infections galore

Printable View

Show 40 post(s) from this thread on one page

August 10th, 2010, 11:12 AM
klarej

infections galore

I have all manner of problems on my work laptop and having recently been witnessing the dreaded BSOD on a number of occasions I can no longer ignore them.
I hope someone can help.
I have the latest version of Malware bytes installed.
Here is the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4412

Windows 5.1.2600 Service Pack 3, v.3264
Internet Explorer 6.0.2900.3264

8/10/2010 4:03:03 PM
mbam-log-2010-08-10 (16-03-03).txt

Scan type: Quick scan
Objects scanned: 123650
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
August 10th, 2010, 10:32 PM
Broni

Welcome aboard https://discussions.virtualdr.com/

Please, read here: http://discussions.virtualdr.com/sho...d.php?t=167915 and post required logs.
August 11th, 2010, 07:25 AM
klarej

ok, I don't speak fluent computer but I'll have a go:
is it the correct malware log btw?

here is the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 12:22:36
Windows 5.1.2600 Service Pack 3, v.3264
Running: 0om7hh9w.exe; Driver: C:\DOCUME~1\GOODYT~1\LOCALS~1\Temp\uwtdipow.sys

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 006C000A
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 006D000A
.text C:\WINDOWS\System32\svchost.exe[1052] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 006B000C
.text C:\WINDOWS\System32\svchost.exe[1052] USER32.dll!GetCursorPos 7E41BD6E 5 Bytes JMP 0175000A
.text C:\WINDOWS\System32\svchost.exe[1052] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00A2000A
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00A8000A
.text C:\WINDOWS\Explorer.EXE[1464] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00A1000C
.text C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtProtectVirtualMemory 7C90D6D0 5 Bytes JMP 00B3000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!NtWriteVirtualMemory 7C90DF90 5 Bytes JMP 00B4000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3576] ntdll.dll!KiUserExceptionDispatcher 7C90E45C 5 Bytes JMP 00B2000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat bb-run.sys (Promise Disk Accelerator/Promise Technology, Inc.)

---- EOF - GMER 1.0.15 ----
August 11th, 2010, 10:34 AM
klarej

the dds log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Goody Two Shoes at 15:29:42.53 on Wed 08/11/2010
Internet Explorer: 6.0.2900.3264 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.315 [GMT 1:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe 4
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\CNAB4RPK.EXE
svchost.exe 4
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Goody Two Shoes\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
mDefault_Page_URL = hxxp://forum.maxiwarez.com
uURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
uRun: [EPSON Stylus Photo R360 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\windows\temp\E_S110.tmp" /EF "HKCU"
uRun: [EPSON Stylus Photo R360 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\windows\temp\E_S129.tmp" /EF "HKCU"
uRun: [EPSON Stylus Photo R360 Series (Copy 2)] c:\windows\system32\spool\drivers\w32x86\3\e_fatiboe.exe /fu "c:\windows\temp\E_S4.tmp" /EF "HKCU"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll
LSA: Notification Packages = scecli scecli

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\goodyt~1\applic~1\mozilla\firefox\profiles\9na5dgyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2006-2-26 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [2006-3-28 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [2004-11-1 10368]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-8-26 24652]

=============== Created Last 30 ================

2010-08-10 11:33:18 0 d-----w- c:\program files\CCleaner
2010-08-09 13:29:21 0 d-----w- c:\program files\IObit
2010-08-09 13:29:21 0 d-----w- c:\docume~1\goodyt~1\applic~1\IObit
2010-08-09 13:13:52 0 d-----w- c:\docume~1\goodyt~1\applic~1\Registry Mechanic
2010-08-09 09:21:58 0 d-----w- c:\program files\SpywareBlaster
2010-08-07 20:06:03 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-08-07 20:01:42 0 d-----w- c:\windows\system32\appmgmt
2010-08-07 19:54:00 0 d-----w- c:\docume~1\goodyt~1\applic~1\Uniblue
2010-08-07 19:39:03 0 d-----w- c:\docume~1\goodyt~1\applic~1\Error Fix
2010-08-07 19:38:09 0 d-----w- c:\program files\Error Fix
2010-08-07 19:28:28 0 d-----w- c:\windows\system32\CatRoot2
2010-08-07 18:45:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 18:16:53 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-30 14:44:17 0 d-----w- c:\docume~1\goodyt~1\applic~1\Malwarebytes
2010-07-30 14:44:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 14:44:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 14:44:10 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 14:44:10 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-13 21:46:17 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-13 21:46:15 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-13 21:45:51 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-13 21:45:47 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 21:43:04 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-13 21:43:03 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-13 21:30:35 0 d-----w- c:\program files\AVG
2010-07-13 21:27:26 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-13 20:11:17 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-07-13 20:11:15 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-07-13 20:11:15 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-07-13 20:11:14 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-07-13 20:11:14 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-07-13 20:02:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-07-13 19:52:34 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M ====================

============= FINISH: 15:31:07.20 ===============
August 11th, 2010, 10:36 AM
klarej

and the attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/19/2008 7:40:47 PM
System Uptime: 8/11/2010 2:19:58 PM (1 hours ago)

Motherboard: ARIMA | | W720P4
Processor: Mobile Intel(R) Celeron(R) CPU 2.50GHz | Laptop Computer CPU | 2492/400mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 42.755 GiB free.
D: is CDROM ()
E: is Removable
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Modem
Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_2030161F&REV_03\3&267A616A&0&FE
Manufacturer:
Name: PCI Modem
PNP Device ID: PCI\VEN_8086&DEV_24C6&SUBSYS_2030161F&REV_03\3&267A616A&0&FE
Service:

==== System Restore Points ===================

RP71: 5/17/2010 12:32:58 PM - System Checkpoint
RP72: 5/18/2010 4:24:29 PM - System Checkpoint
RP73: 5/2/2009 4:52:22 PM - System Checkpoint
RP74: 5/4/2009 6:23:44 PM - System Checkpoint
RP75: 5/8/2009 10:13:15 PM - System Checkpoint
RP76: 5/10/2009 10:33:43 AM - System Checkpoint
RP77: 5/11/2009 7:42:43 PM - System Checkpoint
RP78: 5/13/2009 9:09:35 AM - System Checkpoint
RP79: 5/14/2009 2:30:59 PM - System Checkpoint
RP80: 5/17/2009 7:40:53 AM - System Checkpoint
RP81: 6/1/2009 1:59:44 PM - System Checkpoint
RP82: 6/3/2009 11:57:40 AM - System Checkpoint
RP83: 6/5/2009 2:23:00 PM - System Checkpoint
RP84: 11/1/2009 6:35:26 PM - System Checkpoint
RP85: 11/3/2009 10:59:51 AM - System Checkpoint
RP86: 11/4/2009 2:43:09 PM - System Checkpoint
RP87: 11/9/2009 10:09:38 AM - System Checkpoint
RP88: 11/10/2009 10:15:39 AM - System Checkpoint
RP89: 11/11/2009 10:16:04 AM - System Checkpoint
RP90: 11/12/2009 1:07:49 PM - System Checkpoint
RP91: 11/13/2009 6:35:19 PM - System Checkpoint
RP92: 11/15/2009 1:56:57 PM - System Checkpoint
RP93: 11/16/2009 3:44:51 PM - System Checkpoint
RP94: 11/17/2009 4:28:27 PM - System Checkpoint
RP95: 11/18/2009 6:09:31 PM - System Checkpoint
RP96: 11/19/2009 6:52:16 PM - System Checkpoint
RP97: 11/20/2009 6:59:18 PM - System Checkpoint
RP98: 11/21/2009 8:11:46 PM - System Checkpoint
RP99: 11/22/2009 9:48:51 PM - System Checkpoint
RP100: 11/23/2009 11:30:21 PM - System Checkpoint
RP101: 11/25/2009 9:55:18 AM - System Checkpoint
RP102: 11/26/2009 11:25:58 AM - System Checkpoint
RP103: 11/27/2009 2:02:33 PM - System Checkpoint
RP104: 11/28/2009 7:18:56 PM - System Checkpoint
RP105: 11/29/2009 8:22:08 PM - System Checkpoint
RP106: 12/1/2009 10:00:32 AM - System Checkpoint
RP107: 12/2/2009 10:07:30 AM - System Checkpoint
RP108: 12/3/2009 11:48:24 AM - System Checkpoint
RP109: 12/4/2009 12:04:55 PM - System Checkpoint
RP110: 12/5/2009 4:21:30 PM - System Checkpoint
RP111: 12/7/2009 4:25:59 PM - System Checkpoint
RP112: 12/25/2009 11:28:37 AM - System Checkpoint
RP113: 12/9/2009 12:42:33 AM - System Checkpoint
RP114: 12/10/2009 10:21:54 AM - System Checkpoint
RP115: 12/11/2009 12:27:03 PM - System Checkpoint
RP116: 12/12/2009 1:20:26 PM - System Checkpoint
RP117: 12/13/2009 4:42:42 PM - System Checkpoint
RP118: 12/14/2009 5:23:54 PM - System Checkpoint
RP119: 12/15/2009 5:58:13 PM - System Checkpoint
RP120: 12/16/2009 6:00:11 PM - System Checkpoint
RP121: 12/17/2009 6:45:19 PM - System Checkpoint
RP122: 12/19/2009 8:37:02 AM - System Checkpoint
RP123: 1/7/2010 9:39:19 PM - System Checkpoint
RP124: 1/8/2010 10:25:17 PM - System Checkpoint
RP125: 1/12/2010 7:52:06 AM - System Checkpoint
RP126: 1/13/2010 9:36:33 AM - System Checkpoint
RP127: 1/14/2010 9:54:12 AM - System Checkpoint
RP128: 1/26/2010 8:58:25 AM - System Checkpoint
RP129: 1/27/2010 9:10:00 AM - System Checkpoint
RP130: 1/28/2010 9:17:43 AM - System Checkpoint
RP131: 1/29/2010 9:34:11 AM - System Checkpoint
RP132: 1/31/2010 6:04:31 PM - System Checkpoint
RP133: 2/1/2010 6:11:59 PM - System Checkpoint
RP134: 2/2/2010 6:29:13 PM - System Checkpoint
RP135: 2/3/2010 6:47:09 PM - System Checkpoint
RP136: 2/5/2010 1:12:23 PM - System Checkpoint
RP137: 2/10/2010 9:45:37 AM - System Checkpoint
RP138: 2/11/2010 10:24:21 AM - System Checkpoint
RP139: 2/12/2010 11:01:27 AM - System Checkpoint
RP140: 2/13/2010 1:06:07 PM - System Checkpoint
RP141: 2/15/2010 11:15:31 AM - System Checkpoint
RP142: 2/16/2010 12:38:14 PM - System Checkpoint
RP143: 2/17/2010 1:36:35 PM - System Checkpoint
RP144: 2/21/2010 2:20:23 PM - System Checkpoint
RP145: 2/22/2010 2:21:49 PM - System Checkpoint
RP146: 2/23/2010 2:29:51 PM - System Checkpoint
RP147: 2/24/2010 2:39:15 PM - System Checkpoint
RP148: 2/25/2010 4:14:40 PM - System Checkpoint
RP149: 2/26/2010 4:27:58 PM - System Checkpoint
RP150: 3/1/2010 11:30:29 AM - System Checkpoint
RP151: 3/2/2010 11:40:21 AM - System Checkpoint
RP152: 3/3/2010 12:00:45 PM - System Checkpoint
RP153: 3/4/2010 12:22:13 PM - System Checkpoint
RP154: 3/8/2010 12:09:40 PM - System Checkpoint
RP155: 3/9/2010 12:37:46 PM - System Checkpoint
RP156: 3/10/2010 2:31:50 PM - System Checkpoint
RP157: 3/11/2010 3:28:01 PM - System Checkpoint
RP158: 3/12/2010 3:50:34 PM - System Checkpoint
RP159: 3/16/2010 7:50:15 PM - System Checkpoint
RP160: 3/19/2010 4:25:21 PM - System Checkpoint
RP161: 3/25/2010 12:45:00 PM - System Checkpoint
RP162: 4/1/2010 11:54:11 AM - System Checkpoint
RP163: 4/2/2010 2:51:32 PM - System Checkpoint
RP164: 4/23/2010 2:21:52 PM - System Checkpoint
RP165: 4/26/2010 11:01:10 AM - System Checkpoint
RP166: 4/27/2010 2:35:28 PM - System Checkpoint
RP167: 4/28/2010 9:53:44 AM - Installed Java(TM) 6 Update 13
RP168: 4/29/2010 11:30:30 AM - System Checkpoint
RP169: 4/30/2010 11:56:19 AM - System Checkpoint
RP170: 5/1/2010 1:48:29 PM - System Checkpoint
RP171: 5/2/2010 2:00:09 PM - System Checkpoint
RP172: 5/3/2010 5:46:22 PM - System Checkpoint
RP173: 5/4/2010 6:35:09 PM - System Checkpoint
RP174: 5/6/2010 12:22:03 PM - System Checkpoint
RP175: 5/7/2010 12:48:52 PM - System Checkpoint
RP176: 5/8/2010 1:17:55 PM - System Checkpoint
RP177: 5/10/2010 11:09:53 AM - System Checkpoint
RP178: 5/13/2010 9:43:48 PM - System Checkpoint
RP179: 5/14/2010 10:30:08 PM - System Checkpoint
RP180: 5/17/2010 9:20:51 AM - System Checkpoint
RP181: 5/18/2010 12:26:27 PM - System Checkpoint
RP182: 5/19/2010 2:39:55 PM - System Checkpoint
RP183: 5/20/2010 2:44:11 PM - System Checkpoint
RP184: 6/1/2010 11:20:21 AM - System Checkpoint
RP185: 6/2/2010 12:20:17 PM - System Checkpoint
RP186: 6/4/2010 10:20:45 AM - System Checkpoint
RP187: 6/5/2010 11:45:52 AM - System Checkpoint
RP188: 6/7/2010 1:22:36 PM - System Checkpoint
RP189: 6/8/2010 2:29:44 PM - System Checkpoint
RP190: 6/15/2010 12:09:06 PM - System Checkpoint
RP191: 6/16/2010 12:44:54 PM - System Checkpoint
RP192: 6/18/2010 7:24:42 AM - System Checkpoint
RP193: 6/19/2010 4:01:50 PM - System Checkpoint
RP194: 6/20/2010 5:40:45 PM - System Checkpoint
RP195: 6/21/2010 10:41:00 PM - System Checkpoint
RP196: 6/22/2010 10:59:20 PM - System Checkpoint
RP197: 7/2/2010 10:04:09 AM - System Checkpoint
RP198: 7/3/2010 10:58:09 AM - System Checkpoint
RP199: 7/4/2010 5:54:00 PM - System Checkpoint
RP200: 7/5/2010 6:26:50 PM - System Checkpoint
RP201: 7/6/2010 8:49:00 PM - System Checkpoint
RP202: 7/8/2010 2:22:34 PM - System Checkpoint
RP203: 7/9/2010 6:19:34 PM - System Checkpoint
RP204: 7/10/2010 6:43:42 PM - System Checkpoint
RP205: 7/12/2010 2:26:40 PM - System Checkpoint
RP206: 7/13/2010 8:18:19 PM - Configured SoundMAX
RP207: 7/13/2010 8:21:20 PM - Rollback to an unsigned driver
RP208: 7/13/2010 8:48:20 PM - Installed Driver Detective.
RP209: 7/13/2010 9:01:15 PM - Installed Driver Whiz.
RP210: 7/13/2010 9:05:50 PM - Removed Driver Whiz.
RP211: 7/13/2010 9:06:14 PM - Removed Driver Detective.
RP212: 7/13/2010 9:43:15 PM - Rollback to an unsigned driver
RP213: 7/13/2010 10:27:25 PM - Installed AVG 9.0
RP214: 7/14/2010 8:42:03 AM - Configured AVG Free 9.0
RP215: 7/22/2010 4:43:49 PM - System Checkpoint
RP216: 7/27/2010 8:33:41 AM - System Checkpoint
RP217: 7/28/2010 3:21:41 PM - System Checkpoint
RP218: 7/29/2010 3:34:57 PM - System Checkpoint
RP219: 7/30/2010 4:49:05 PM - System Checkpoint
RP220: 8/2/2010 10:34:29 AM - System Checkpoint
RP221: 8/3/2010 10:43:25 AM - System Checkpoint
RP222: 8/6/2010 9:00:40 AM - System Checkpoint
RP223: 8/7/2010 12:44:34 PM - System Checkpoint
RP224: 8/7/2010 7:16:26 PM - Restore Operation
RP225: 8/7/2010 7:41:22 PM - Installed Java(TM) 6 Update 21
RP226: 8/9/2010 12:17:15 PM - System Checkpoint
RP227: 8/9/2010 2:30:07 PM - Advanced SystemCare RestorePoint
RP228: 8/10/2010 4:46:51 PM - System Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9
Advanced SystemCare 3
AIM 6
AIM Search
AIM Toolbar 5.0
Ancient Secrets
BCM Wireless Network Adapter
Canon LBP2900
CCleaner
EPSON Printer Software
GameHouse
Intel(R) Extreme Graphics 2 Driver
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Malwarebytes' Anti-Malware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 SR-1 Professional
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.7)
MSN
MSVCRT
RealPlayer
Sage Accounts 8.20
Segoe UI
SoundMAX
SSC Service Utility v4.30
Switch Sound File Converter
Synaptics Pointing Device Driver
Viewpoint Media Player
Vista Ultimate Edition final v1.0
WebFldrs XP
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Vista Sounds Pack
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

8/6/2010 8:36:38 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the DNS Client service to connect.
8/6/2010 8:36:38 AM, error: Service Control Manager [7000] - The DNS Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/6/2010 3:23:19 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/6/2010 1:53:12 PM, error: DCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be modified using the Component Services administrative tool.
8/6/2010 1:26:53 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
8/6/2010 1:26:48 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{390B2F00-7D4E-4DD1-A26E-1E74DC289CA6} because another computer on the network has the same name. The server could not start.
8/6/2010 1:26:48 PM, error: NetBT [4321] - The name "TOM-PC :20" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not allow the name to be claimed by this machine.
8/6/2010 1:26:43 PM, error: NetBT [4321] - The name "TOM-PC :0" could not be registered on the Interface with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not allow the name to be claimed by this machine.
8/6/2010 1:26:23 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
8/6/2010 1:26:23 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
8/6/2010 1:26:23 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
8/4/2010 2:54:17 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.

==== End Of File ===========================
August 11th, 2010, 11:39 PM
Broni
You did very well :)

You don't have any active antivirus program.
Please, download and install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1...antivirus.html

After installation, run full scan.

=================================================================

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOL, AIM, Compuserve, etc.

=============================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  - Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  - Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.
  - Close any open browsers.
  - WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  - Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  - If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
August 12th, 2010, 02:18 AM
klarej

ok the antivir programme seemed to find nothing amiss:
here's the report:

Avira AntiVir Personal
Report file date: Thursday, August 12, 2010 07:12

Scanning for 2708713 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3, v.3264) [5.1.2600]
Boot mode : Normally booted
Username : Goody Two Shoes
Computer name : TOM-PC

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 12:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 12:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 18:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/10/2010 23:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 09:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 19:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 17:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 16:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 11:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 06:10:03
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 06:10:10
VBASE007.VDF : 7.10.9.165 4840960 Bytes 7/23/2010 06:10:25
VBASE008.VDF : 7.10.9.166 2048 Bytes 7/23/2010 06:10:25
VBASE009.VDF : 7.10.9.167 2048 Bytes 7/23/2010 06:10:26
VBASE010.VDF : 7.10.9.168 2048 Bytes 7/23/2010 06:10:26
VBASE011.VDF : 7.10.9.169 2048 Bytes 7/23/2010 06:10:26
VBASE012.VDF : 7.10.9.170 2048 Bytes 7/23/2010 06:10:26
VBASE013.VDF : 7.10.9.198 157696 Bytes 7/26/2010 06:10:26
VBASE014.VDF : 7.10.9.255 997888 Bytes 7/29/2010 06:10:30
VBASE015.VDF : 7.10.10.28 139264 Bytes 8/2/2010 06:10:30
VBASE016.VDF : 7.10.10.52 127488 Bytes 8/3/2010 06:10:31
VBASE017.VDF : 7.10.10.84 137728 Bytes 8/6/2010 06:10:31
VBASE018.VDF : 7.10.10.107 176640 Bytes 8/9/2010 06:10:32
VBASE019.VDF : 7.10.10.130 132608 Bytes 8/10/2010 06:10:32
VBASE020.VDF : 7.10.10.131 2048 Bytes 8/10/2010 06:10:32
VBASE021.VDF : 7.10.10.132 2048 Bytes 8/10/2010 06:10:32
VBASE022.VDF : 7.10.10.133 2048 Bytes 8/10/2010 06:10:33
VBASE023.VDF : 7.10.10.134 2048 Bytes 8/10/2010 06:10:33
VBASE024.VDF : 7.10.10.135 2048 Bytes 8/10/2010 06:10:33
VBASE025.VDF : 7.10.10.136 2048 Bytes 8/10/2010 06:10:33
VBASE026.VDF : 7.10.10.137 2048 Bytes 8/10/2010 06:10:33
VBASE027.VDF : 7.10.10.138 2048 Bytes 8/10/2010 06:10:33
VBASE028.VDF : 7.10.10.139 2048 Bytes 8/10/2010 06:10:33
VBASE029.VDF : 7.10.10.140 2048 Bytes 8/10/2010 06:10:33
VBASE030.VDF : 7.10.10.141 2048 Bytes 8/10/2010 06:10:33
VBASE031.VDF : 7.10.10.151 73728 Bytes 8/11/2010 06:10:33
Engineversion : 8.2.4.34
AEVDF.DLL : 8.1.2.1 106868 Bytes 8/12/2010 06:10:44
AESCRIPT.DLL : 8.1.3.42 1364347 Bytes 8/12/2010 06:10:44
AESCN.DLL : 8.1.6.1 127347 Bytes 8/12/2010 06:10:43
AESBX.DLL : 8.1.3.1 254324 Bytes 8/12/2010 06:10:45
AERDL.DLL : 8.1.8.2 614772 Bytes 8/12/2010 06:10:43
AEPACK.DLL : 8.2.3.5 471412 Bytes 8/12/2010 06:10:42
AEOFFICE.DLL : 8.1.1.8 201081 Bytes 8/12/2010 06:10:41
AEHEUR.DLL : 8.1.2.11 2834805 Bytes 8/12/2010 06:10:40
AEHELP.DLL : 8.1.13.2 242039 Bytes 8/12/2010 06:10:36
AEGEN.DLL : 8.1.3.19 393587 Bytes 8/12/2010 06:10:36
AEEMU.DLL : 8.1.2.0 393588 Bytes 8/12/2010 06:10:35
AECORE.DLL : 8.1.16.2 192887 Bytes 8/12/2010 06:10:35
AEBB.DLL : 8.1.1.0 53618 Bytes 8/12/2010 06:10:34
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 12:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 12:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 16:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 12:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 12:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 12:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 09:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 12:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 15:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 14:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 13:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 14:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Thursday, August 12, 2010 07:12

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'bcmwltry.exe' - '1' Module(s) have been scanned
Scan process 'wltrysvc.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'CNAB4RPK.EXE' - '1' Module(s) have been scanned
Scan process 'AWC.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '347' files ).

End of the scan: Thursday, August 12, 2010 07:13
Used time: 00:52 Minute(s)

The scan has been done completely.

0 Scanned directories
822 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
822 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes

now for the rest............
August 12th, 2010, 07:10 PM
Broni

Go on...
August 12th, 2010, 07:26 PM
klarej

boy does my laptop not like Combofix!!!!!!!

I tried to run it four times and got the blue screen each time. pfft!
Also on the fourth attempt it knocked my wireless connection off and now it won't find the network.. so I can't let it download the recovery console like it asked.
I don't know..... should I keep trying?
August 12th, 2010, 09:13 PM
Broni

Try to run it from Safe Mode.
August 13th, 2010, 04:24 AM
klarej

ok, I tried it in safe mode but couldn't seem to disable the Antivir software as there is no icons in the system tray and I didn't want to go ahead with the scan with Antivir running. I opened the programme from the shortcut on the desktop but really couldn't see how to do it from there.
Did I miss something obvious or do I have to uninstall it or something?
god, I'm awful at this!!!
August 13th, 2010, 12:54 PM
Broni
Delete your Combofix file, download fresh one, but rename combofix.exe to broni.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe
- * Double-click on the Rkill desktop icon to run the tool.
  * If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  * A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  * If not, delete the file, then download and use the one provided in Link 2.
  * If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  * Do not reboot until instructed.
  * If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.
- * Please download exeHelper from Raktor to your desktop.
  * Double-click on exeHelper.com to run the fix.
  * A black window should pop up, press any key to close once the fix is completed.
  * A log file named log.txt will be created in the directory where you ran exeHelper.com
  * Attach the log.txt file to your next message.
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

Now, run broni.exe
August 16th, 2010, 01:34 PM
klarej

Hi Broni
The rkill and exe helper seemed to run fine, however, the Broni (combofix application) resulted in yet another blue screen.

the logs for rkill and exehelper are here:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Goody Two Shoes on 08/16/2010 at 16:10:27.

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\Goody Two Shoes\Desktop\rkill.com

Rkill completed on 08/16/2010 at 16:10:56.

---------------------------------------------------------------------------------
exeHelper by Raktor
Build 20100414
Run at 16:14:38 on 08/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

-----------------------------------------------------------------------------

The error messages when I get the blue screen are different each time but now it's happening so often I'm starting to panic.
Do you honestly think we can fix whatever's wrong?

the last few messages have been as follows:

BAD_POOL_CALLER

Technical Information:

***STOP: 0x000000C2 (0x00000007, 0x00000CD4, 0x00000001, 0xF694FA9C)

IRQL_NOT_LESS_OR_EQUAL

Technical Information:

***STOP: 0x0000000A (0xEECCCAAC, 0x00000002, 0x00000001, 0x804FD944)

INVALID_PROCESS_DETACH_ATTEMPT

Technical Information:

***STOP: 0x00000006 (0x00000000, 0x00000000, 0x00000000, 0x00000000)
August 16th, 2010, 07:12 PM
Broni

OK. Try all three tools from safe mode.
August 17th, 2010, 02:26 PM
klarej

I am hesitant to throw a party just yet but I think I actually got it to work!!!!

the rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Administrator on 08/17/2010 at 17:55:23.

Processes terminated by Rkill or while it was running:

Rkill completed on 08/17/2010 at 17:55:39.

The exehelper:
exeHelper by Raktor
Build 20100414
Run at 16:14:38 on 08/16/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

exeHelper by Raktor
Build 20100414
Run at 17:56:40 on 08/17/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

And the Broni (Combofix):
ComboFix 10-08-16.04 - Goody Two Shoes 08/17/2010 19:04:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.508 [GMT 1:00]
Running from: c:\documents and settings\Goody Two Shoes\Desktop\Broni.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ntload.exe

Infected copy of c:\windows\system32\drivers\rdpcdd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
\\.\PhysicalDrive0 - Bootkit Whistler was found and disinfected
.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-13 08:02 . 2010-08-13 08:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-08-12 07:13 . 2010-08-12 07:13 -------- d-----w- c:\windows\system32\NtmsData
2010-08-12 07:10 . 2010-08-12 07:10 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Avira
2010-08-12 06:08 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-12 06:08 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-12 06:08 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-12 06:08 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\program files\Avira
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-10 11:33 . 2010-08-10 11:33 -------- d-----w- c:\program files\CCleaner
2010-08-09 13:29 . 2010-08-09 13:29 -------- d-----w- c:\program files\IObit
2010-08-09 13:29 . 2010-08-09 13:29 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\IObit
2010-08-09 13:13 . 2010-08-09 13:13 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic
2010-08-09 09:22 . 2010-08-10 11:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-09 09:21 . 2010-08-10 11:37 -------- d-----w- c:\program files\SpywareBlaster
2010-08-07 20:06 . 2010-08-10 11:36 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-08-07 19:54 . 2010-08-07 19:54 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Uniblue
2010-08-07 19:39 . 2010-08-07 19:43 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Error Fix
2010-08-07 19:38 . 2010-08-07 20:01 -------- d-----w- c:\program files\Error Fix
2010-08-07 19:28 . 2010-08-17 18:16 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-07 19:15 . 2010-08-07 19:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-08-07 18:46 . 2010-08-07 18:46 503808 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcp71.dll
2010-08-07 18:46 . 2010-08-07 18:46 499712 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\jmc.dll
2010-08-07 18:46 . 2010-08-07 18:46 348160 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcr71.dll
2010-08-07 18:46 . 2010-08-07 18:46 61440 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-sse.dll
2010-08-07 18:46 . 2010-08-07 18:46 12800 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-d3d.dll
2010-08-07 18:45 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 18:16 . 2010-08-07 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 14:44 . 2010-08-07 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 14:06 . 2010-07-30 15:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ywbakvqxv
2010-07-29 08:40 . 2010-07-29 08:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 06:19 . 2008-08-26 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-07 18:45 . 2008-07-23 02:47 -------- d-----w- c:\program files\Java
2010-07-14 07:55 . 2008-07-19 12:17 -------- d-----w- c:\program files\Thoosje Sidebar V2.3
2010-07-13 21:46 . 2010-07-13 21:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-13 21:46 . 2010-07-13 21:46 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-13 21:46 . 2010-07-13 21:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-13 21:45 . 2010-07-13 21:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 21:43 . 2010-07-13 21:43 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-13 21:43 . 2010-07-13 21:43 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-13 21:30 . 2010-07-13 21:30 -------- d-----w- c:\program files\AVG
2010-07-13 21:27 . 2010-07-13 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-13 20:02 . 2010-07-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-07-13 19:52 . 2010-07-13 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-13 19:17 . 2008-07-19 18:56 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\program files\Shareaza
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Shareaza
2010-06-07 09:50 . 2008-07-19 18:48 84328 ----a-w- c:\documents and settings\Goody Two Shoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-01-11 . 2B60598FE17A9EAA1468C1B8F73EA0B9 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-07-02 2347216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-11-30 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"SoundMan"="SOUNDMAN.EXE" [2008-01-11 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-18 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-18 618496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2/26/2006 4:21 PM 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [3/28/2006 3:43 PM 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [11/1/2004 11:21 AM 10368]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2010 7:08 AM 135336]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 19:15
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SOUNDMAN.EXE
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\System32\wltrysvc.exe
c:\windows\system32\CNAB4RPK.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-08-17 19:20:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-17 18:20

Pre-Run: 46,833,704,960 bytes free
Post-Run: 48,098,852,864 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 393180D21CA12941B84DFD260C4F38F2
August 17th, 2010, 04:40 PM
Broni
Good :)

Please, uninstall Eusing Free Registry Cleaner, Error Fix and Registry Mechanic (if present).
Registry tools are not recommended and here is why: http://miekiemoes.blogspot.com/2008/...eaking_13.html

=================================================================

1. Please open Notepad
- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

Folder:: c:\program files\IObit c:\documents and settings\Goody Two Shoes\Application Data\IObit c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic c:\program files\Eusing Free Registry Cleaner c:\documents and settings\Goody Two Shoes\Application Data\Uniblue c:\documents and settings\Goody Two Shoes\Application Data\Error Fix c:\program files\Error Fix c:\documents and settings\LocalService\Local Settings\Application Data\ywbakvqxv

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

https://discussions.virtualdr.com/im.../2016/03/2.gif

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
- Combofix.txt
August 17th, 2010, 05:23 PM
klarej

do I uninstall them and THEN follow steps 1, and 2?
or just follow steps 1 and 2?
August 17th, 2010, 05:25 PM
Broni

Uninstall first.
August 17th, 2010, 05:58 PM
klarej

Thanks,
It didn't ask to reboot
should I?
August 17th, 2010, 06:05 PM
Broni

If it created any log, no.
If it didn't, reboot.
August 17th, 2010, 06:12 PM
klarej

ok it's fine here's the log:

ComboFix 10-08-17.02 - Goody Two Shoes 08/17/2010 22:37:57.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.466 [GMT 1:00]
Running from: c:\documents and settings\Goody Two Shoes\Desktop\Broni.exe
Command switches used :: c:\documents and settings\Goody Two Shoes\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Goody Two Shoes\Application Data\Error Fix
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Logs\2010-08-07 20-39-030.log
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\filelist.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-0.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-1.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-10.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-100.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-101.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-102.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-103.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-104.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-105.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-106.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-107.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-108.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-109.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-11.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-110.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-111.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-112.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-113.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-114.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-115.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-116.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-117.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-118.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-119.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-12.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-120.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-121.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-122.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-123.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-124.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-125.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-126.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-127.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-128.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-129.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-13.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-130.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-131.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-132.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-133.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-134.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-135.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-136.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-137.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-138.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-139.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-14.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-140.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-141.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-142.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-143.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-144.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-145.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-146.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-147.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-148.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-149.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-15.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-150.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-151.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-152.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-16.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-17.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-18.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-19.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-2.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-20.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-21.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-22.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-23.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-24.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-25.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-26.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-27.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-28.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-29.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-3.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-30.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-31.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-32.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-33.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-34.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-35.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-36.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-37.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-38.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-39.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-4.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-40.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-41.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-42.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-43.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-44.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-45.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-46.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-47.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-48.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-49.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-5.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-50.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-51.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-52.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-53.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-54.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-55.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-56.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-57.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-58.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-59.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-6.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-60.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-61.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-62.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-63.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-64.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-65.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-66.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-67.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-68.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-69.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-7.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-70.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-71.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-72.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-73.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-74.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-75.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-76.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-77.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-78.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-79.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-8.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-80.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-81.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-82.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-83.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-84.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-85.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-86.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-87.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-88.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-89.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-9.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-90.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-91.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-92.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-93.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-94.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-95.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-96.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-97.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-98.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\QuarantineW\2010-08-07 20-43-480\regb-99.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Evidence.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Junk.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Registry.db
c:\documents and settings\Goody Two Shoes\Application Data\Error Fix\Results\Update.db
August 17th, 2010, 06:12 PM
klarej

c:\documents and settings\Goody Two Shoes\Application Data\IObit
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup.ini
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\doujke.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\dutwlm.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\idrbde.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Backup\mgecqk.reg
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Fav.ico
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Ignore.ini
c:\documents and settings\Goody Two Shoes\Application Data\IObit\Advanced SystemCare\Main.ini
c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic
c:\documents and settings\Goody Two Shoes\Application Data\Registry Mechanic\SystemReport.txt
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\backup\20100807.205929.zip
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\error.log
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\history\20100807-205849_repair.xml
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\history\latest_scan_results.html
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\last_scan.dat
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\settings.dat
c:\documents and settings\Goody Two Shoes\Application Data\Uniblue\RegistryBooster\track_installs.txt
c:\documents and settings\LocalService\Local Settings\Application Data\ywbakvqxv
c:\program files\Error Fix
c:\program files\Error Fix\PW\general.html
c:\program files\Error Fix\PW\optimizations.html
c:\program files\Error Fix\PW\privacy.html
c:\program files\Error Fix\PW\scheduler.html
c:\program files\Error Fix\PW\startup.html
c:\program files\Error Fix\PW\wizard.css
c:\program files\Eusing Free Registry Cleaner
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807211203.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807211804.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100807212402.reg
c:\program files\Eusing Free Registry Cleaner\Backup\Backup20100809142132.reg
c:\program files\Eusing Free Registry Cleaner\options.ini
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\AutoCare.exe
c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe
c:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\IObit\Advanced SystemCare 3\AWCInit.exe
c:\program files\IObit\Advanced SystemCare 3\AwcSchedule.dll
c:\program files\IObit\Advanced SystemCare 3\chkdskback.exe
c:\program files\IObit\Advanced SystemCare 3\ContextMenu.exe
c:\program files\IObit\Advanced SystemCare 3\CookiesBK.pln
c:\program files\IObit\Advanced SystemCare 3\CoolTrayIcon_D6plus.bpl
c:\program files\IObit\Advanced SystemCare 3\Def.dbd
c:\program files\IObit\Advanced SystemCare 3\DiskMap.dll
c:\program files\IObit\Advanced SystemCare 3\ESR.exe
c:\program files\IObit\Advanced SystemCare 3\EULA.rtf
c:\program files\IObit\Advanced SystemCare 3\FFSweep.dll
c:\program files\IObit\Advanced SystemCare 3\FileSweep.dll
c:\program files\IObit\Advanced SystemCare 3\Help.html
c:\program files\IObit\Advanced SystemCare 3\Hijack Analysis Report.txt
c:\program files\IObit\Advanced SystemCare 3\IEFavBK.pln
c:\program files\IObit\Advanced SystemCare 3\Images\care.png
c:\program files\IObit\Advanced SystemCare 3\Images\ds.png
c:\program files\IObit\Advanced SystemCare 3\Images\home.png
c:\program files\IObit\Advanced SystemCare 3\Images\mw.png
c:\program files\IObit\Advanced SystemCare 3\Images\tips.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\tips2.jpg
c:\program files\IObit\Advanced SystemCare 3\Images\ut.png
c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe
c:\program files\IObit\Advanced SystemCare 3\Language\Albanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Brasil.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseSimp.lng
c:\program files\IObit\Advanced SystemCare 3\Language\ChineseTrad.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Czech.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dansk.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Dutch.lng
c:\program files\IObit\Advanced SystemCare 3\Language\English.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Finnish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\French.lng
c:\program files\IObit\Advanced SystemCare 3\Language\German.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hebrew.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Hungarian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Italiano.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Japanese.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Korean.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Persian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Polish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Romanian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Russian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Slovenian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Spanish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Srpski.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Svenska.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Swedish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Turkish.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Ukrainian.lng
c:\program files\IObit\Advanced SystemCare 3\Language\Valencian.lng
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\News\bnews.html
c:\program files\IObit\Advanced SystemCare 3\News\Css\bstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\Css\wstyle.css
c:\program files\IObit\Advanced SystemCare 3\News\wnews.html
c:\program files\IObit\Advanced SystemCare 3\NtfsData.dll
c:\program files\IObit\Advanced SystemCare 3\RegeditBK.pln
c:\program files\IObit\Advanced SystemCare 3\Registration.exe
c:\program files\IObit\Advanced SystemCare 3\Registry Scan Report.txt
c:\program files\IObit\Advanced SystemCare 3\Routine.dll
c:\program files\IObit\Advanced SystemCare 3\rtl70.bpl
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\Black\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_01_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_02_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_03_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Btn_04_mouseover.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_down.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_left.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_right.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\4C_Button_bg_up.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Bg_Content.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\BG_Main.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Care_Button_en_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Check.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Checked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Close2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Content_bg_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Flag.ico
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Layout.ini
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Min2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\scan.avi
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Shadow.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Bottom.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_BottomLine.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_Selected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_2.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Tab_UnSelected_3.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Title.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\UnCheck.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Unchecked.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade1.png
c:\program files\IObit\Advanced SystemCare 3\Skin\White\Upgrade2.png
c:\program files\IObit\Advanced SystemCare 3\sqlite3.dll
c:\program files\IObit\Advanced SystemCare 3\STFix.dll
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskCleaner.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_DiskDoctor.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_FileShredder.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_GameBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_InternetBooster.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_IS360.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ISD.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_RegistryDefrag.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_ShortcutsFixer.exe
c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_DriverBackUp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_PIeHelp.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemBackup.exe
c:\program files\IObit\Advanced SystemCare 3\Sus_SystemFileScan.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_AutoShutDown.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ClonedFilesFinder.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_ContextManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_DiskExplorer.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_RestoreCenter.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SoftUninstaller.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_StartUpManager.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_SysInfo.exe
c:\program files\IObit\Advanced SystemCare 3\Sut_WinManager.exe
c:\program files\IObit\Advanced SystemCare 3\TurboBoost.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.dat
c:\program files\IObit\Advanced SystemCare 3\unins000.exe
c:\program files\IObit\Advanced SystemCare 3\unins000.msg
c:\program files\IObit\Advanced SystemCare 3\Update History.txt
c:\program files\IObit\Advanced SystemCare 3\Update\awc3check.upt
c:\program files\IObit\Advanced SystemCare 3\vcl70.bpl
c:\program files\IObit\Advanced SystemCare 3\vclx70.bpl
c:\program files\IObit\Advanced SystemCare 3\winSkinD7R.bpl
c:\program files\IObit\Advanced SystemCare 3\Wizard.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-17 to 2010-08-17 )))))))))))))))))))))))))))))))
.

2010-08-13 08:02 . 2010-08-13 08:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-08-12 07:13 . 2010-08-12 07:13 -------- d-----w- c:\windows\system32\NtmsData
2010-08-12 07:10 . 2010-08-12 07:10 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Avira
2010-08-12 06:08 . 2010-03-01 09:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-12 06:08 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-12 06:08 . 2009-05-11 11:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-12 06:08 . 2009-05-11 11:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\program files\Avira
2010-08-12 06:08 . 2010-08-12 06:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-10 11:33 . 2010-08-10 11:33 -------- d-----w- c:\program files\CCleaner
2010-08-09 09:22 . 2010-08-10 11:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-09 09:21 . 2010-08-10 11:37 -------- d-----w- c:\program files\SpywareBlaster
2010-08-07 19:28 . 2010-08-17 21:37 -------- d-----w- c:\windows\system32\CatRoot2
2010-08-07 19:15 . 2010-08-07 19:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-08-07 18:46 . 2010-08-07 18:46 503808 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcp71.dll
2010-08-07 18:46 . 2010-08-07 18:46 499712 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\jmc.dll
2010-08-07 18:46 . 2010-08-07 18:46 348160 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5e1ba386-n\msvcr71.dll
2010-08-07 18:46 . 2010-08-07 18:46 61440 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-sse.dll
2010-08-07 18:46 . 2010-08-07 18:46 12800 ----a-w- c:\documents and settings\Goody Two Shoes\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-349dcea8-n\decora-d3d.dll
2010-08-07 18:45 . 2010-07-17 04:00 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-07 18:16 . 2010-08-07 18:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 14:44 . 2010-08-07 18:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 14:44 . 2010-07-30 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 14:44 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-29 08:40 . 2010-07-29 08:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
August 17th, 2010, 06:13 PM
klarej

2010-08-12 06:19 . 2008-08-26 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2010-08-07 18:45 . 2008-07-23 02:47 -------- d-----w- c:\program files\Java
2010-07-14 07:55 . 2008-07-19 12:17 -------- d-----w- c:\program files\Thoosje Sidebar V2.3
2010-07-13 21:46 . 2010-07-13 21:46 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-13 21:46 . 2010-07-13 21:46 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-13 21:46 . 2010-07-13 21:45 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-13 21:45 . 2010-07-13 21:45 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-13 21:43 . 2010-07-13 21:43 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-13 21:43 . 2010-07-13 21:43 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-13 21:30 . 2010-07-13 21:30 -------- d-----w- c:\program files\AVG
2010-07-13 21:27 . 2010-07-13 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-13 20:02 . 2010-07-13 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-07-13 19:52 . 2010-07-13 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-07-13 19:17 . 2008-07-19 18:56 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\program files\Shareaza
2010-07-11 17:26 . 2010-07-11 17:12 -------- d-----w- c:\documents and settings\Goody Two Shoes\Application Data\Shareaza
2010-06-07 09:50 . 2008-07-19 18:48 84328 ----a-w- c:\documents and settings\Goody Two Shoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-01-11 . 2B60598FE17A9EAA1468C1B8F73EA0B9 . 1613824 . . [5.1.2600.3264] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2007-11-30 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2007-11-30 455168]
"SoundMan"="SOUNDMAN.EXE" [2008-01-11 64512]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-07-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-07-10 114688]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-07-18 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-07-18 618496]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-26 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-20 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-11-10 15:39 5244216 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\CNAB4RPK.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [2/26/2006 4:21 PM 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [3/28/2006 3:43 PM 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [11/1/2004 11:21 AM 10368]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2010 7:08 AM 135336]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
FF - ProfilePath - c:\documents and settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query=
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
HKCU-Run-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
AddRemove-Advanced SystemCare 3_is1 - c:\program files\IObit\Advanced SystemCare 3\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-17 22:48
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-17 22:52:28
ComboFix-quarantined-files.txt 2010-08-17 21:52
ComboFix2.txt 2010-08-17 18:20

Pre-Run: 48,064,765,952 bytes free
Post-Run: 48,034,590,720 bytes free

- - End Of File - - A1EF2513EBB6D2D5CD9223446DFA655B
August 17th, 2010, 06:16 PM
Broni
Good :)

How is computer doing?

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
August 17th, 2010, 06:43 PM
klarej

Yeah computer's running really well, since this morning even, thanks! hope we've done enough to save him!!!

here's the otl.txt

OTL logfile created on: 8/17/2010 11:24:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Goody Two Shoes\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 45.88 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 248.88 Mb Total Space | 39.13 Mb Free Space | 15.72% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: Goody Two Shoes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
PRC - [2010/07/05 11:23:46 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/08/26 12:09:21 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/01/11 18:46:25 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2007/11/30 22:26:26 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/11 13:26:56 | 000,063,112 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2003/07/18 01:42:08 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
MOD - [2008/01/11 18:49:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/11/30 22:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/07/18 01:41:42 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GOODYT~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/25 15:11:23 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2008/01/11 18:46:05 | 000,639,836 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/01/11 18:46:03 | 000,401,152 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2007/11/30 16:16:46 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2006/04/18 10:49:00 | 000,005,504 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\siremfil.sys -- (siremfil)
DRV - [2006/03/28 15:43:42 | 000,091,707 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\afamgt.sys -- (afamgt)
DRV - [2006/02/26 16:21:22 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\bb-run.sys -- (bb-run)
DRV - [2006/02/26 16:21:18 | 000,004,928 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\aaatimeo.sys -- (aaatimeo)
DRV - [2004/11/01 11:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\siwinacc.sys -- (siwinacc)
DRV - [2003/07/18 01:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/07/18 01:21:40 | 000,270,544 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/08/26 12:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/13 17:12:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/12 07:19:11 | 000,000,000 | ---D | M]

[2008/07/19 13:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Extensions
[2010/08/17 19:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions
[2010/08/07 20:02:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/08/26 10:29:58 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Goody Two Shoes\Application Data\Mozilla\Firefox\Profiles\9na5dgyo.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/08/17 19:31:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/07 19:46:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/10/14 19:51:11 | 000,279,888 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll

O1 HOSTS File: ([2010/08/17 22:48:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/19 19:37:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
Unable to start service SrService!

========== Files/Folders - Created Within 90 Days ==========

[2010/08/17 23:23:43 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
[2010/08/17 22:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/17 18:51:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/12 08:19:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/12 08:13:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/12 08:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Avira
[2010/08/12 07:08:23 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/12 07:08:19 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/12 07:08:19 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/12 07:08:19 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/12 07:08:19 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/12 07:08:18 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/12 07:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/10 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/10 12:31:28 | 003,420,304 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Goody Two Shoes\Desktop\ccsetup234.exe
[2010/08/09 14:28:33 | 007,848,416 | ---- | C]
August 17th, 2010, 06:44 PM
klarej

(IObit ) -- C:\Documents and Settings\Goody Two Shoes\Desktop\asc-setup.exe
[2010/08/09 10:22:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/09 10:21:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/08/07 21:49:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/07 21:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/07 21:01:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/07 20:28:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/07 20:15:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2010/08/07 19:47:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/30 15:44:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Malwarebytes
[2010/07/30 15:44:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/30 15:44:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/30 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 15:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 15:39:23 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/30 09:48:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/29 09:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/07/29 09:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/07/13 22:46:17 | 000,025,168 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/07/13 22:46:15 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/13 22:45:51 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/13 22:45:47 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 22:43:04 | 000,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/07/13 22:43:03 | 000,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/07/13 22:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/13 22:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 21:11:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/13 21:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2010/07/13 20:53:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\My Documents\Downloads
[2010/07/13 20:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/07/13 20:42:10 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/13 20:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/13 19:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/07/13 19:47:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/07/11 18:14:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads
[2010/07/11 18:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\Shareaza
[2010/07/11 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Shareaza
[2010/07/11 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2010/06/22 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Desktop\Christmas 10'
[2010/06/22 18:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Desktop\audiobooks
[2010/06/22 17:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Goody Two Shoes\Application Data\WinRAR
[2010/06/22 17:23:55 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/08/17 23:23:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Goody Two Shoes\Desktop\OTL.exe
[2010/08/17 23:20:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/17 23:20:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/17 23:19:48 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\ntuser.dat
[2010/08/17 23:19:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Goody Two Shoes\ntuser.ini
[2010/08/17 23:19:44 | 006,973,938 | -H-- | M] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\IconCache.db
[2010/08/17 22:48:50 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/17 22:48:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/17 18:51:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/16 16:14:24 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\exeHelper.com
[2010/08/16 16:10:02 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\rkill.com
[2010/08/16 15:56:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/12 07:08:45 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/12 07:05:15 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\avira_antivir_personal_en.exe
[2010/08/12 06:49:26 | 000,038,736 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\oz.gif
[2010/08/11 15:27:58 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\dds.scr
[2010/08/11 11:02:12 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\0om7hh9w.exe
[2010/08/10 12:34:08 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\My Documents\cc_20100810_123356.reg
[2010/08/10 12:33:20 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CCleaner.lnk
[2010/08/10 12:31:28 | 003,420,304 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Goody Two Shoes\Desktop\ccsetup234.exe
[2010/08/09 14:29:28 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/08/09 14:29:28 | 000,000,163 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\IObit Freeware.url
[2010/08/09 14:29:27 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/08/09 14:28:48 | 007,848,416 | ---- | M] (IObit ) -- C:\Documents and Settings\Goody Two Shoes\Desktop\asc-setup.exe
[2010/08/07 20:29:09 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/07 20:29:09 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/07 19:26:07 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/02 21:59:28 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams2.doc
[2010/08/02 16:04:08 | 000,133,120 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CJ ams1.doc
[2010/07/31 19:06:41 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams3.doc
[2010/07/13 22:46:17 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSxx.sys
[2010/07/13 22:46:16 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010/07/13 22:46:15 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/13 22:45:51 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/13 22:43:04 | 000,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010/07/13 22:43:04 | 000,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010/07/13 20:47:07 | 000,405,596 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/13 20:47:07 | 000,392,864 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/13 20:47:07 | 000,058,998 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 17:24:22 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\WinRAR.lnk
[2010/06/07 10:50:13 | 000,084,328 | ---- | M] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/17 18:51:39 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/17 18:51:31 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/16 16:14:21 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\exeHelper.com
[2010/08/16 16:09:48 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\rkill.com
[2010/08/12 07:08:45 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/08/12 07:05:14 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\avira_antivir_personal_en.exe
[2010/08/12 06:48:58 | 000,038,736 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\oz.gif
[2010/08/11 15:27:57 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\dds.scr
[2010/08/11 11:02:12 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\0om7hh9w.exe
[2010/08/10 12:33:58 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\My Documents\cc_20100810_123356.reg
[2010/08/10 12:33:20 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CCleaner.lnk
[2010/08/09 14:29:28 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced SystemCare.lnk
[2010/08/09 14:29:28 | 000,000,163 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\IObit Freeware.url
[2010/08/09 14:29:27 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/07/30 15:44:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/28 19:09:41 | 000,135,168 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams3.doc
[2010/07/28 19:09:35 | 000,135,680 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\cj ams2.doc
[2010/07/28 19:09:29 | 000,133,120 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\CJ ams1.doc
[2010/06/22 17:24:22 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Desktop\WinRAR.lnk
[2009/11/26 11:30:44 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/25 15:11:23 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/01/14 18:19:25 | 000,000,083 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2008/09/16 13:33:50 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\Sgtool32.dll
[2008/09/16 13:33:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2008/09/16 13:33:50 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\Sgtbar32.dll
[2008/09/16 13:33:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sgstat32.dll
[2008/09/16 13:33:50 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[2008/09/16 13:33:50 | 000,001,180 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[2008/09/16 13:33:49 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\Sglist32.dll
[2008/09/16 13:33:49 | 000,256,512 | ---- | C] () -- C:\WINDOWS\System32\SGOPopDg.dll
[2008/09/16 13:33:49 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\Sglch32.dll
[2008/09/16 13:33:49 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2008/09/16 13:33:49 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\Sghelp32.dll
[2008/09/16 13:33:49 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Sgintl32.dll
[2008/09/16 13:33:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Sgdt32.dll
[2008/09/16 13:33:49 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Sglogo32.dll
[2008/09/16 13:33:48 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\Sgrep32.dll
[2008/09/16 13:33:48 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\Sgcdlg32.dll
[2008/09/16 13:33:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2008/09/16 13:33:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Sgcom32.dll
[2008/09/16 13:33:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sgappbar.dll
[2008/09/16 13:33:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\Sg3d32.dll
[2008/09/16 13:33:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2008/09/08 10:12:59 | 000,000,474 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/07/20 20:51:12 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Goody Two Shoes\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/19 19:59:27 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2007/11/30 22:25:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1999/01/22 19:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2008/08/26 10:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/07/13 22:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/13 21:02:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2009/01/14 17:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/11/09 22:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/07/13 20:52:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/08/10 12:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/12 07:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/08/26 10:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\acccore
[2009/11/13 00:10:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\DC++
[2008/09/17 19:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\MSNInstaller
[2009/11/09 22:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\NCH Swift Sound
[2010/07/11 18:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Goody Two Shoes\Application Data\Shareaza

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/07/19 19:37:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/07/19 19:29:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/17 18:51:40 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/17 22:52:30 | 000,044,358 | ---- | M] () -- C:\ComboFix.txt
[2008/07/19 19:37:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/07/19 19:37:08 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/26 10:29:41 | 000,000,378 | -H-- | M] () -- C:\IPH.PH
[2008/07/19 19:37:08 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2007/11/30 13:29:50 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2007/11/30 15:25:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/17 23:20:38 | 1157,627,904 | -HS- | M] () -- C:\pagefile.sys
[2010/08/17 17:55:39 | 000,000,326 | ---- | M] () -- C:\rkill.log

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/07/19 13:17:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/07/19 13:17:42 | 001,081,344 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/07/19 13:17:42 | 000,901,120 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/11/30 22:26:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=6C74C62ECDC3981A7F1F8F1656B27871 -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2007/11/30 22:26:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=36F8F7A2EF12ED817FC16C3248E39092 -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2007/11/30 22:26:08 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=64D39EF9D5BC5379C285D283EA9E4208 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >
August 17th, 2010, 06:44 PM
klarej

and the extras.txt

OTL Extras logfile created on: 8/17/2010 11:24:24 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Goody Two Shoes\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.00 Mb Total Physical Memory | 429.00 Mb Available Physical Memory | 58.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 45.88 Gb Free Space | 82.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 248.88 Mb Total Space | 39.13 Mb Free Space | 15.72% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOM-PC
Current User Name: Goody Two Shoes
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\WINDOWS\system32\CNAB4RPK.EXE" = C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process -- (CANON INC.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{E1230694-33DA-4E74-82E1-06CC9D545E9B}" = Windows Vista Sounds Pack
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"am-ancientsecrets" = Ancient Secrets
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = BCM Wireless Network Adapter
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"EPSON Printer and Utilities" = EPSON Printer Software
"GameHouse" = GameHouse
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSNINST" = MSN
"RealPlayer 6.0" = RealPlayer
"Sage Accounts 8.20" = Sage Accounts 8.20
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Vista Ultimate Edition final_is1" = Vista Ultimate Edition final v1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2009 7:40:52 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3334, faulting module
unknown, version 0.0.0.0, fault address 0x003a004c.

Error - 11/14/2009 7:42:25 AM | Computer Name = GTS | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/15/2009 10:46:36 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/15/2009 10:47:35 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
directdrawvideooutput.dll, version 3.0.0.166, fault address 0x0000220c.

Error - 11/15/2009 10:47:59 AM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/17/2009 12:59:06 PM | Computer Name = GTS | Source = Application Error | ID = 1000
Description = Faulting application divx player.exe, version 7.2.0.19, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 12/4/2009 8:36:12 PM | Computer Name = GTS | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed

Error - 12/17/2009 6:57:01 PM | Computer Name = GTS | Source = WLTRYSVC | ID = 2
Description = SetServiceStatus() failed

Error - 5/4/2010 8:32:21 AM | Computer Name = TOM-PC | Source = Application Error | ID = 1000
Description = Faulting application thoosje vista sidebar.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x00380035.

Error - 5/7/2010 9:39:15 AM | Computer Name = TOM-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/17/2010 5:32:07 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :0" could not be registered on the Interface
with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not
allow the name to be claimed by this machine.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = NetBT | ID = 4321
Description = The name "TOM-PC :20" could not be registered on the Interface
with IP address 192.168.2.3. The machine with the IP address 192.168.2.2 did not
allow the name to be claimed by this machine.

Error - 8/17/2010 5:32:49 PM | Computer Name = TOM-PC | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{390B2F00-7D4E-4DD1-A26E-1E74DC289CA6}
because another computer on the network has the same name. The server could not
start.

Error - 8/17/2010 5:37:36 PM | Computer Name = TOM-PC | Source = Service Control Manager | ID = 7034
Description = The WLTRYSVC service terminated unexpectedly. It has done this 1
time(s).

Error - 8/17/2010 6:20:44 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:20:50 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:21:38 PM | Computer Name = TOM-PC | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 8/17/2010 6:24:53 PM | Computer Name = TOM-PC | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 8/17/2010 6:24:53 PM | Computer Name = TOM-PC | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

< End of report >
August 17th, 2010, 06:59 PM
Broni
I'm glad to hear good news :)

Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  Code:
  
  :OTL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.) [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2010/08/12 07:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint @Alternate Data Stream - 16 bytes -> C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID @Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 :Services :Reg :Files :Commands [purity] [emptytemp] [emptyflash] [Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- You will get a log that shows the results of the fix. Please post it.
================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
- Double-click SecurityCheck.exe
- Follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt; please post the contents of that document.
2. Download Temp File Cleaner (TFC)
- Double click on TFC.exe to run the program.
- Click on Start button to begin cleaning process.
- TFC will close all running programs, and it may ask you to restart computer.
3. Go to Kaspersky website and perform an online antivirus scan.
- Disable your active antivirus program.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  - Spyware, Adware, Dialers, and other potentially dangerous programs
  - Archives
  - Mail databases
- Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
August 17th, 2010, 07:07 PM
klarej

You are an angel!!!!!

ok I'm going through these steps one by one.......
please bear with me.
here's the otl log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Infodelivery\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
Unable to delete ADS C:\Documents and Settings\Goody Two Shoes\My Documents\Shareaza Downloads:Shareaza.GUID .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Goody Two Shoes
->Temp folder emptied: 403 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 47184256 bytes
->Flash cache emptied: 1554 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 17395 bytes
->Flash cache emptied: 6641 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 2383 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 45.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Goody Two Shoes
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08182010_000242

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
August 17th, 2010, 07:10 PM
klarej

checkup.txt:

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 4
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Avira AntiVir Personal - Free Antivirus
Antivirus out of date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.0.7) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
August 17th, 2010, 07:15 PM
Broni
Quote:

You are an angel!!!!!

Hahaha....

1. You need to update Internet Explorer to at least version 7. Version 6 is obsolete and dangerous.
2. Why your Avira is listed as outdated. Please, update it.
3. Update Firefox to current version.
4. You need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
- Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
August 17th, 2010, 07:15 PM
klarej

OK, to run the Temp File Cleaner it says that I MUST be logged in as an administrator..........?

I only see the administrator log in when the computer's in safe mode.........
should I run it in safe mode?
August 17th, 2010, 07:19 PM
Broni

Hmmm....strange...

Run this instead...

Download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Unselect Cookies.
Click the Empty Selected button.

If you use Firefox browser
Click Firefox at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

If you use Opera browser
Click Opera at the top and choose: Select All
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Unselect Cookies.
Click the Empty Selected button.

Click Exit on the Main menu to close the program.
August 17th, 2010, 07:29 PM
klarej

ok, the ATF cleaner ran fine, but I'm having problemswith Kaspersky.
I recieve this error message

"Launch of the Java application is interrupted! Please establish an uninterrupted Internet connection for work with this program."
August 17th, 2010, 07:41 PM
Broni
Run this instead....

Please run a free online scan with the ESET Online Scanner
- Disable your antivirus program
- Tick the box next to YES, I accept the Terms of Use
- IMPORTANT! UN-check Remove found threats
- Click Start
- Accept any security warnings from your browser.
- Check Scan archives
- Click Start
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- When the scan completes, push List of found threats
- Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
August 17th, 2010, 08:14 PM
klarej

I definately see the light at the end of the tunnel!!!!!!!

JavaRa has removed old versions of java
I have updated Avira
just going to update Firefox..... and Internet Explorer.........

The Eset scan didn't find any threats so I don't have a report....
is this ok?
August 17th, 2010, 08:32 PM
Broni

Good :)

When you're done....

OTL Clean-Up
Clean up with OTL:

* Double-click OTL.exe to start the program.
* Close all other programs apart from OTL as this step will require a reboot
* On the OTL main screen, press the CLEANUP button
* Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

==============================================================

Your computer is clean https://discussions.virtualdr.com/

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

Turn off System Restore:

- Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
- Windows Vista and 7:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK

2. Restart computer.

3. Turn System Restore on.

4. Make sure, Windows Updates are current.

5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. Run defrag at your convenience.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
August 17th, 2010, 08:51 PM
klarej

:D
sounds great! A CLEAN COMPUTER!!!!!! HURRAH!

Just one last question before I action these final steps.....
I have updated firefox which in turn prompted me to update adobe flash reader.
However, Internet Explorer failed to update though......
any suggestions?
August 17th, 2010, 08:54 PM
Broni

Get standalone installer: http://www.microsoft.com/Downloads/d...displaylang=en
August 17th, 2010, 10:06 PM
klarej

right........
I'm all downloaded and updated.
I have a clean laptop.
Can't believe you managed to sort it out. I thought it was for the recycling bin myself.
Can't begin to thank you enough.
As I said before........ You are an ANGEL!!!

A virtual one....... :D
xx

Show 40 post(s) from this thread on one page