\Maaike new\AppData\Roaming\MozillaControl
    2010-10-11 06:03 . 2010-10-11 06:03 -------- d-----w- c:\program files\Mozilla ActiveX Control v1.7.12
    2010-10-09 02:43 . 2010-10-09 02:58 -------- d-----w- c:\program files\QWIX
    2010-10-05 17:18 . 2010-10-05 17:18 -------- d-----w- c:\windows\Freecorder
    2010-10-04 21:05 . 2010-10-06 05:08 165232 ---ha-w- c:\users\Maaike new\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2010-09-29 07:26 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-29 07:26 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
    2010-09-24 22:48 . 2010-09-24 22:48 -------- d-----w- c:\users\Maaike new\AppData\Roaming\FlashFXP
    2010-09-24 22:47 . 2003-03-16 08:15 90112 ----a-w- c:\windows\unvise32.exe
    2010-09-24 22:47 . 2010-09-24 22:48 -------- d-----w- c:\program files\FlashFXP
    2010-09-24 20:19 . 2010-09-24 20:19 444656 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
    2010-09-24 05:26 . 2010-09-24 05:26 -------- d-----w- c:\programdata\FlashFXP
    2010-09-24 01:50 . 2004-01-24 09:35 864256 ----a-w- c:\windows\system32\cg.dll
    2010-09-23 22:51 . 2010-09-23 22:52 4818944 ----a-w- c:\windows\system32\ZeroGS.dll
    2010-09-23 21:42 . 2010-09-23 21:42 95672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-23 07:47 . 2010-09-23 07:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-23 07:32 . 2010-09-23 07:32 301936 ----a-w- c:\windows\WLXPGSS.SCR

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 18:41 . 2010-08-27 22:49 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-PT\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6144 ----a-w- c:\windows\system32\drivers\UMDF\pt-BR\ZuneDriver.dll.mui
    2010-09-24 20:25 . 2010-09-24 20:25 6656 ----a-w- c:\windows\system32\drivers\UMDF\nl-NL\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\it-IT\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\fr-FR\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6656 ----a-w- c:\windows\system32\drivers\UMDF\es-ES\ZuneDriver.dll.mui
    2010-09-24 20:24 . 2010-09-24 20:24 6144 ----a-w- c:\windows\system32\drivers\UMDF\de-DE\ZuneDriver.dll.mui
    2010-09-24 19:14 . 2010-09-24 19:14 6144 ----a-w- c:\windows\system32\drivers\UMDF\en-US\ZuneDriver.dll.mui
    2010-09-07 15:12 . 2010-09-03 05:20 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-04-27 04:01 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-04-27 04:03 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-04-27 04:03 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-04-27 04:03 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-04-27 04:03 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2010-04-27 04:03 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-02 05:30 . 2010-09-02 05:30 8192 ----a-w- c:\windows\system32\streamci.dll
    2010-08-17 14:11 . 2010-09-15 16:27 128000 ----a-w- c:\windows\system32\spoolsv.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-24 09:15 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    2006-10-03 18:35 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2006-10-03 18:37 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
    2009-06-17 19:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 17:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
    2009-03-11 03:19 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-02-18 18:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
    2007-12-24 22:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
    2010-07-04 19:51 17408 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
    2009-10-01 00:57 718688 ----a-w- c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
    2010-09-24 20:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
    "EnableNotificationsRef"=dword:00000001

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    bthsvcs REG_MULTI_SZ BthServ

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2384137
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: {9413BA3A-A0B2-4CC4-ADC4-83F057A8DA10} = 68.105.28.11
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    FF - ProfilePath - c:\users\Maaike new\AppData\Roaming\Mozilla\Firefox\Profiles\3436nbe5.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - prefs.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: c:\users\Maaike new\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.search.order.1 - Search
    FF - user.js: keyword.URL - hxxp://search.fast-find.net/?sid=10101067100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
    "ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\WLANExt.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\inetsrv\inetinfo.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\SMINST\BLService.exe
    c:\windows\System32\tcpsvcs.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\program files\Windows Media Player\wmpnscfg.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\wbem\unsecapp.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-22 22:30:40 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-23 05:30
    ComboFix2.txt 2010-10-23 02:02
    ComboFix3.txt 2010-10-22 09:46

    Pre-Run: 20,665,585,664 bytes free
    Post-Run: 20,360,196,096 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - D9195B4217F85DDCAD9E17A3C98C08E7
     
  11. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    It looks good now :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  12. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Compaq Presario CQ50 Notebook PC
    Logical Drives Mask: 0x0000041c

    Kernel Drivers (total 199):
    0x82A34000 \SystemRoot\system32\ntkrnlpa.exe
    0x82A01000 \SystemRoot\system32\hal.dll
    0x8040E000 \SystemRoot\system32\kdcom.dll
    0x80415000 \SystemRoot\system32\PSHED.dll
    0x80426000 \SystemRoot\system32\BOOTVID.dll
    0x8042E000 \SystemRoot\system32\CLFS.SYS
    0x8046F000 \SystemRoot\system32\CI.dll
    0x8054F000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80609000 \SystemRoot\system32\drivers\acpi.sys
    0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80660000 \SystemRoot\system32\drivers\pci.sys
    0x80687000 \SystemRoot\system32\drivers\isapnp.sys
    0x80696000 \SystemRoot\system32\drivers\mpio.sys
    0x806B2000 \SystemRoot\System32\drivers\partmgr.sys
    0x806C1000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x806C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806CE000 \SystemRoot\system32\drivers\volmgr.sys
    0x806DD000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80727000 \SystemRoot\system32\drivers\intelide.sys
    0x8072E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8073C000 \SystemRoot\system32\drivers\pciide.sys
    0x80743000 \SystemRoot\system32\drivers\aliide.sys
    0x8074A000 \SystemRoot\system32\drivers\amdide.sys
    0x80751000 \SystemRoot\system32\drivers\cmdide.sys
    0x80759000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80769000 \SystemRoot\system32\drivers\msdsm.sys
    0x80783000 \SystemRoot\system32\drivers\nvraid.sys
    0x8079E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807BF000 \SystemRoot\system32\drivers\viaide.sys
    0x88205000 \SystemRoot\system32\drivers\iastorv.sys
    0x882A6000 \SystemRoot\system32\drivers\atapi.sys
    0x882AE000 \SystemRoot\system32\drivers\ataport.SYS
    0x882CC000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x882E6000 \SystemRoot\system32\drivers\storport.sys
    0x88327000 \SystemRoot\system32\drivers\nvstor.sys
    0x88334000 \SystemRoot\system32\drivers\hpcisss.sys
    0x8833F000 \SystemRoot\system32\drivers\adp94xx.sys
    0x883A9000 \SystemRoot\system32\drivers\adpahci.sys
    0x807C7000 \SystemRoot\system32\drivers\adpu160m.sys
    0x805CE000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x88405000 \SystemRoot\system32\drivers\adpu320.sys
    0x8842B000 \SystemRoot\system32\drivers\djsvs.sys
    0x8843F000 \SystemRoot\system32\drivers\arc.sys
    0x88455000 \SystemRoot\system32\drivers\arcsas.sys
    0x8846B000 \SystemRoot\system32\drivers\elxstor.sys
    0x884FF000 \SystemRoot\system32\drivers\i2omp.sys
    0x88509000 \SystemRoot\system32\drivers\iirsp.sys
    0x88519000 \SystemRoot\system32\drivers\iteatapi.sys
    0x88525000 \SystemRoot\system32\drivers\iteraid.sys
    0x88531000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x8854B000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x88563000 \SystemRoot\system32\drivers\megasas.sys
    0x88609000 \SystemRoot\system32\drivers\megasr.sys
    0x886C0000 \SystemRoot\system32\drivers\mraid35x.sys
    0x886CB000 \SystemRoot\system32\drivers\msahci.sys
    0x886D5000 \SystemRoot\system32\drivers\nfrd960.sys
    0x8880D000 \SystemRoot\system32\drivers\ql2300.sys
    0x88945000 \SystemRoot\system32\drivers\ql40xx.sys
    0x8899A000 \SystemRoot\system32\drivers\sisraid2.sys
    0x889A7000 \SystemRoot\system32\drivers\sisraid4.sys
    0x889BC000 \SystemRoot\system32\drivers\symc8xx.sys
    0x889C8000 \SystemRoot\system32\drivers\sym_hi.sys
    0x889D3000 \SystemRoot\system32\drivers\sym_u3.sys
    0x886E3000 \SystemRoot\system32\drivers\uliahci.sys
    0x889DE000 \SystemRoot\system32\drivers\ulsata.sys
    0x8871F000 \SystemRoot\system32\drivers\ulsata2.sys
    0x8874B000 \SystemRoot\system32\drivers\vsmraid.sys
    0x8876C000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8879E000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8856D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88A05000 \SystemRoot\system32\drivers\ndis.sys
    0x88B10000 \SystemRoot\system32\drivers\msrpc.sys
    0x88B3B000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88C0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x88CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88E0A000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88F1A000 \SystemRoot\system32\drivers\wd.sys
    0x88F22000 \SystemRoot\system32\drivers\volsnap.sys
    0x88F5B000 \SystemRoot\System32\Drivers\spldr.sys
    0x88F63000 \SystemRoot\system32\drivers\sbp2port.sys
    0x88F78000 \SystemRoot\System32\Drivers\mup.sys
    0x88F87000 \SystemRoot\System32\drivers\ecache.sys
    0x88FAE000 \SystemRoot\system32\drivers\disk.sys
    0x88FBF000 \SystemRoot\system32\drivers\crcdisk.sys
    0x88FD5000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x88FE0000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88FE9000 \SystemRoot\system32\DRIVERS\processr.sys
    0x88E00000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x88D13000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x88FC8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x88D26000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x88FD3000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x88D56000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x88FF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x88D61000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x88D69000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x88D73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x88DB1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8CA00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x8CA8D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8CAA5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8CAAF000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8D00B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8DA89000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8DA8B000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8DB2C000 \SystemRoot\System32\drivers\watchdog.sys
    0x8DC0F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8DD57000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8DD86000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8DD91000 \SystemRoot\system32\drivers\windrvr6.sys
    0x8DDC1000 \SystemRoot\system32\DRIVERS\bridge.sys
    0x8DDDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8DDF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8DB38000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8DC00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8DB5B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8DB6F000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8DB84000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DDFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8DB94000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8DBBE000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
    0x8D000000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8CBAC000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8CBB9000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8CBEE000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x88DC0000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x88B76000 \SystemRoot\system32\drivers\portcls.sys
    0x88BA3000 \SystemRoot\system32\drivers\drmk.sys
    0x887AE000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8E008000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8E10B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8E1C0000 \SystemRoot\system32\drivers\modem.sys
    0x8E1CD000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x8E1EA000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0x88BC8000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x88BDF000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x88DF6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8E000000 \SystemRoot\System32\Drivers\Null.SYS
    0x8DBF9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x88800000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x88C00000 \SystemRoot\System32\drivers\vga.sys
    0x885DE000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x887EC000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x807E2000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x887F5000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x88600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x883F5000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x807F2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x80400000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x80600000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8E20E000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8E224000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8E22E000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8E242000 \SystemRoot\system32\drivers\afd.sys
    0x8E28A000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8E28F000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8E2C1000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8E2D7000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8E2E5000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8E2F8000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8E334000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8E33E000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E355000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x8E37C000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x94C90000 \SystemRoot\System32\win32k.sys
    0x8E3C4000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8E3CE000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94EB0000 \SystemRoot\System32\TSDDD.dll
    0x94ED0000 \SystemRoot\System32\cdd.dll
    0x8E3DD000 \SystemRoot\system32\drivers\luafv.sys
    0x99E0E000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x99E45000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x99E48000 \SystemRoot\system32\drivers\WudfPf.sys
    0x99E62000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x99E72000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x99E9C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x99EA6000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x99EB9000 \SystemRoot\system32\drivers\spsys.sys
    0x99F69000 \SystemRoot\system32\drivers\HTTP.sys
    0x99FD6000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9D805000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9D81E000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D833000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9D852000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9D88B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9D8A3000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9D8CB000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9D931000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9D935000 \SystemRoot\system32\drivers\npf.sys
    0x9F40D000 \SystemRoot\system32\drivers\peauth.sys
    0x9F4EB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9F4F5000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9F501000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9F509000 \SystemRoot\system32\drivers\tdtcp.sys
    0x9F514000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x9F520000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x77450000 \Windows\System32\ntdll.dll

    Processes (total 68):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    500 csrss.exe
    552 csrss.exe
    560 C:\Windows\System32\wininit.exe
    596 C:\Windows\System32\services.exe
    616 C:\Windows\System32\lsass.exe
    624 C:\Windows\System32\lsm.exe
    764 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\nvvsvc.exe
    856 C:\Windows\System32\svchost.exe
    900 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1076 C:\Windows\System32\winlogon.exe
    1124 C:\Windows\System32\audiodg.exe
    1228 C:\Windows\System32\svchost.exe
    1248 C:\Windows\System32\SLsvc.exe
    1276 C:\Windows\System32\svchost.exe
    1364 C:\Windows\System32\nvvsvc.exe
    1512 C:\Windows\System32\svchost.exe
    1624 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1644 C:\Windows\System32\wlanext.exe
    1996 C:\Windows\System32\spoolsv.exe
    2020 C:\Windows\System32\svchost.exe
    460 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    12 C:\Program Files\Bonjour\mDNSResponder.exe
    588 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\inetsrv\inetinfo.exe
    1116 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1424 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2072 C:\Windows\System32\svchost.exe
    2116 C:\Windows\System32\svchost.exe
    2136 C:\Windows\System32\svchost.exe
    2152 C:\Windows\SMINST\BLService.exe
    2228 C:\Windows\System32\TCPSVCS.EXE
    2260 C:\Windows\System32\svchost.exe
    2432 C:\Windows\System32\svchost.exe
    2448 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2496 C:\Windows\System32\SearchIndexer.exe
    2540 C:\Windows\System32\drivers\XAudio.exe
    2564 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2612 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2716 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2940 C:\Windows\System32\taskeng.exe
    2960 C:\Windows\System32\dwm.exe
    3084 C:\Windows\explorer.exe
    3320 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3396 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3704 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    676 C:\Windows\System32\wbem\unsecapp.exe
    2844 WmiPrvSE.exe
    1140 C:\Windows\System32\sdclt.exe
    3204 C:\Windows\System32\svchost.exe
    3496 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3840 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2084 C:\Windows\System32\taskeng.exe
    1892 C:\Windows\System32\rundll32.exe
    2796 C:\Windows\System32\sdclt.exe
    3264 C:\Windows\System32\SearchProtocolHost.exe
    1660 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1860 C:\Program Files\uTorrent\uTorrent.exe
    5332 C:\Program Files\Mozilla Firefox\firefox.exe
    4720 taskeng.exe
    4628 C:\Users\Maaike new\Desktop\MBRCheck.exe
    2548 C:\Windows\System32\SearchFilterHost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Unknown MBR code
    SHA1: 6BEF951E1A91096CB282C94F18162CE6C4B1837E


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  13. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    MBR seems to be infected.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  14. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Premium Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: Wistron
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: Compaq Presario CQ50 Notebook PC
    Logical Drives Mask: 0x0000041c

    Kernel Drivers (total 199):
    0x82A0B000 \SystemRoot\system32\ntkrnlpa.exe
    0x82DC4000 \SystemRoot\system32\hal.dll
    0x80401000 \SystemRoot\system32\kdcom.dll
    0x80408000 \SystemRoot\system32\PSHED.dll
    0x80419000 \SystemRoot\system32\BOOTVID.dll
    0x80421000 \SystemRoot\system32\CLFS.SYS
    0x80462000 \SystemRoot\system32\CI.dll
    0x80542000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x805B3000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80609000 \SystemRoot\system32\drivers\acpi.sys
    0x8064F000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x80658000 \SystemRoot\system32\drivers\msisadrv.sys
    0x80660000 \SystemRoot\system32\drivers\pci.sys
    0x80687000 \SystemRoot\system32\drivers\isapnp.sys
    0x80696000 \SystemRoot\system32\drivers\mpio.sys
    0x806B2000 \SystemRoot\System32\drivers\partmgr.sys
    0x806C1000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x806C4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x806CE000 \SystemRoot\system32\drivers\volmgr.sys
    0x806DD000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80727000 \SystemRoot\system32\drivers\intelide.sys
    0x8072E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x8073C000 \SystemRoot\system32\drivers\pciide.sys
    0x80743000 \SystemRoot\system32\drivers\aliide.sys
    0x8074A000 \SystemRoot\system32\drivers\amdide.sys
    0x80751000 \SystemRoot\system32\drivers\cmdide.sys
    0x80759000 \SystemRoot\System32\drivers\mountmgr.sys
    0x80769000 \SystemRoot\system32\drivers\msdsm.sys
    0x80783000 \SystemRoot\system32\drivers\nvraid.sys
    0x8079E000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x807BF000 \SystemRoot\system32\drivers\viaide.sys
    0x8820B000 \SystemRoot\system32\drivers\iastorv.sys
    0x882AC000 \SystemRoot\system32\drivers\atapi.sys
    0x882B4000 \SystemRoot\system32\drivers\ataport.SYS
    0x882D2000 \SystemRoot\system32\drivers\lsi_scsi.sys
    0x882EC000 \SystemRoot\system32\drivers\storport.sys
    0x8832D000 \SystemRoot\system32\drivers\nvstor.sys
    0x8833A000 \SystemRoot\system32\drivers\hpcisss.sys
    0x88345000 \SystemRoot\system32\drivers\adp94xx.sys
    0x883AF000 \SystemRoot\system32\drivers\adpahci.sys
    0x807C7000 \SystemRoot\system32\drivers\adpu160m.sys
    0x805C1000 \SystemRoot\system32\drivers\SCSIPORT.SYS
    0x88400000 \SystemRoot\system32\drivers\adpu320.sys
    0x88426000 \SystemRoot\system32\drivers\djsvs.sys
    0x8843A000 \SystemRoot\system32\drivers\arc.sys
    0x88450000 \SystemRoot\system32\drivers\arcsas.sys
    0x88466000 \SystemRoot\system32\drivers\elxstor.sys
    0x884FA000 \SystemRoot\system32\drivers\i2omp.sys
    0x88504000 \SystemRoot\system32\drivers\iirsp.sys
    0x88514000 \SystemRoot\system32\drivers\iteatapi.sys
    0x88520000 \SystemRoot\system32\drivers\iteraid.sys
    0x8852C000 \SystemRoot\system32\drivers\lsi_fc.sys
    0x88546000 \SystemRoot\system32\drivers\lsi_sas.sys
    0x8855E000 \SystemRoot\system32\drivers\megasas.sys
    0x8860E000 \SystemRoot\system32\drivers\megasr.sys
    0x886C5000 \SystemRoot\system32\drivers\mraid35x.sys
    0x886D0000 \SystemRoot\system32\drivers\msahci.sys
    0x886DA000 \SystemRoot\system32\drivers\nfrd960.sys
    0x88808000 \SystemRoot\system32\drivers\ql2300.sys
    0x88940000 \SystemRoot\system32\drivers\ql40xx.sys
    0x88995000 \SystemRoot\system32\drivers\sisraid2.sys
    0x889A2000 \SystemRoot\system32\drivers\sisraid4.sys
    0x889B7000 \SystemRoot\system32\drivers\symc8xx.sys
    0x889C3000 \SystemRoot\system32\drivers\sym_hi.sys
    0x889CE000 \SystemRoot\system32\drivers\sym_u3.sys
    0x886E8000 \SystemRoot\system32\drivers\uliahci.sys
    0x889D9000 \SystemRoot\system32\drivers\ulsata.sys
    0x88724000 \SystemRoot\system32\drivers\ulsata2.sys
    0x88750000 \SystemRoot\system32\drivers\vsmraid.sys
    0x88771000 \SystemRoot\system32\drivers\fltmgr.sys
    0x887A3000 \SystemRoot\system32\drivers\fileinfo.sys
    0x88568000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x88A01000 \SystemRoot\system32\drivers\ndis.sys
    0x88B0C000 \SystemRoot\system32\drivers\msrpc.sys
    0x88B37000 \SystemRoot\system32\drivers\NETIO.SYS
    0x88C0E000 \SystemRoot\System32\drivers\tcpip.sys
    0x88CF8000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x88E02000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x88F12000 \SystemRoot\system32\drivers\wd.sys
    0x88F1A000 \SystemRoot\system32\drivers\volsnap.sys
    0x88F53000 \SystemRoot\System32\Drivers\spldr.sys
    0x88F5B000 \SystemRoot\system32\drivers\sbp2port.sys
    0x88F70000 \SystemRoot\System32\Drivers\mup.sys
    0x88F7F000 \SystemRoot\System32\drivers\ecache.sys
    0x88FA6000 \SystemRoot\system32\drivers\disk.sys
    0x88FB7000 \SystemRoot\system32\drivers\crcdisk.sys
    0x88FCD000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x88FD8000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x88FE1000 \SystemRoot\system32\DRIVERS\processr.sys
    0x88FF0000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x88D13000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x88FC0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x88D26000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x88FCB000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x88D56000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x88FF9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x88D61000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x88D69000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x88D73000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x88DB1000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x88B72000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x88DC0000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x88DD8000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
    0x8C804000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
    0x8CC00000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x8D67E000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x8D680000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8D721000 \SystemRoot\System32\drivers\watchdog.sys
    0x8DA0F000 \SystemRoot\system32\DRIVERS\bcmwl6.sys
    0x8DB57000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8DB86000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8DB91000 \SystemRoot\system32\drivers\windrvr6.sys
    0x8DBC1000 \SystemRoot\system32\DRIVERS\bridge.sys
    0x8DBDC000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8DBF3000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8D72D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8DA00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8D750000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8D764000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8D779000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8DBFE000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8D789000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8D7B3000 \SystemRoot\system32\DRIVERS\NWADIenum.sys
    0x8D7EE000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C901000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8C90E000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8C943000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8C954000 \SystemRoot\system32\drivers\CHDRT32.sys
    0x8C98A000 \SystemRoot\system32\drivers\portcls.sys
    0x8C9B7000 \SystemRoot\system32\drivers\drmk.sys
    0x887B3000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
    0x8DC0A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8DD0D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8DDC2000 \SystemRoot\system32\drivers\modem.sys
    0x8DDCF000 \SystemRoot\system32\drivers\nvhda32v.sys
    0x8DDEC000 \SystemRoot\system32\drivers\RTSTOR.SYS
    0x8DC00000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8C9DC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8D7F8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x88DE2000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8C9EC000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x885D9000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x8C9F4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x88DF9000 \SystemRoot\System32\Drivers\Null.SYS
    0x88C00000 \SystemRoot\System32\Drivers\Beep.SYS
    0x88600000 \SystemRoot\System32\drivers\vga.sys
    0x8E005000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8E026000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8E02E000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8E036000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8E041000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8E04F000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x8E058000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8E06E000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8E078000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8E08C000 \SystemRoot\system32\drivers\afd.sys
    0x8E0D4000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8E0D9000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8E10B000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8E121000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8E12F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8E142000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8E17E000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8E188000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E19F000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x96A60000 \SystemRoot\System32\win32k.sys
    0x8E1D3000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8E1DD000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x96C80000 \SystemRoot\System32\TSDDD.dll
    0x96CA0000 \SystemRoot\System32\cdd.dll
    0x807E2000 \SystemRoot\system32\drivers\luafv.sys
    0x9B205000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x9B23C000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x9B23F000 \SystemRoot\system32\drivers\WudfPf.sys
    0x9B259000 \SystemRoot\system32\drivers\spsys.sys
    0x9B309000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x9B319000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x9B343000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x9B34D000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9B360000 \SystemRoot\system32\drivers\HTTP.sys
    0x9B3CD000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x805E7000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x9B3EA000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x9D20F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9D22E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x9D267000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9D27F000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9D2A7000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9D30D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0x9D311000 \SystemRoot\system32\drivers\npf.sys
    0x9D318000 \SystemRoot\system32\drivers\peauth.sys
    0x9D3F6000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9D200000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9D2F5000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0x9D2FD000 \SystemRoot\system32\drivers\tdtcp.sys
    0x8E1EC000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0xA2C04000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0xA2C37000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77C20000 \Windows\System32\ntdll.dll

    Processes (total 66):
    0 System Idle Process
    4 System
    424 C:\Windows\System32\smss.exe
    492 csrss.exe
    544 C:\Windows\System32\wininit.exe
    556 csrss.exe
    588 C:\Windows\System32\services.exe
    604 C:\Windows\System32\lsass.exe
    612 C:\Windows\System32\lsm.exe
    764 C:\Windows\System32\svchost.exe
    820 C:\Windows\System32\nvvsvc.exe
    848 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\svchost.exe
    940 C:\Windows\System32\svchost.exe
    972 C:\Windows\System32\svchost.exe
    984 C:\Windows\System32\svchost.exe
    1060 C:\Windows\System32\winlogon.exe
    1108 C:\Windows\System32\audiodg.exe
    1212 C:\Windows\System32\svchost.exe
    1232 C:\Windows\System32\SLsvc.exe
    1276 C:\Windows\System32\svchost.exe
    1344 C:\Windows\System32\nvvsvc.exe
    1504 C:\Windows\System32\svchost.exe
    1616 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1624 C:\Windows\System32\wlanext.exe
    1980 C:\Windows\System32\spoolsv.exe
    2004 C:\Windows\System32\svchost.exe
    436 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    456 C:\Program Files\Bonjour\mDNSResponder.exe
    496 C:\Windows\System32\svchost.exe
    832 C:\Windows\System32\inetsrv\inetinfo.exe
    1224 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    1512 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    580 C:\Windows\System32\svchost.exe
    2084 C:\Windows\System32\svchost.exe
    2104 C:\Windows\System32\svchost.exe
    2124 C:\Windows\SMINST\BLService.exe
    2184 C:\Windows\System32\TCPSVCS.EXE
    2232 C:\Windows\System32\svchost.exe
    2276 C:\Windows\System32\svchost.exe
    2296 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
    2352 C:\Windows\System32\SearchIndexer.exe
    2408 C:\Windows\System32\drivers\XAudio.exe
    2436 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
    2472 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    2564 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    3468 C:\Windows\System32\dwm.exe
    3484 C:\Windows\System32\taskeng.exe
    3560 C:\Windows\explorer.exe
    3660 C:\Windows\System32\mobsync.exe
    3784 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3808 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    3908 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3920 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    2620 C:\Windows\System32\wbem\unsecapp.exe
    1192 WmiPrvSE.exe
    2068 C:\Program Files\Windows Media Player\wmpnscfg.exe
    3944 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3396 C:\Windows\System32\taskeng.exe
    2772 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    1136 C:\Program Files\uTorrent\uTorrent.exe
    3648 C:\Program Files\Mozilla Firefox\firefox.exe
    3520 C:\Windows\System32\SearchProtocolHost.exe
    3936 C:\Windows\System32\SearchFilterHost.exe
    3420 C:\Users\Maaike new\Desktop\MBRCheck.exe
    1700 WmiPrvSE.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000019`7e000000 (NTFS)

    PhysicalDrive0 Model Number: TOSHIBAMK1246GSX, Rev: LB214C

    Size Device Name MBR Status
    --------------------------------------------
    111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  15. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Looks good :)

    How is computer doing at the moment?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    running great, what was with the master boot? it was infected? computer booted fine before that. what did changing the mbr do? just curious. and ive been cleaning up the computer, clearing up space and such. getting rid of old files, junk i dont use any more. runs better than new lol.

    OTL

    OTL logfile created on: 10/23/2010 3:39:55 PM - Run 1
    OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Maaike new\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1780 1780 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
    Drive D: | 84.94 Mb Total Space | 71.38 Mb Free Space | 84.03% Space Free | Partition Type: NTFS
    Drive K: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

    Computer Name: PORTABLEKENOBI | User Name: Maaike new | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
    PRC - [2010/10/12 14:58:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/01 10:17:48 | 005,252,408 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () -- C:\Windows\SMINST\BLService.exe
    PRC - [2008/01/20 19:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
    MOD - [2010/08/31 08:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
    SRV - File not found [Auto | Stopped] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
    SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
    SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehsched.exe -- (ehSched)
    SRV - File not found [Unknown | Stopped] -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr)
    SRV - [2010/09/24 13:19:16 | 000,444,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
    SRV - [2010/09/24 13:19:16 | 000,268,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm)
    SRV - [2010/09/24 13:19:08 | 006,351,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/06/25 10:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008/04/25 16:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\Windows\SMINST\BLService.exe -- (Recovery Service for Windows)
    SRV - [2008/01/20 19:25:08 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
    SRV - [2008/01/20 19:25:07 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
    SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbaapl.sys -- (USBAAPL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - File not found [2010/10/21 12:40:50] [Kernel | Auto | Stopped] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/07/09 15:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2010/06/25 10:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
    DRV - [2010/06/21 15:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/09/09 18:24:14 | 000,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xusb21.sys -- (xusb21)
    DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/04/10 21:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
    DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
    DRV - [2008/10/23 02:16:28 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
    DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
    DRV - [2008/07/03 10:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
    DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
    DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
    DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser.sys -- (NWUSBPort)
    DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
    DRV - [2008/04/24 15:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
    DRV - [2008/04/21 20:59:04 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
    DRV - [2008/04/17 14:07:46 | 000,203,776 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
    DRV - [2008/04/17 11:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2008/01/29 06:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
    DRV - [2008/01/20 19:23:49 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UMPass)
    DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
    DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
    DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2008/01/20 19:23:22 | 000,521,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xnacc.sys -- (xnacc)
    DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2008/01/20 19:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
    DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2007/11/01 08:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/11/01 08:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
    DRV - [2007/11/01 08:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/07/11 10:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
    DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
    DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2384137
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultthis.engineName: "Freecorder Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.order.1: "Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
    FF - prefs.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

    FF - user.js..browser.search.order.1: "Search"
    FF - user.js..keyword.URL: "http://search.fast-find.net/?sid=10101067100&s="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/23 11:04:11 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 15:41:31 | 000,000,000 | ---D | M]

    [2010/07/30 03:53:56 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Extensions
    [2009/04/19 15:05:47 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
    [2010/10/22 23:10:55 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions
    [2010/07/31 18:42:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/26 11:58:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/08/17 17:37:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Maaike new\AppData\Roaming\mozilla\Firefox\Profiles\3436nbe5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/20 15:41:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/20 08:33:42 | 000,002,209 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\websearch.xml

    O1 HOSTS File: ([2010/10/22 22:24:00 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {44990B00-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlcm.cab (Symantec Configuration Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Maaike new\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Maaike new\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/05/21 04:43:32 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3acm - ac3acm.acm File not found
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - lameACM.acm File not found
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/10/23 15:38:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
    [2010/10/23 15:35:31 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Yahoo
    [2010/10/23 11:19:00 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2010/10/23 11:19:00 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2010/10/23 11:18:59 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2010/10/23 11:18:59 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
    [2010/10/23 11:18:59 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
    [2010/10/23 11:18:59 | 000,000,000 | ---D | C] -- C:\ProgramData\ENU
    [2010/10/22 22:47:20 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Temp
    [2010/10/22 22:24:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/10/22 22:21:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/10/22 22:10:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/10/22 13:01:42 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\QuickPlay
    [2010/10/22 03:13:32 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe
    [2010/10/22 01:54:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/22 01:54:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/22 01:54:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/22 01:54:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/21 21:35:15 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\SpaceMonger
    [2010/10/21 21:35:15 | 000,000,000 | ---D | C] -- C:\Program Files\SpaceMonger
    [2010/10/21 20:31:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\HP
    [2010/10/20 23:03:53 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\Nero Recode
    [2010/10/20 16:44:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\catroot2
    [2010/10/20 12:14:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WSTB
    [2010/10/20 12:14:19 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
    [2010/10/18 18:32:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\My Received Files
    [2010/10/18 17:27:27 | 000,000,000 | ---D | C] -- C:\swsetup
    [2010/10/18 16:46:16 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Tracing
    [2010/10/18 16:42:13 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2010/10/18 16:34:36 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Windows Live
    [2010/10/16 00:26:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/10/16 00:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/10/14 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
    [2010/10/14 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\PFConfig
    [2010/10/14 22:21:11 | 000,000,000 | ---D | C] -- C:\Program Files\XBC
    [2010/10/14 00:58:28 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\Documents\NeroVision
    [2010/10/13 20:02:02 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
    [2010/10/13 18:39:54 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
    [2010/10/13 18:39:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
    [2010/10/13 10:46:23 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Nero
    [2010/10/13 10:35:46 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\NeroDigital(TM)
    [2010/10/13 09:54:06 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Local\Nero_AG
    [2010/10/13 09:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
    [2010/10/13 01:02:25 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\Nero
    [2010/10/13 00:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
    [2010/10/12 21:48:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\DLA
    [2010/10/12 21:48:20 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
    [2010/10/11 14:57:03 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
    [2010/10/10 23:03:34 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\MozillaControl
    [2010/10/10 23:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
    [2010/10/08 19:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\QWIX
    [2010/10/05 10:18:23 | 000,000,000 | ---D | C] -- C:\Windows\Freecorder
    [2010/09/24 15:48:11 | 000,000,000 | ---D | C] -- C:\Users\Maaike new\AppData\Roaming\FlashFXP
    [2010/09/24 15:47:49 | 000,090,112 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
    [2010/09/24 15:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\FlashFXP
    [2010/09/23 22:26:40 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
    [1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
    [2010/10/23 15:32:06 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2010/10/23 15:32:05 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2010/10/23 14:54:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/23 14:54:28 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/23 14:48:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/10/23 13:35:48 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2010/10/23 12:17:02 | 073,422,295 | ---- | M] () -- C:\Users\Maaike new\Desktop\XBMC.rar
    [2010/10/23 11:31:41 | 008,097,823 | ---- | M] () -- C:\Users\Maaike new\Desktop\Mirran.pdf
    [2010/10/23 11:19:00 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2010/10/23 11:19:00 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2010/10/23 11:19:00 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2010/10/23 11:18:59 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
    [2010/10/23 11:18:59 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
    [2010/10/22 22:24:00 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/22 18:36:45 | 003,883,811 | R--- | M] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
    [2010/10/22 03:13:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe
    [2010/10/21 22:05:32 | 000,383,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/21 21:35:19 | 000,000,004 | ---- | M] () -- C:\Windows\System32\wnsm2i.rdb
    [2010/10/21 21:34:55 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/10/20 15:41:35 | 000,001,708 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/20 15:41:35 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/10/18 16:36:56 | 000,044,032 | ---- | M] () -- C:\Users\Maaike new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/15 23:57:35 | 000,016,465 | ---- | M] () -- C:\Users\Maaike new\Desktop\GamesBeat.docx
    [2010/10/14 22:48:44 | 000,001,581 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\XBC 5.1.lnk
    [2010/10/13 21:53:35 | 000,000,386 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Downloads - Shortcut.lnk
    [2010/10/13 18:53:00 | 000,004,767 | ---- | M] () -- C:\Windows\Irremote.ini
    [2010/10/12 21:48:35 | 000,000,120 | ---- | M] () -- C:\Windows\wininit.ini
    [2010/10/11 12:42:24 | 000,000,798 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk
    [2010/10/08 23:25:31 | 000,000,732 | ---- | M] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Qwix.exe - Shortcut.lnk
    [2010/09/27 14:55:47 | 000,000,000 | -H-- | M] () -- C:\Users\Maaike new\Documents\Default.rdp
    [2010/09/23 22:08:44 | 000,149,504 | ---- | M] () -- C:\Users\Maaike new\AppData\Roaming\SharedSettings.ccs
    [2010/09/23 15:52:02 | 004,818,944 | ---- | M] () -- C:\Windows\System32\ZeroGS.dll
    [1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/10/23 11:57:08 | 073,422,295 | ---- | C] () -- C:\Users\Maaike new\Desktop\XBMC.rar
    [2010/10/23 11:24:49 | 000,013,576 | ---- | C] () -- C:\Windows\System32\wnaspi32.dll
    [2010/10/22 01:54:08 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/22 01:54:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/22 01:54:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/22 01:54:08 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/22 01:54:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/22 01:52:03 | 003,883,811 | R--- | C] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
    [2010/10/21 21:35:19 | 000,000,004 | ---- | C] () -- C:\Windows\System32\wnsm2i.rdb
    [2010/10/21 20:31:05 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
    [2010/10/21 12:40:49 | 000,000,246 | ---- | C] () -- C:\ProgramData\hpqp.ini
    [2010/10/18 18:43:59 | 008,097,823 | ---- | C] () -- C:\Users\Maaike new\Desktop\Mirran.pdf
    [2010/10/18 17:39:44 | 000,010,240 | ---- | C] () -- C:\Windows\System32\virport.dll
    [2010/10/14 22:48:44 | 000,001,581 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\XBC 5.1.lnk
    [2010/10/13 21:53:35 | 000,000,386 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Downloads - Shortcut.lnk
    [2010/10/13 18:53:00 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
    [2010/10/13 10:45:22 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2010/10/12 21:48:34 | 000,000,120 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/10/11 12:42:24 | 000,000,798 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk
    [2010/10/08 23:25:31 | 000,000,732 | ---- | C] () -- C:\Users\Maaike new\Application Data\Microsoft\Internet Explorer\Quick Launch\Qwix.exe - Shortcut.lnk
    [2010/09/27 14:55:47 | 000,000,000 | -H-- | C] () -- C:\Users\Maaike new\Documents\Default.rdp
    [2010/09/23 15:51:57 | 004,818,944 | ---- | C] () -- C:\Windows\System32\ZeroGS.dll
    [2010/09/08 16:59:23 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
    [2010/08/21 10:16:09 | 000,149,504 | ---- | C] () -- C:\Users\Maaike new\AppData\Roaming\SharedSettings.ccs
    [2010/06/25 10:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
    [2010/05/01 15:41:25 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2009/12/28 23:56:34 | 000,020,203 | ---- | C] () -- C:\Users\Maaike new\AppData\Roaming\UserTile.png
    [2009/09/10 19:27:52 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/05/06 21:02:42 | 000,044,032 | ---- | C] () -- C:\Users\Maaike new\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/06/17 18:30:21 | 000,203,605 | ---- | C] () -- C:\ProgramData\nvModes.001
    [2008/06/17 18:29:53 | 000,203,605 | ---- | C] () -- C:\ProgramData\nvModes.dat
    [2008/05/21 04:58:55 | 000,009,870 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

    ========== LOP Check ==========

    [2010/07/23 03:19:39 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\AnvSoft
    [2010/09/24 15:48:11 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\FlashFXP
    [2009/10/25 15:37:07 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Image Zone Express
    [2010/10/22 22:45:12 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\My Battle for Middle-earth(tm) II Files
    [2010/10/22 22:45:00 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\My The Lord of the Rings, The Rise of the Witch-king Files
    [2010/09/02 00:48:13 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\PeaZip
    [2009/12/28 23:56:32 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\PeerNetworking
    [2009/10/25 15:37:06 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Printer Info Cache
    [2010/10/21 21:35:15 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\SpaceMonger
    [2009/06/07 21:38:33 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\Template
    [2010/10/23 13:51:07 | 000,000,000 | ---D | M] -- C:\Users\Maaike new\AppData\Roaming\uTorrent
    [2010/10/23 14:48:31 | 000,032,576 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2008/05/21 04:43:32 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 23:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2007/09/01 00:03:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/09/01 00:03:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/10/23 14:54:15 | 1866,465,280 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2010/07/13 01:41:37 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
    [2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/09/23 00:32:56 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2009/10/25 13:30:40 | 000,001,650 | -H-- | M] () -- C:\Users\Maaike new\AppData\Roaming\Microsoft\LastFlashConfig.WFC

    < %PROGRAMFILES%\*.* >
    [2010/10/22 01:08:48 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >
     
  17. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    < %systemroot%\System32\config\*.sav >
    [2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/10/04 12:57:05 | 000,000,286 | -HS- | M] () -- C:\Users\Maaike new\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/22 18:36:45 | 003,883,811 | R--- | M] () -- C:\Users\Maaike new\Desktop\ComboFix.exe
    [2010/10/23 15:38:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\OTL.exe
    [2010/10/22 03:13:33 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Maaike new\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/04/16 00:14:49 | 000,000,402 | -HS- | M] () -- C:\Users\Maaike new\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/05/02 20:48:11 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2010/10/23 11:19:00 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
    [2010/10/23 11:18:59 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
    [2010/10/21 21:34:55 | 000,000,246 | ---- | M] () -- C:\ProgramData\hpqp.ini
    [2010/10/23 11:18:59 | 000,000,021 | ---- | M] () -- C:\ProgramData\hpqp.txt
    [2010/07/29 22:48:19 | 000,009,870 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2010/10/23 11:18:59 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
    [2010/10/23 11:19:00 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
    [2010/10/23 11:19:00 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
    [2010/10/23 15:32:05 | 000,203,605 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2003/09/16 01:19:48 | 000,099,544 | ---- | M] () -- C:\Windows\inf\virprn.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  18. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    OTL Extras logfile created on: 10/23/2010 3:39:55 PM - Run 1
    OTL by OldTimer - Version 3.2.17.0 Folder = C:\Users\Maaike new\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): c:\pagefile.sys 1780 1780 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS
    Drive D: | 84.94 Mb Total Space | 71.38 Mb Free Space | 84.03% Space Free | Partition Type: NTFS
    Drive K: | 111.70 Gb Total Space | 49.16 Gb Free Space | 44.01% Space Free | Partition Type: NTFS

    Computer Name: PORTABLEKENOBI | User Name: Maaike new | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [+ Add to separate archive(s)] -- "C:\Program Files\PeaZip\PEAZIP.EXE" "-add2archive" "%1" (Giorgio Tani)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [SpaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-892784856-3761668139-1273789937-1001]
    "EnableNotifications" = 0
    "EnableNotificationsRef" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DisableUnicastResponsesToMulticastBroadcast" = 0
    "DefaultOutboundAction" = 0
    "DefaultInboundAction" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\FlashFXP 4\FlashFXP.exe" = C:\Program Files\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
    "C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\flashfxp.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{02BD8F69-944B-48A6-83DB-3A52A3661DE3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{03207C88-D31E-4A8E-B040-97F03668163B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{07313C63-8EB2-4FEC-B638-B6D22E0329DE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{0AD10145-2E23-41A3-8FAB-ED8CA802A285}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{14A6791B-1793-4B1E-B39B-101A1ADEF110}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{16D7A249-17E8-4793-BFD4-69A4B6E54BBA}" = lport=137 | protocol=17 | dir=in | app=system |
    "{1F6DE53D-457A-4F44-8F8B-9E8362AA1186}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{21FCC2B0-2DD0-4319-8720-A771E6DA3572}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{2794D5D4-E154-4EF6-BDF2-326D592499EC}" = rport=10244 | protocol=6 | dir=out | app=system |
    "{3154CBD8-A236-43C4-A57F-DF1E2CEA71CE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3CD9951B-57FE-4568-8769-655AB8DB4E5B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{40F79696-E922-4E4F-B676-5B64BD5ACD6E}" = rport=139 | protocol=6 | dir=out | app=system |
    "{46D103D3-0312-4403-A1A7-B45D75C2F615}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5BBE5665-4E8D-409C-9B30-3BE053F68934}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{5EE52E36-D920-473A-97FF-7E7C4B68E250}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{60127447-B5ED-4E17-8235-35855E22BB99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6A16C96D-5BB3-4C25-B086-2F5C6FC5E78F}" = lport=10244 | protocol=6 | dir=in | app=system |
    "{6A45ABBE-E283-489D-BA19-285BD67D95F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{78BF31B5-DE5D-4263-A137-68554E75DE6D}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{9037C71A-480E-4F16-A873-B0339AC36005}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{9278158F-11BF-4415-98F3-01FA2B31CE17}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{9514ACE7-A630-40A1-9008-AD1D806327DB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A1F74819-DE2A-4322-961A-2219E46C11CE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{A445FB5D-D8B3-4DF8-B9E9-3287F161D97C}" = rport=138 | protocol=17 | dir=out | app=system |
    "{A9A0BA6E-615F-4457-805D-85F4F3F001D2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
    "{AA007A72-8B56-4049-85C7-2DABBBB411C3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{AC3C6D99-EA48-485E-9C74-76B67EB3BCA0}" = lport=445 | protocol=6 | dir=in | app=system |
    "{AD104385-81A1-47E5-8582-9BAAD7CB61C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{B77E7ED8-9B59-4E60-8DC9-7C4703C3975E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B8673089-467D-4B8B-81E9-0F03FBA34605}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
    "{B8839957-627A-4EE0-AA64-41D29F7B8131}" = lport=3390 | protocol=6 | dir=in | app=system |
    "{BBEEA5CD-1646-41F7-BF4A-14BC65FC5298}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{C0840FAA-8429-4F50-A695-69517DBD4C93}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{C2CFE9FB-497B-4632-A8FA-3D3699E3CC10}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
    "{DFD73A44-F5BE-46C7-A704-133B7F4F15C0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{E20F67C9-309C-4B98-AA71-85B78690C607}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{E2E5FD99-844B-4E9F-9FC8-50AF7621D042}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F561FFE8-18EF-4C78-9ADD-8E6B80F1B7EA}" = rport=445 | protocol=6 | dir=out | app=system |
    "{FB5632DE-7F24-4C4F-AA05-F880051F5215}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{FBB292A4-3E8F-4C3B-A84B-ED6263580BF1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FD4CC61A-E540-4A60-9D2B-725A5F259E9D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{FE97DDB4-35D3-4A0F-B49A-AEEBBAB2C21A}" = rport=10244 | protocol=6 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0B6DF9C2-8E8C-4DC7-BF6D-86F2D2A0CDCC}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{11FAC98B-07B7-4897-9238-0A7D0724E677}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{13FEA82B-0958-409D-AFEC-49E02697C28B}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{151D7915-0330-416A-B8E4-A440372E8B58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{178B0134-8C01-4537-9FF0-E8B78CB006FE}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
    "{1A835D96-3E1C-4566-939E-6D9A10FA1658}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
    "{1B9321C2-E57C-4623-BB4B-ECFC2762A478}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{1D61EE0C-7A8B-4D30-AAF8-C3B5D67F0466}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{1FAF85D1-1F45-4650-805C-FCD56910853B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{21B42689-154F-47F5-AAAD-9D67595FE968}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqscnvw.exe |
    "{22457A56-49D4-4D20-8EB7-FF12EB075DDE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{232A3524-F4AB-4B0E-8C8A-3415FD0D4AB6}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{24795094-40F3-47C7-90A5-5DB566C4D4E0}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{2BEEE16E-AF90-48AB-B5F2-71474508332F}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{3641CCDC-9A23-411C-AC9A-C04A65022111}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{37378ADE-804F-43DC-9068-0E69B805889C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{441E92A6-7575-4DED-BB38-1022DC7423CC}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
    "{46FCA0CF-8C85-421C-9C5D-433ACE549C04}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{50D5A8EC-2A93-44A2-A8C6-FB735C53F575}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{56BFD211-F7B8-4A27-8BCC-41F2118B8FF6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
    "{5732A5B9-9009-4F32-8279-9530EE17ABC9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{607D9938-D865-4FCB-94B5-101257E4DB57}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{6103756F-779B-434D-818C-1E23654B6FCD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
    "{65C2C8DF-478B-439E-828A-4A8C82CD4E7A}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{694D94CE-948D-4764-A40A-D59320D92563}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{6EDE8188-8BBD-4AFB-A6DA-3F6A2380E2E7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{71D79B3E-8C7B-4338-9C4C-90382A72CE3A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{814D3A5E-BBB5-4198-B821-22097DD08B45}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{8BFFEA41-0FAE-414D-B1A8-1D6557906E1E}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
    "{8CDAF72F-DDF8-49B8-9938-CB90D421F96A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
    "{8DA3ED4F-DD65-4E24-9C9D-0F91932799F7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
    "{919D64DE-1EB2-4E4E-B2BC-1E84A2921A3D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{91F5984A-E9A9-4C38-8FAE-9C89E91A66EF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{94293264-00EF-43B8-9B9C-405E26EE692F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{9B640BCB-752B-48D3-BFBE-F41A9B7BED8F}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
    "{9C00A8F2-2BA9-48B4-9257-BDD1C08672BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
    "{9CA359CF-DA43-4815-BAED-20CB40EB8F47}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
    "{A22A7FB6-332F-4D1B-B1AE-55C07EF67498}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
    "{A3D34019-E183-4ACC-89D1-4B7ED5A6F3CE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{A63828C1-1DA2-4F12-B982-41CE1A8C3FF4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
    "{A968EC38-C598-4222-8E18-F4CE07118F75}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{AB2A9E2E-5FB5-4140-908C-003957FFA628}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{ADB5C1FE-C679-41F9-A9D2-7C5DA1DC6BB7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{B0995169-4881-45FB-8F78-65005EC1DC34}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{B38487D6-9345-4D94-9A08-BE8131701EC6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
    "{B5C56636-A6AC-4BB2-91DB-B20344E2C922}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{BAB8AC9B-30D9-47E6-A070-2E7FD9A2DE06}" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
    "{BD638788-49CF-4778-9C7D-4613E50ED809}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{BDE98A76-9742-467F-B75A-167CBD28EC09}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{C1F66127-7A94-4CB4-B203-FB2A31896002}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{C3C84FFE-F4FA-486B-BB0A-53521D3FEA19}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
    "{C6DFF93D-9AE3-4E37-BC83-1BBC973F07A6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
    "{CC72EA14-7D0C-4C52-939E-49A40860A351}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{CD801948-C60E-4F03-98DF-BA5472F1A38B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{CE836FC9-7E9E-4FE4-821F-A8506D015133}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{DE1771E7-0362-4643-94D7-82035A071016}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{E30E59D5-4608-4B9C-B5B0-4C95B4679921}" = protocol=17 | dir=in | app=c:\program files\electronic arts\the battle for middle-earth (tm) ii\game.dat |
    "{E8A160F0-43F9-4B5D-B80A-3782E088E25E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
    "{E916765D-EAE0-4CA6-AF88-D84578BE9610}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{EA63AF70-F23E-4E43-91B3-FD0AB27840B3}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{EC427A51-8954-48A6-8FD1-858AC0F9D76A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{EFD70EC9-32CE-4264-A813-767A691D9CD6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
    "{F1E0D979-A082-43C6-952E-6CFF498BCE72}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
    "{F3D89977-6E6C-4758-9691-40768AA78D85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
    "{F7E71D54-3192-4CF8-88CD-D4E715D77D9C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{FA8C248A-4D8A-40B4-B641-381F38DFE3F6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
    "{FE6E5CEC-7F1D-4966-A782-D97BE2DDEB52}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{28E92612-3043-455F-86EB-207B767794CA}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
    "TCP Query User{36BA4E43-0D89-4198-ADF7-266E34879A9E}C:\program files\xbc\nexbc.exe" = protocol=6 | dir=in | app=c:\program files\xbc\nexbc.exe |
    "TCP Query User{6BA31AE3-035C-4796-A2E3-313EEFAAF238}C:\program files\flashfxp\flashfxp.exe" = protocol=6 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
    "TCP Query User{A0E004EC-F258-4032-BA83-C07CBCCCEECF}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{AD568DCD-B05D-4F4E-B0D5-6F5B1F30A3DD}C:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=6 | dir=in | app=c:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
    "TCP Query User{BBFE1471-85F6-4430-8DB6-D633610D4BB2}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "TCP Query User{D92A30CC-C4A7-46A1-AA8F-DE57B96DC15E}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat" = protocol=6 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
    "TCP Query User{E5E93E45-8D1E-4352-B36F-5250A6965AC4}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
    "TCP Query User{F95FA369-82A9-4367-A032-6C11724CA625}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{138C5C6E-C75F-4863-8D04-AFF3A9D06744}C:\program files\flashfxp\flashfxp.exe" = protocol=17 | dir=in | app=c:\program files\flashfxp\flashfxp.exe |
    "UDP Query User{75C5B4D0-C566-4006-9C73-B51F314757DD}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "UDP Query User{7D37105E-7D6A-4B35-AF6E-C5363469EF47}C:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat" = protocol=17 | dir=in | app=c:\program files\electronic arts\the lord of the rings, the rise of the witch-king\game.dat |
    "UDP Query User{99B07A92-2707-4386-862A-2DA38838D292}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
    "UDP Query User{D0CABE57-49AD-4923-B4FF-859FD192EF8B}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
    "UDP Query User{D4FC6E88-B9E3-43BC-9D88-B42AF8F542C2}C:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe" = protocol=17 | dir=in | app=c:\users\maaike new\downloads\[pc] halo 2 xp + vista [rip] [dopeman]\h2\halo 2\halo2.exe |
    "UDP Query User{DED5B048-DE37-410E-A1E7-39EBB884DCFA}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
    "UDP Query User{E9C1636E-8434-4673-AA04-9B2BDEB899DE}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "UDP Query User{F0834B64-0930-467A-B334-CEB0394F6B8F}C:\program files\xbc\nexbc.exe" = protocol=17 | dir=in | app=c:\program files\xbc\nexbc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
    "{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
    "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
    "{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
    "{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
    "{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
    "{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
    "{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15dbe5c4-86bc-418c-b19f-8c5b7cd0e2c5}" = Nero Move it
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
    "{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
    "{22985a19-a829-4101-94c3-a6b75a797a3d}" = mp3PRO Plug-in
    "{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
    "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 20
    "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component
    "{2cd639b0-0587-4397-a63b-1089df039187}" = Nero BackItUp 4
    "{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
    "{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
    "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
    "{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
    "{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
    "{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1" = PeaZip 2.9.1
    "{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
    "{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
    "{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
    "{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
    "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
    "{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{626C034B-50B8-47BD-AF93-EEFD0FA78FF4}" = Character Builder
    "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
    "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
    "{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
    "{766621ad-de53-48db-a681-5e697e112a69}" = Nero 9
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
    "{7B2ADCB5-3F3D-478A-90A9-A8C04EF82BF6}" = Mobile Broadband Generic Drivers
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{825880ef-d767-4b3e-8fef-9afb219061ed}" = DTS Plug-in
    "{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
    "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
    "{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
    "{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
    "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
    "{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
    "{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
    "{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B640E7CC-7091-4A24-AE76-2140065D2054}" = HP User Guides 0110
    "{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
    "{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
    "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
    "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
    "{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
    "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
    "{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
    "{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
    "{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
    "{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
    "{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ece4ff2c-c412-4755-bd39-5d775e5da3b6}" = Blu-ray Disc Authoring Plug-in
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
    "{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
    "{FA3B34BE-4246-4062-90A3-34CBBEA12B72}" = HPTCSSetup
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast5" = avast! Free Antivirus
    "Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
    "CCleaner" = CCleaner
    "CNXT_AUDIO_HDA" = Conexant HD Audio
    "CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
    "Duplicate Music Files Finder_is1" = Duplicate Music Files Finder 1.5.5
    "FlashFXP v3.2.0 (Build 1080) Scene Edition" = FlashFXP v3.2.0 (Build 1080) Scene Edition
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
    "Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "PUBLISHERR" = Microsoft Office Publisher 2007 Trial
    "SpaceMonger" = SpaceMonger 2.1.1
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Unlocker" = Unlocker 1.9.0
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.1.2
    "XBC 5.1" = XBC 5.1
    "Yahoo! Messenger" = Yahoo! Messenger
    "Yahoo! Software Update" = Yahoo! Software Update
    "Zune" = Zune

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "uTorrent" = µTorrent
    "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/23/2010 2:32:10 AM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 10/23/2010 4:19:04 AM | Computer Name = PortableKenobi | Source = Application Error | ID = 1000
    Description = Faulting application NeroExpress.exe, version 9.0.9.100, time stamp
    0x48d36d6b, faulting module AdvrCntr4.dll, version 1.2.2.0, time stamp 0x48c69512,
    exception code 0xc0000005, fault offset 0x000b05ea, process id 0xdd4, application
    start time 0x01cb728aeead27a6.

    Error - 10/23/2010 2:02:43 PM | Computer Name = PortableKenobi | Source = WinMgmt | ID = 10
    Description =

    Error - 10/23/2010 2:12:53 PM | Computer Name = PortableKenobi | Source = Application Error | ID = 1000
    Description = Faulting application Nero.exe, version 9.0.9.100, time stamp 0x48d36d6b,
    faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821, exception
    code 0xc0000005, fault offset 0x0004a4df, process id 0xc20, application start time
    0x01cb72dddfd86fd2.

    Error - 10/23/2010 2:22:01 PM | Computer Name = PortableKenobi | Source = VSS | ID = 8194
    Description =

    Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 10/23/2010 2:22:33 PM | Computer Name = PortableKenobi | Source = Microsoft-Windows-CAPI2 | ID = 131585
    Description =

    Error - 10/23/2010 4:53:22 PM | Computer Name = PortableKenobi | Source = WinMgmt | ID = 10
    Description =

    [ Media Center Events ]
    Error - 4/30/2009 12:26:49 AM | Computer Name = Maaikes | Source = MCUpdate | ID = 0
    Description =

    Error - 8/20/2009 7:28:24 PM | Computer Name = Maaikes | Source = MCUpdate | ID = 0
    Description =

    Error - 9/5/2009 3:31:59 AM | Computer Name = Maaike_laptop | Source = MCUpdate | ID = 0
    Description =

    Error - 2/5/2010 3:07:40 PM | Computer Name = Maaike_laptop | Source = MCUpdate | ID = 0
    Description =

    Error - 7/13/2010 9:53:02 PM | Computer Name = PortableKenobi | Source = Mcx2Dvcs | ID = 401
    Description =

    Error - 7/13/2010 10:15:10 PM | Computer Name = PortableKenobi | Source = McrMgr | ID = 109
    Description =

    [ System Events ]
    Error - 6/14/2009 1:48:17 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
    Description =

    Error - 6/14/2009 2:12:14 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
    Description =

    Error - 6/14/2009 2:24:15 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
    Description =

    Error - 6/14/2009 2:36:16 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
    Description =

    Error - 6/14/2009 10:18:33 AM | Computer Name = Maaikes | Source = bowser | ID = 8003
    Description =

    Error - 6/15/2009 12:16:54 AM | Computer Name = Maaikes | Source = Dhcp | ID = 1002
    Description = The IP address lease 192.168.1.101 for the Network Card with network
    address 0021003311B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server
    sent a DHCPNACK message).

    Error - 6/15/2009 4:26:17 AM | Computer Name = Maaikes | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:23:37 AM on 6/15/2009 was unexpected.

    Error - 6/15/2009 4:26:19 AM | Computer Name = Maaikes | Source = HTTP | ID = 15016
    Description =

    Error - 6/15/2009 6:14:18 PM | Computer Name = Maaikes | Source = EventLog | ID = 6008
    Description = The previous system shutdown at 1:27:08 AM on 6/15/2009 was unexpected.

    Error - 6/15/2009 6:14:20 PM | Computer Name = Maaikes | Source = HTTP | ID = 15016
    Description =


    < End of report >
     
  19. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    I'm glad to hear good news :)
    Unfortunately MBRCheck log doesn't tell us, what was wrong with MBR. It just says, MBR was not a correct one.

    ======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Unless you installed Viewpoint Manager knowledgeably...
    Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
    Uninstall any of the following programs associated with Viewpoint:
    * Viewpoint Manager
    * Viewpoint Media Player
    * Viewpoint Toolbar
    This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [1 C:\Users\Maaike new\Documents\*.tmp files -> C:\Users\Maaike new\Documents\*.tmp -> ]
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  20. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    All processes killed
    ========== OTL ==========
    Service Viewpoint Manager Service stopped successfully!
    Service Viewpoint Manager Service deleted successfully!
    File C:\Program Files\Viewpoint\Common\ViewpointService.exe not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Users\Maaike new\Documents\~WRL1125.tmp deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Maaike new
    ->Temp folder emptied: 94523606 bytes
    ->Temporary Internet Files folder emptied: 385342 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 62350146 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 1144 bytes

    User: Mcx1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3150 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 65183473 bytes

    Total Files Cleaned = 212.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Maaike new
    ->Flash cache emptied: 0 bytes

    User: Mcx1

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.0 log created on 10232010_225417

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  21. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    there is no viewpoint software installed, viewpoint is actually the last virus my computer had, i dont know the technical name for it, but it was a fake antivirus that pretended to do a recovery boot that required me to purchase software to cleanse my system of the infection. it started off by a boat load of virus alerts and warnings from windows defender, which i wasnt aware i had on my computer, and windows firewall, and probably some from the fake antivirus itself, for all i know they were all fake, i dont know if it was or wasnt harmful but it was annoying. i just used ctrl shift esc, ended its hotfix.exe program, started explorer.exe program, started up my antivirus programs, and manually removed the hotfix file, as none of my programs detected it. after that it started up properly and worked for about a week, after which it didnt boot explorer.exe because it was infected after i switched the paging file from my main to my recovery partition. to use the 1.9 gigs free over there and to clean up some free space on my main. ANYWAY... all this boils down to just this, 1. did my tinkering mess up my explorer.exe file? or was that some of the trojans my antivirus and eset caught before i got on the forum. and 2, im assuming i still have the registry keys in my computer which is why it showed up in the scan, if so where can i find them to delete them?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    We just removed Viewpoint leftovers.
    Your explorer.exe was infected by Bamital trojan.

    I still need two other logs.
     
  23. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Java(TM) 6 Update 5
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.11) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  24. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  25. generalkenobi2

    generalkenobi2 TS Rookie Topic Starter Posts: 39

    JavaRa 1.16 Removal Log.

    Report follows after line.

    ------------------------------------

    The JavaRa removal process was started on Sun Oct 24 11:18:34 2010

    Found and removed: C:\Program Files\Java\jre1.6.0_05

    Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_13

    Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_15

    Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_17

    Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_18

    Found and removed: C:\Users\Maaike new\AppData\LocalLow\Sun\Java\jre1.6.0_20

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

    Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

    Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

    Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

    Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

    Found and removed: Software\Classes\JavaPlugin.160_05

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

    Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

    Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

    Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

    Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

    Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_05.b13
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...