# Win32:Rootkit-gen [rtk]



## 8dalejr.fan (Nov 20, 2005)

Avast said I had signs of Win32:Rootkit-gen [rtk] in a naswmon.sys file located in my Temp files folder... it quarantined it and I cleared out the temp files. Reappared as natinrvx.sys in the Temp files again, did the same thing. Avast seems to keep catching a different file every time I put a CD in to load up a game... I guess it does its scan then and finds something in my Temp folders. I'm running a full scan now but I figure I'd post this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:35:39 PM, on 20/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - 
O16 - DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} (InstallerAX Class) - http://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iRacing.com Helper Service (iRacingService) - iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 11357 bytes


----------



## 8dalejr.fan (Nov 20, 2005)

Bump


----------



## SweetTech (Jan 1, 1970)

My name is *SweetTech.* I would be glad to take a look at your log and help you with solving any malware problems. I'd be grateful if you would note the following:


Logs from malware removal programs (DDS is one of them) can take some time to analyze. I need you to be *patient* while I analyze any logs you post.
Please make sure to *carefully read* any instruction that I give you.
Reading too lightly will cause you to miss important steps, which could have *destructive* effects.
*If you're not sure, or if something unexpected happens, do NOT continue!* Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
*Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!*
If I instruct you to download a specific tool in which you already have, _please delete the copy that you have and re-download the tool._ The reason I ask you to do this is because these tools are updated fairly regularly.
Please do _*not use*_ the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this *together  
Because of this, you must reply within three days* failure to reply will result in the topic being *closed!*
*Please do not PM me directly for help.* If you have any questions, post them in this topic. *The only time you can and should PM me is when I have not been replying to you for several days (usually around 4 days)* and you need an explanation. If that's the case, just send me a message on here. 
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system. 
_Don't worry_, this only happens in severe cases, but it sadly does happen. *Be prepared to back up your data. Have means of backing up your data available.*

____________________________________________________

*OTL Custom Scan*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Custom Scan paste this in
*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


*NEXT:*

*Scanning with GMER*

Please download *GMER* from one of the following locations and save it to your desktop:

Main Mirror
_This version will download a randomly named file (Recommended)_
Zipped Mirror
_This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop._


Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
Double-click on the *randomly named* GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
_Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe._










GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. _(do not use the computer while the scan is in progress)_
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click *NO*.
Now click the *Scan* button. If you see a rootkit warning window, click OK.
When the scan is finished, click the *Save...* button to save the scan results to your Desktop. Save the file as *gmer.log*.
Click the *Copy* button and paste the results into your next reply.
Exit GMER and be sure to *re-enable* your anti-virus, Firewall and any other security programs you had disabled.
_-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, *uncheck* Devices on the right side before scanning_.

*NEXT:*

*Please make sure you include the following items in your next post:*
*1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The logs that were produced after running the OTL scans. _(OTL.txt & Extras.txt)_
*3.* The log that was produced after running GMER
*4.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*


----------



## 8dalejr.fan (Nov 20, 2005)

OTL logfile created on: 23/05/2010 1:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 4.91 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (iRacingService) -- C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (sensorsview) -- C:\WINDOWS\system32\drivers\sensorsview.sys (Windows (R) 2000 DDK provider)
DRV - (atitray) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (papycpu2) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (IniPciCheck) -- C:\WINDOWS\system32\drivers\IPciChk.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nascar.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 20:12:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2009/07/21 16:01:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} http://download.howudodat.com/chatterbox/download/appdl.cab (AppDLCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} http://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab (InstallerAX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} https://oca.microsoft.com/en/secure/ocarpt.CAB (OcarptMain Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.153.23.66 24.153.23.195 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e37247df-9766-11db-9ff5-000cf1a3a5e2}\Shell - "" = AutoRun
O33 - MountPoints2\{e37247df-9766-11db-9ff5-000cf1a3a5e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e37247df-9766-11db-9ff5-000cf1a3a5e2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/07/29 20:40:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 13:12:03 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/20 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\SystemRequirementsLab
[2010/05/14 13:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western_Digital
[2010/05/14 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Western Digital
[2010/05/14 13:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/14 13:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/05/14 13:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/05/14 13:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western Digital
[2010/05/13 18:55:22 | 004,142,592 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\qtintf.dll
[2010/05/13 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\APC
[2010/05/13 18:53:11 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/05/10 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\F1 Challenge GP10
[2010/04/30 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\TJSoft
[2010/04/30 15:39:01 | 000,000,000 | ---D | C] -- C:\f5c7058883af7d0511f35cf76916
[2010/04/29 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2009/07/24 13:25:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 13:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004UA.job
[2010/05/23 13:15:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 13:12:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/23 13:00:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/23 12:58:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 12:57:36 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/23 12:57:21 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 12:57:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 12:56:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 12:56:39 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/22 01:23:59 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.dat
[2010/05/22 01:23:58 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/22 01:23:58 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/22 01:23:58 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/22 01:23:58 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/22 01:23:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/22 01:23:58 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/22 01:23:58 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/22 01:23:58 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/22 01:23:24 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.ini
[2010/05/22 01:22:40 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2010/05/22 01:22:33 | 002,646,372 | -H-- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\IconCache.db
[2010/05/21 23:23:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004Core.job
[2010/05/21 17:49:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/20 17:11:25 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/20 16:55:07 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences.dat
[2010/05/20 16:53:41 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences2.dat
[2010/05/19 13:10:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/17 17:30:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/17 13:24:21 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 19:37:18 | 000,000,659 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2010/05/15 13:19:11 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 18:55:21 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/10 19:46:55 | 000,030,800 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/10 06:40:02 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 22:31:18 | 000,001,267 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 16:48:04 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/03 17:40:14 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2010/04/30 15:37:44 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/30 15:37:44 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 15:37:44 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 17:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\Google Chrome.lnk
[2010/04/29 17:10:03 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/04/29 17:10:03 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 21:37:57 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/24 21:18:57 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/21 17:18:15 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/17 13:24:20 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 11:55:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 21:15:07 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/13 18:55:29 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/13 18:55:21 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/03 17:40:14 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2009/07/24 13:25:47 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/07/24 13:25:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/07/02 07:46:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Michael_Walltrip.ini
[2008/07/11 11:22:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/18 09:40:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/18 09:40:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/18 09:40:17 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/18 09:40:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/18 09:40:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/16 13:16:27 | 000,002,168 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/11/10 20:15:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/20 17:55:46 | 000,000,911 | ---- | C] () -- C:\WINDOWS\Sof.INI
[2007/09/01 15:11:10 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/15 07:49:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/08/12 18:00:00 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/08/12 18:00:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/06/03 16:01:03 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/06/03 16:00:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2005/06/01 16:33:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\msxct2.ini
[2005/05/03 22:59:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/02/12 23:21:39 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/12 23:21:11 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/09 14:15:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/09 09:20:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/05 07:34:42 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2005/01/02 01:50:17 | 000,000,659 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2005/01/02 00:10:04 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2004/12/25 18:06:18 | 000,000,869 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2004/12/23 03:31:27 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2004/10/31 11:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/10/26 16:13:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/15 16:07:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/12 09:04:46 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/04 03:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 17:45:02 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2004/08/02 17:45:02 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2004/08/02 17:42:42 | 000,000,194 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/08/01 11:33:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/29 21:32:30 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/07/29 21:32:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/29 21:31:01 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/07/29 21:23:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/27 23:33:36 | 000,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/01/18 22:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ARCA Download Client
[2009/02/28 21:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ARCA Leverage Client
[2005/10/26 15:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2004/08/02 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/08 11:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/04/27 14:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Itiva
[2004/09/10 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/10/26 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/12/28 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/11/09 19:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/14 13:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/14 13:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/12/27 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/31 17:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\.clue-by-4.org
[2005/02/26 16:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Atari
[2004/08/02 22:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\InterTrust
[2004/08/02 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Leadertech
[2005/03/18 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Ratbag
[2005/02/13 22:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\spweng
[2010/05/20 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\SystemRequirementsLab
[2005/04/27 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Tenebril
[2010/05/14 13:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Western Digital
[2005/04/06 15:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\{12EE7A5E-0674-42f9-A76B-000000004D00}
[2010/05/23 13:00:10 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/10/29 17:39:40 | 000,000,303 | ---- | M] () -- C:\Boot.bak
[2010/04/29 17:10:03 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/05 13:48:55 | 000,000,622 | ---- | M] () -- C:\ComboFix-quarantined-files.txt
[2009/07/21 16:09:57 | 000,013,531 | ---- | M] () -- C:\ComboFix.txt
[2007/04/23 17:23:29 | 000,006,388 | ---- | M] () -- C:\ComboFix2.txt
[2003/08/01 21:52:08 | 000,243,200 | ---- | M] () -- C:\composite2.max
[2004/07/29 20:40:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/23 12:56:39 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/27 17:10:05 | 000,000,048 | ---- | M] () -- C:\hWaitEventRetryInstall
[2004/07/29 20:40:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/26 16:43:18 | 000,003,248 | ---- | M] () -- C:\LGSInst.Log
[2004/12/26 12:24:10 | 000,000,004 | ---- | M] () -- C:\loadcounter.dat
[2005/01/14 16:06:20 | 000,000,184 | ---- | M] () -- C:\m00.exe.js
[2003/08/01 21:52:08 | 000,001,130 | ---- | M] () -- C:\MAXFILES.TXT
[2004/07/29 20:40:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/10/29 17:35:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/10/29 17:35:30 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/23 12:56:36 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/04/27 22:00:11 | 000,000,599 | ---- | M] () -- C:\rootlog.txt
[2007/04/14 13:55:33 | 000,000,342 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/07/29 16:20:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/07/29 16:20:02 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/07/29 16:20:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /180 >
[2009/11/24 18:47:54 | 000,027,408 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2009/11/24 18:50:00 | 000,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2009/11/24 18:51:09 | 000,093,424 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2009/11/24 18:50:59 | 000,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2009/11/24 18:48:57 | 000,023,120 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2009/11/24 18:50:12 | 000,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2009/11/24 18:49:07 | 000,048,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
[2010/04/24 21:18:57 | 000,138,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\PnkBstrK.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


----------



## 8dalejr.fan (Nov 20, 2005)

OTL Extras logfile created on: 23/05/2010 1:16:58 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 497.00 Mb Available Physical Memory | 49.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 4.91 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe" = C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc.
Bellevue, WA 98005)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe" = C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Enabled:SoF2MP -- ()
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\ARCA Remax\ARCA.exe" = C:\Program Files\ARCA Remax\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\ARCA Download Client\ARCALeverageClient.exe" = C:\Program Files\ARCA Download Client\ARCALeverageClient.exe:*:Enabled:ARCA Download Client -- (ARCA Remax)
"C:\Program Files\ARCA 08\ARCA.exe" = C:\Program Files\ARCA 08\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\iRacing\iRacingService.exe" = C:\Program Files\iRacing\iRacingService.exe:*:Enabled:iRacingService -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingSim.exe" = C:\Program Files\iRacing\iRacingSim.exe:*:Enabled:iRacingSim -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLocalServer.exe" = C:\Program Files\iRacing\iRacingLocalServer.exe:*:Enabled:iRacingLocalServer -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingChat.exe" = C:\Program Files\iRacing\iRacingChat.exe:*:Enabled:iRacingChat -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLauncher.exe" = C:\Program Files\iRacing\iRacingLauncher.exe:*:Enabled:iRacingLauncher -- ()
"C:\Program Files\iRacing\updater\iRacingUpdater.exe" = C:\Program Files\iRacing\updater\iRacingUpdater.exe:*:Enabled:iRacingUpdater -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2F985C5E-4A0B-4ABF-8973-462F0F7E6884}_is1" = Talent Editor 2.0.3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40EE9162-F1DB-4D52-BEE4-013BFD523B8D}" = NEXTEL Track Updates
"{438BC259-E54C-4392-008E-2808B9C251CA}" = The Sims 2 Body Shop
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6814719C-B9E4-4C28-9E52-64C452E541AA}" = ARCA Leverage Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{9AF3F959-15FF-4BF7-AE25-43D54EB8557E}_is1" = Version 1.5
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10911FF-8969-43FD-B10D-DF8CA72C3269}" = NRatings
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EA1217B4-27D1-4964-B2C1-4A9E4AA1AB52}" = ARCA Leverage Client
"{EAC6DD68-514C-4B5D-009B-A36FF942C14B}" = F1 Challenge 99-02
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AceGain_LiveUpdate" = AceGain LiveUpdate 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"ARCA Remax" = ARCA Remax (remove only)
"ARCA REMAX Mod1.0" = ARCA REMAX Mod
"ARCAUPDATERv1" = ARCAUPDATERv1
"avast!" = avast! Antivirus
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BFVCC Server Manager1.00_A Beta" = BFVCC Server Manager
"Bink and Smacker" = Bink and Smacker
"CAL" = Canon Camera Access Library
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"chevy_winning_moments" = chevy_winning_moments Screen Saver
"Conversion Pack for CTDP MODs v1.1" = Conversion Pack CTDP Seasons
"CSCLIB" = Canon Camera Support Core Library
"Dell AIO Printer A940" = Dell AIO Printer A940
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DriveFit" = DriveFit
"EOS Utility" = Canon Utilities EOS Utility
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps
"Free Internet Eraser_is1" = Free Internet Eraser 2.05
"GoToAssist" = GoToAssist 8.0.0.508
"GPS Setup_is1" = Greenville-Pickens Speedway v1.1
"HaboDaCosta FR2000 Mod" = HaboDaCosta FR2000 Mod
"HD Tune_is1" = HD Tune 2.55
"High Detail F1 2004 MOD (Basic Version) v1" = Conversion Pack CTDP Seasons
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5CE42363-EC4B-4D0D-A27B-9B48F253E556}" = LimeWire
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Itiva Media Accelerator" = Itiva Media Accelerator
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"LimeWire" = LimeWire 4.8.1
"LMPV2_is1" = Late Model Mod V2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Michael_Walltrip_is1" = Michael_Walltrip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoRacer2CurVer" = Moto Racer 2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nascar Nextel Cup Series 2004 Update Final Version" = Nascar Nextel Cup Series 2004 Update Final Version
"NCTS_09_Update_V1.2" = NCTS_09_Update_V1.2
"NCTS09_1_1" = NCTS09_1_1
"Network Play System (Patching)" = Network Play System (Patching)
"NFL_Cup_Cars_Mod_1.0" = NFL Cup Cars Mod 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"Om3gA Racing's NK23 CTS2007" = Om3gA Racing's NK23 CTS2007
"OWR Mod For Papyrus NR2003 Season" = OWR Mod For Papyrus NR2003 Season
"Panda ActiveScan" = Panda ActiveScan
"Phoenix International Raceway 2004+" = Phoenix International Raceway 2004+
"Phoenix International Raceway 2005-Night" = Phoenix International Raceway 2005-Night
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Ping Plotter Freeware" = Ping Plotter Freeware
"PrintMaster Gold 2.10" = PrintMaster Gold 2.10
"Project Wildfire Trans Am Series for Nascar Racing 2003" = Project Wildfire Trans Am Series for Nascar Racing 2003
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Race Points Manager_is1" = Race Points Manager
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scribe" = Express Scribe Uninstall
"Security Task Manager" = Security Task Manager 1.6f
"SensorsView Pro 3.1" = SensorsView Pro 3.1
"Sketchpad" = Sketchpad
"Soldier of Fortune" = Soldier of Fortune
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor_is1" = Spyware Doctor 3.1
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"ST4UNST #1" = N4 Utility Machine
"ST6UNST #1" = Points Calculator v1.06
"ST6UNST #2" = Points Calculator v1.06 (C:\Program Files\WCPoints\)
"Steam App 4260" = RACE 07 Demo
"SystemRequirementsLab" = System Requirements Lab
"TrackPack 2004 V1.0 for F1 2004 MOD by CTDP v1" = Conversion Pack CTDP Seasons
"TVUPlayer" = TVUPlayer 2.3.7.1
"Whelen Modified Tour Mod for NASCAR Racing 2003 Season" = Whelen Modified Tour Mod for NASCAR Racing 2003 Season
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Digital
Editions\Category.etb failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Digital
Editions\Category.etb failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Collab\RSS
failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf failed, 0000A413.

Error - 27/12/2009 9:53:53 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf failed, 0000A413.

Error - 27/12/2009 9:53:58 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\sclgntfy.dll failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\ntuser.tmp failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\KBDUS.DLL failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wuaueng.dll.mui failed, 0000A413.

[ Application Events ]
Error - 07/04/2010 11:50:46 AM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.5604.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 18/04/2010 4:29:34 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/04/2010 1:29:07 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application nr2003.exe, version 1.2.0.1, faulting module 
unknown, version 0.0.0.0, fault address 0x03991b3d.

Error - 20/10/2003 1:00:22 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 20/10/2003 1:01:13 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 30/04/2010 3:28:51 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:28 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:32 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1001
Description = Fault bucket 127288302.

Error - 12/05/2010 8:01:14 AM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2010 1:02:40 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3072, fault address 0x0003a09e.

[ System Events ]
Error - 20/05/2010 8:29:38 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The naswmon service failed to start due to the following error: %%2

Error - 20/05/2010 8:47:15 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The natinrvx service failed to start due to the following error: %%2

Error - 21/05/2010 3:08:58 PM | Computer Name = LINDA-X9D9JVIDH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.101 for the Network Card with network
address 000CF1A3A5E2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 21/05/2010 6:19:04 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The bi8042pr service failed to start due to the following error: %%2

Error - 21/05/2010 7:33:36 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The tpfmodnt service failed to start due to the following error: %%2

Error - 21/05/2010 7:35:19 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The ytermdd service failed to start due to the following error: %%2

Error - 21/05/2010 9:05:40 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The jswmidi service failed to start due to the following error: %%2

Error - 21/05/2010 11:31:32 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The awatv06n service failed to start due to the following error: %%2

Error - 21/05/2010 11:55:05 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The dusbhub service failed to start due to the following error: %%2

Error - 21/05/2010 11:57:16 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The qatmlane service failed to start due to the following error: %%2

< End of report >


----------



## SweetTech (Jan 1, 1970)

Hello,

Are you working on the GMER scan now?

Cheers,
ST.


----------



## 8dalejr.fan (Nov 20, 2005)

Hi ST, 

Yes, I'm running the scan. It's taking quite some time.  I'll post the log this afternoon as soon as it's done. 

Thanks for the help.


----------



## SweetTech (Jan 1, 1970)

Okay. Thanks for letting me know.

ST.


----------



## 8dalejr.fan (Nov 20, 2005)

It got as far as C:\WUTemp

Then an error message appeared. I clicked OK, and more messages appeared with different file names. I took a screenshot but I can't post it (see below). GMER then crashed. 

It says my computer is unable to communicate with my APC battery backup. 

And now I can't open up Task Manager, it says it failed to initialize. All applications are freezing and I can't turn back on my Firewall to post the picture. 

Everything is worse. It seems inoperable.

The computer is currently frozen. What should I do?


----------



## 8dalejr.fan (Nov 20, 2005)

Ok, it's unfrozen. 

I can't launch Task Manager anymore. This message appears:
"The application failed to initialize properly (0xc0000017). Click on OK to terminate the application. 

I was able to turn Firewall back on after the GMER scan and I'll post what I can. 

It still says the computer can't communicate with the APC backup battery. Under the Start menu, the little pictures are missing beside My Music, My Computer, My Network Places, Control Panel, Help and Support, Search, Run, and Dell Solution Centre. Plus the aforementioned Task Manager not working and GMER crashing.


----------



## 8dalejr.fan (Nov 20, 2005)

I can't launch Internet Explorer, or any other program. 

It says "Insufficient system resources exist to complete the requested service."


----------



## SweetTech (Jan 1, 1970)

Drive C: | 111.75 Gb Total Space | 4.91 Gb Free Space | 4.40% Space Free | Partition Type: NTFS

The above was taken from your log. It says that you only have 4.91 GB of Free Space left, and this could be contributing to why you are experiencing so many issues with launching programs and performing other tasks with your PC.

It may be helpful to uninstall some programs that you no longer use, remove any files you no longer need, and then empty your recycling bin.

Try to the above first to see if it allows you to run things more smoothly. If it doesn't then post back and we will look for a different approach to take.

Cheers,
ST.


----------



## 8dalejr.fan (Nov 20, 2005)

I've had 5 Gb free space for years and everything worked fine. 

I can't do ANYTHING, not even launch the Internet, Task Manager, or Add/Remove Programs. I can't run anything, period. Things are way worse now. Worked fine an hour ago. When I had the virus, just a message would pop up here and there but everything would work. Now everything is inoperable.


----------



## SweetTech (Jan 1, 1970)

Hello,

Lets see if things will work better for you in Safe Mode w/ Networking. We will try to download and run a tool from there.

*Booting into Safe Mode w/ Networking*
Please boot into *Safe Mode with Networking* if you are still unable to boot to normal mode.

*Next.*


Please start *Internet Explorer*, and when the program is open, click on the *Tools* menu and then select *Internet Options*.

Now click on the *Connections tab*.

Now click on the *Lan Settings* button.

Under the *Proxy Server* section, please *uncheck *the checkbox labeled *Use a proxy server for your LAN*. Then press the *OK* button to close this screen.

Then press the *OK* button to close the Internet Options screen. Now that you have disabled the proxy server you should now able to browse the web again with Internet Explorer.

*NEXT:*

*Running ComboFix*
Download *ComboFix* from one of the following locations:
*Link 1* 
*Link 2 *

*VERY IMPORTANT !!!* Save ComboFix.exe to your *Desktop *

* IMPORTANT - *Disable your Anti-Virus and Anti-Spyware applications*, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here 


Double click on *ComboFix.exe* & follow the prompts.

As part of it's process, *ComboFix will check to see if the Microsoft Windows Recovery Console* is installed. With malware infections being as they are today, it's *strongly recommended *to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.











Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:











*Click on Yes*, to continue scanning for malware.

When finished, it shall produce a log for you.* Please include the C:\ComboFix.txt in your next reply.*
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

*Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now*

*NEXT:*

*If your able to download and run ComboFix successfully please post back with the log it produced.*


----------



## 8dalejr.fan (Nov 20, 2005)

Hit Start - Restart and then a BSOD came up as soon as the computer was trying to reboot (before I could press F8 for Safe Mode): 

0x0000007E (0xC0000005, 0xF636CDD2, 0xB9EF77FC, 0xB9EF74F8)
ctoss2k.sys - Address F636CDD2 base at F635E000, DateStamp 3e81578e


----------



## 8dalejr.fan (Nov 20, 2005)

Booting into Safe Mode with Networking now.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Running ComboFix.


----------



## 8dalejr.fan (Nov 20, 2005)

ComboFix log in next post.

Should I stay in Safe Mode with Networking, try to reboot into Normal Mode, or shut the machine off?


----------



## 8dalejr.fan (Nov 20, 2005)

ComboFix 10-05-23.01 - Mikey Chrobok 23/05/2010 15:56:02.4.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.776 [GMT -4:00]
Running from: c:\documents and settings\Mikey Chrobok\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\Mikey Chrobok\GoToAssistDownloadHelper.exe
c:\documents and settings\NetworkService\Application Data\Microsoft\HTML Help\hh.dat
c:\windows\BackUp
c:\windows\BackUp\T\50213000.DAT
c:\windows\system32\VB40032.DLL

.
((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-20 21:25 . 2010-05-20 21:25	85504	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-20 21:25 . 2010-05-20 21:25	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Application Data\SystemRequirementsLab
2010-05-14 17:26 . 2010-05-14 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\WD_SmartWareCommon
2010-05-14 17:19 . 2010-05-14 17:19	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Western_Digital
2010-05-14 17:19 . 2010-05-14 17:19	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Application Data\Western Digital
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Western Digital
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\program files\Western Digital
2010-05-14 17:17 . 2010-05-14 17:17	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Western Digital
2010-05-13 22:55 . 2004-08-10 19:35	4142592	----a-w-	c:\windows\system32\qtintf.dll
2010-05-13 22:55 . 2010-05-13 22:55	--------	d-----w-	c:\program files\APC
2010-05-13 22:53 . 2001-08-17 17:58	9344	-c--a-w-	c:\windows\system32\dllcache\compbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	9344	----a-w-	c:\windows\system32\drivers\compbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	19200	-c--a-w-	c:\windows\system32\dllcache\hidbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	19200	----a-w-	c:\windows\system32\drivers\hidbatt.sys
2010-05-13 22:53 . 2001-08-17 17:57	14080	-c--a-w-	c:\windows\system32\dllcache\battc.sys
2010-05-13 22:53 . 2001-08-17 17:57	14080	----a-w-	c:\windows\system32\drivers\battc.sys
2010-05-11 00:37 . 2010-05-11 10:59	--------	d-----w-	c:\program files\F1 Challenge GP10
2010-04-30 19:49 . 2010-04-30 19:49	--------	d-----w-	c:\program files\TJSoft
2010-04-30 19:39 . 2010-04-30 19:39	--------	d-----w-	C:\f5c7058883af7d0511f35cf76916
2010-04-29 21:04 . 2010-04-29 21:04	--------	d-----w-	c:\program files\HD Tune

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 05:23 . 2009-07-24 17:28	288	----a-w-	c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2010-05-22 05:23 . 2009-07-24 17:28	288	----a-w-	c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2010-05-21 21:16 . 2008-07-23 23:04	--------	d-----w-	c:\documents and settings\LocalService\Application Data\SACore
2010-05-21 19:26 . 2007-04-05 19:17	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-05-20 23:45 . 2009-08-17 02:08	--------	d-----w-	c:\program files\iRacing
2010-05-20 21:26 . 2008-02-27 20:20	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-20 20:55 . 2008-07-04 19:10	42	----a-w-	c:\documents and settings\Mikey Chrobok\jagex_runescape_preferences.dat
2010-05-20 20:53 . 2009-09-03 21:23	75	----a-w-	c:\documents and settings\Mikey Chrobok\jagex_runescape_preferences2.dat
2010-05-13 22:55 . 2004-07-30 01:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-10 23:46 . 2004-10-05 00:49	30800	----a-w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 01:51 . 2004-08-04 16:52	--------	d-----w-	c:\program files\EA SPORTS
2010-05-02 21:46 . 2005-01-09 02:57	--------	d-----w-	c:\program files\Avery Wizard
2010-04-30 19:27 . 2008-06-16 15:15	--------	d-----w-	c:\program files\NRatings
2010-04-25 01:37 . 2007-09-01 19:10	215128	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-04-25 01:18 . 2007-09-01 19:11	138384	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-04-23 03:55 . 2010-04-23 03:43	--------	d-----w-	c:\program files\F1 2010
2010-04-08 00:13 . 2010-04-08 00:13	1024	----a-w-	c:\documents and settings\All Users\Application Data\BVRP Software\FaxTools\faxres.cmd
2010-04-04 22:48 . 2010-04-04 22:48	0	----a-w-	c:\documents and settings\Mikey Chrobok\jagex__preferences3.dat
2010-03-29 18:22 . 2004-08-12 13:04	10022	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-03-14 21:11 . 2010-03-05 15:25	439816	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\Real\Update\setup3.10\setup.exe
2005-10-22 23:44 . 2005-10-06 02:31	0	---h--w-	c:\program files\viewpoint
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-5-13 221247]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-8-2 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 15:39	282624	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-08 15:09	10536	----a-w-	c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
2004-01-01 02:12	417792	----a-w-	c:\program files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-17 00:03	133104	----atw-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itiva Media Accelerator]
2008-06-04 23:09	4994288	----a-w-	c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-10-08 13:49	53248	----a-w-	c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-06-15 23:15	366400	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 05:01	155648	----a-w-	c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-23 14:12	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-10-31 12:21	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\ARCA Remax\\ARCA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Program Files\\ARCA Download Client\\ARCALeverageClient.exe"=
"c:\\Program Files\\ARCA 08\\ARCA.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iRacing\\iRacingService.exe"=
"c:\\Program Files\\iRacing\\iRacingSim.exe"=
"c:\\Program Files\\iRacing\\iRacingLocalServer.exe"=
"c:\\Program Files\\iRacing\\iRacingChat.exe"=
"c:\\Program Files\\iRacing\\iRacingLauncher.exe"=
"c:\\Program Files\\iRacing\\updater\\iRacingUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 6:19 PM 13592]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2009 8:44 PM 114768]
S1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22/05/2007 5:04 AM 18088]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11:39 AM 32256]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2009 8:44 PM 20560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 9:00 PM 135664]
S2 IniPciCheck;IniPciCheck;c:\windows\system32\drivers\IPciChk.sys [12/09/2004 11:59 AM 5120]
S2 iRacingService;iRacing.com Helper Service;c:\program files\iRacing\iRacingService.exe [16/08/2009 10:08 PM 458912]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/07/2008 7:03 PM 206096]
S2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [17/08/2007 12:00 PM 4224]
S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13/11/2009 11:28 AM 110592]
S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 8:58 AM 20480]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 4:51 PM 4096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 4:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:59]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:59]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004Core.job
- c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-17 00:03]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004UA.job
- c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-17 00:03]

2010-05-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://nascar.com/
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} - hxxp://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab
.
- - - - ORPHANS REMOVED - - - -

Notify-AtiExtEvent - (no file)
AddRemove-ARCA Remax - c:\program files\ARCA Remax\Uninstall.exe
AddRemove-ARCAUPDATERv1 - c:\program files\ARCA Remax\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 16:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(460)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll
c:\windows\system32\ac3acm.acm
c:\windows\system32\lameACM.acm
.
Completion time: 2010-05-23 16:05:39
ComboFix-quarantined-files.txt 2010-05-23 20:05
ComboFix2.txt 2009-07-21 20:09

Pre-Run: 7,900,749,824 bytes free
Post-Run: 7,936,434,176 bytes free

- - End Of File - - 616D7B7540A9A66425728D6C4B8EFCD7


----------



## SweetTech (Jan 1, 1970)

Hello,

*ComboFix Script*


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".

*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
KillAll::
FileLook::
c:\windows\system32\qtintf.dll
DirLook::
c:\program files\APC
c:\program files\TJSoft
C:\f5c7058883af7d0511f35cf76916
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*











Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you.
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

*NEXT:*

*Scanning with MalwareBytes' Anti-Malware*
Please download *Malwarebytes' Anti-Malware* to your desktop.


Double-click *mbam-setup.exe* and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click *Finish*.
If an update is found, it will download and install the latest version.
Once the program has loaded, select *Perform quick scan*, then click *Scan*.
When the scan is complete, click *OK*, then *Show Results* to view the results.
Be sure that everything is checked, and click *Remove Selected*.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. *

*NEXT:*

*ESET Online Scanner*
*I'd like us to scan your machine with ESET Online Scan*

*Note:* *It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.*



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the







button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on







to download the ESET Smart Installer. *Save* it to your desktop.
Double click on the







icon on your desktop.

Check








Click the







button.
Accept any security warnings from your browser.
Check








Make sure that the option "Remove found threats" is Unchecked
Push the *Start* button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push








Push







, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the







button.
Push









*NEXT:*

*OTL Custom Scan*

*We need to run an OTL Custom Scan*


Please reopen







 on your desktop.
*Copy* and *Paste* the following bolded text into the







textbox.
*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /180
*​
*Push*








A report will open. *Copy* and *Paste* that report in your next reply.

*NEXT:*

*Please make sure you include the following items in your next post:**1.* Any comments or questions you may have that you'd like for me to answer in my next post to you.
*2.* The log that was produced after running the ComboFix scan.
*3.* The log that was produced after running the updated MalwareBytes' Anti-Malware scan.
*4.* The log that was produced after running the ESET Online Virus Scanner.
*5.* The logs that were produced after running the OTL scan.
*6.* An update on how your computer is currently running.​*It would be helpful if you could answer each question in the order asked, as well as numbering your answers.*

Cheers,
SweetTech.


----------



## 8dalejr.fan (Nov 20, 2005)

1) I see you have me killing these two folders with ComboFix:



> c:\program files\APC
> c:\program files\TJSoft


The former is for my APC Uninterruptable Power Supply. 
a) Why are we deleting this? Is it because of the error message I said I got? 
b) Can I reinstall the software for my APC UPS after?

The latter is for a program called nRatings that I use to update car files for a computer racing game. I've used this program for 3 years without issue. It used to be located in the Program Files\NRatings folder but since I downloaded the updated version, the NRatings folder is located in an otherwise empty main folder called TJSoft. Why are we deleting this?

2) My desktop in Safe Mode is full of icons (it is cluttered admittedly but worse in 800x600 mode)... I can't see ComboFix.exe so I can't do a drag and drop because there is no space. Should I go to Normal Mode to do the fix? Or should I try from Documents and Settings\User Name\Desktop to see everything there and do the drag and drop?

3) Should I stay in Safe Mode with Networking to run these fixes?

4) Should I uninstall my current version of MBAM? I already have that application.


----------



## SweetTech (Jan 1, 1970)

Hello,

I wasn't removing those folders. I was getting a better look at them, but if you know what they are then I'll modify my script for you to run below.

I'd like for you to try and run these scans in Normal mode, but if your not able to run them there then revert back to Safe Mode w/ Networking.

New CF Script:

*ComboFix Script*


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
KillAll::
FileLook::
c:\windows\system32\qtintf.dll
DirLook::
C:\f5c7058883af7d0511f35cf76916
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*











Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.


----------



## 8dalejr.fan (Nov 20, 2005)

My apologies. I will try in normal mode.


----------



## 8dalejr.fan (Nov 20, 2005)

Normal mode seems to turn on and applications like Internet Explorer, Task Manager, etc. now work. 

But Avast disappeared from my System Tray. 

Security Centre says it's on and working, but I don't see it. I need to disable this to run ComboFix, no? Should I just do this the manual way (open it up through Program Files)? But where did it go?


----------



## SweetTech (Jan 1, 1970)

It's possible that it's there but hidden, so please go ahead and access Security Center via Program Files.


----------



## 8dalejr.fan (Nov 20, 2005)

Well, it's not hidden in the system tray, and I can't find a way to disable it from within the program itself. It seems like I can only do it with the icon in the system tray, but it's not there. 

I will try a reboot to see if it loads. If not, I'm not sure of another way to disable it. 

I'll be stepping out for about 2 hours but I'll be back then to let you know if I got Avast disabled and ran the ComboFix. 

Could you kindly advise as to whether I should uninstall my version of MBAM to run your Malyware Bytes step?


----------



## SweetTech (Jan 1, 1970)

I must have overlooked MBAM being installed.

*Malwarebytes' Anti-Malware*

I see that you have *Malwarebytes' Anti-Malware* installed on your computer could you please do a scan using these settings:


Open Malwarebytes' Anti-Malware

Select the *Update* tab

Click *Check for Updates*

After the update have been completed, Select the *Scanner* tab.

Select *Perform quick scan*, then click on *Scan*

Leave the default options as it is and click on *Start Scan*

When done, you will be prompted. Click *OK*, then click on *Show Results*

Checked (ticked) all items and click on *Remove Selected*

After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the *Logs* tab. The bottom most log is the latest

*Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.*


----------



## 8dalejr.fan (Nov 20, 2005)

Ok, the Avast system tray icon is not appearing on start-up anymore (it's not hidden). And it's not in the list for MSCONFIG. 

I don't know why that is, and how I can turn off on-access protection now that it doesn't appear. 

Please advise.


----------



## 8dalejr.fan (Nov 20, 2005)

Got them back (at least temporarily) buy running ashDisp.exe in the Avast folder. I'll run the fixes now.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

ComboFix 10-05-23.01 - Mikey Chrobok 23/05/2010 20:50:36.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1023.509 [GMT -4:00]
Running from: c:\documents and settings\Mikey Chrobok\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mikey Chrobok\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100520-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-20 21:25 . 2010-05-20 21:25	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Application Data\SystemRequirementsLab
2010-05-14 17:26 . 2010-05-14 17:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\WD_SmartWareCommon
2010-05-14 17:19 . 2010-05-14 17:19	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Western_Digital
2010-05-14 17:19 . 2010-05-14 17:19	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Application Data\Western Digital
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Western Digital
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\documents and settings\LocalService\Local Settings\Application Data\ServiceTest
2010-05-14 17:18 . 2010-05-14 17:18	--------	d-----w-	c:\program files\Western Digital
2010-05-14 17:17 . 2010-05-14 17:17	--------	d-----w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Western Digital
2010-05-13 22:55 . 2004-08-10 19:35	4142592	----a-w-	c:\windows\system32\qtintf.dll
2010-05-13 22:55 . 2010-05-13 22:55	--------	d-----w-	c:\program files\APC
2010-05-13 22:53 . 2001-08-17 17:58	9344	-c--a-w-	c:\windows\system32\dllcache\compbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	9344	----a-w-	c:\windows\system32\drivers\compbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	19200	-c--a-w-	c:\windows\system32\dllcache\hidbatt.sys
2010-05-13 22:53 . 2001-08-17 17:58	19200	----a-w-	c:\windows\system32\drivers\hidbatt.sys
2010-05-13 22:53 . 2001-08-17 17:57	14080	-c--a-w-	c:\windows\system32\dllcache\battc.sys
2010-05-13 22:53 . 2001-08-17 17:57	14080	----a-w-	c:\windows\system32\drivers\battc.sys
2010-05-11 00:37 . 2010-05-11 10:59	--------	d-----w-	c:\program files\F1 Challenge GP10
2010-04-30 19:49 . 2010-04-30 19:49	--------	d-----w-	c:\program files\TJSoft
2010-04-30 19:39 . 2010-04-30 19:39	--------	d-----w-	C:\f5c7058883af7d0511f35cf76916
2010-04-29 21:04 . 2010-04-29 21:04	--------	d-----w-	c:\program files\HD Tune

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 01:00 . 2009-07-24 17:28	288	----a-w-	c:\windows\system32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2010-05-24 01:00 . 2009-07-24 17:28	288	----a-w-	c:\windows\system32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
2010-05-23 21:17 . 2010-05-23 21:17	503808	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-40b44986-n\msvcp71.dll
2010-05-23 21:17 . 2010-05-23 21:17	499712	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-40b44986-n\jmc.dll
2010-05-23 21:17 . 2010-05-23 21:17	348160	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-40b44986-n\msvcr71.dll
2010-05-21 21:16 . 2008-07-23 23:04	--------	d-----w-	c:\documents and settings\LocalService\Application Data\SACore
2010-05-21 19:26 . 2007-04-05 19:17	--------	d-----w-	c:\program files\SUPERAntiSpyware
2010-05-20 23:45 . 2009-08-17 02:08	--------	d-----w-	c:\program files\iRacing
2010-05-20 21:26 . 2008-02-27 20:20	--------	d-----w-	c:\program files\SystemRequirementsLab
2010-05-20 21:25 . 2010-05-20 21:25	85504	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\SystemRequirementsLab\srlproxy_cyri_4.1.71.0A.dll
2010-05-20 20:55 . 2008-07-04 19:10	42	----a-w-	c:\documents and settings\Mikey Chrobok\jagex_runescape_preferences.dat
2010-05-20 20:53 . 2009-09-03 21:23	75	----a-w-	c:\documents and settings\Mikey Chrobok\jagex_runescape_preferences2.dat
2010-05-13 22:55 . 2004-07-30 01:05	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-10 23:46 . 2004-10-05 00:49	30800	----a-w-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-10 01:51 . 2004-08-04 16:52	--------	d-----w-	c:\program files\EA SPORTS
2010-05-02 21:46 . 2005-01-09 02:57	--------	d-----w-	c:\program files\Avery Wizard
2010-04-30 19:27 . 2008-06-16 15:15	--------	d-----w-	c:\program files\NRatings
2010-04-25 01:37 . 2007-09-01 19:10	215128	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-04-25 01:18 . 2007-09-01 19:11	138384	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-04-23 03:55 . 2010-04-23 03:43	--------	d-----w-	c:\program files\F1 2010
2010-04-08 00:13 . 2010-04-08 00:13	1024	----a-w-	c:\documents and settings\All Users\Application Data\BVRP Software\FaxTools\faxres.cmd
2010-04-04 22:48 . 2010-04-04 22:48	0	----a-w-	c:\documents and settings\Mikey Chrobok\jagex__preferences3.dat
2010-03-29 18:22 . 2004-08-12 13:04	10022	--sha-w-	c:\windows\system32\KGyGaAvL.sys
2010-03-14 21:11 . 2010-03-05 15:25	439816	----a-w-	c:\documents and settings\Mikey Chrobok\Application Data\Real\Update\setup3.10\setup.exe
2005-10-22 23:44 . 2005-10-06 02:31	0	---h--w-	c:\program files\viewpoint
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\qtintf.dll ---
Company: Borland Software Corporation
File Description: Delphi-Qt2.x Interface Library
File Version: 6.0.0.0
Product Name: Delphi-Qt2.x Interface Library
Copyright: Copyright © 2001 Borland Software Corporation
Original Filename: QTINTF.DLL
File size: 4142592
Created time: 2010-05-13 22:55
Modified time: 2004-08-10 19:35
MD5: B5878FB9055F651AB60936C97D990223
SHA1: BE8FC4F0B909E4B4FB51DEDC8985121284376458

---- Directory of C:\f5c7058883af7d0511f35cf76916 ----

2010-04-30 19:39 . 2008-06-19 15:03	73	------w-	c:\f5c7058883af7d0511f35cf76916\i386\msxpsinc.gpd
2010-04-30 19:39 . 2008-06-19 05:33	72	------w-	c:\f5c7058883af7d0511f35cf76916\i386\msxpsinc.ppd
2010-04-30 19:39 . 2008-06-19 05:33	72	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\msxpsinc.ppd
2010-04-30 19:39 . 2008-06-19 05:33	2204	------w-	c:\f5c7058883af7d0511f35cf76916\i386\msxpsdrv.inf
2010-04-30 19:39 . 2008-06-19 05:33	2204	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\msxpsdrv.inf
2010-04-30 19:39 . 2008-07-06 12:06	10929	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\msxpsdrv.cat
2010-04-30 19:39 . 2008-07-06 12:06	10929	------w-	c:\f5c7058883af7d0511f35cf76916\i386\msxpsdrv.cat
2010-04-30 19:39 . 2008-07-06 12:06	147456	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\filterpipelineprintproc.dll
2010-04-30 19:39 . 2008-07-06 12:06	89088	------w-	c:\f5c7058883af7d0511f35cf76916\i386\filterpipelineprintproc.dll
2010-04-30 19:39 . 2008-07-06 12:06	765440	------w-	c:\f5c7058883af7d0511f35cf76916\i386\mxdwdrv.dll
2010-04-30 19:39 . 2008-07-06 12:06	1676288	------w-	c:\f5c7058883af7d0511f35cf76916\i386\xpssvcs.dll
2010-04-30 19:39 . 2008-07-06 12:06	748032	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\mxdwdrv.dll
2008-07-06 21:36 . 2008-07-06 21:36	2936832	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\xpssvcs.dll
2008-06-19 15:03 . 2008-06-19 15:03	73	------w-	c:\f5c7058883af7d0511f35cf76916\amd64\msxpsinc.gpd

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [2003-02-20 28672]
"AsioReg"="CTASIO.DLL" [2003-02-20 110592]
"Dell AIO Printer A940"="c:\program files\Dell AIO Printer A940\dlbabmgr.exe" [2003-06-25 294998]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2010-5-13 221247]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2009-11-13 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2009-11-13 9117504]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-8-2 106560]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-02-27 15:39	282624	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-04-08 15:09	10536	----a-w-	c:\program files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate]
2004-01-01 02:12	417792	----a-w-	c:\program files\AceGain\LiveUpdate\LiveUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-08-17 00:03	133104	----atw-	c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Itiva Media Accelerator]
2008-06-04 23:09	4994288	----a-w-	c:\program files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2004-10-08 13:49	53248	----a-w-	c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-06-15 23:15	366400	----a-w-	c:\program files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StorageGuard]
2003-02-13 05:01	155648	----a-w-	c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-23 14:12	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2004-10-31 12:21	180269	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-03 22:20	866584	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Papyrus\\NASCAR Racing 2003 Season\\NR2003.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\ARCA Remax\\ARCA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Itiva\\Itiva Media Accelerator\\ItivaMediaAccelerator.exe"=
"c:\\Program Files\\ARCA Download Client\\ARCALeverageClient.exe"=
"c:\\Program Files\\ARCA 08\\ARCA.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\iRacing\\iRacingService.exe"=
"c:\\Program Files\\iRacing\\iRacingSim.exe"=
"c:\\Program Files\\iRacing\\iRacingLocalServer.exe"=
"c:\\Program Files\\iRacing\\iRacingChat.exe"=
"c:\\Program Files\\iRacing\\iRacingLauncher.exe"=
"c:\\Program Files\\iRacing\\updater\\iRacingUpdater.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/03/2009 8:44 PM 114768]
R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22/05/2007 5:04 AM 18088]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 12:53 PM 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 11:39 AM 32256]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/03/2009 8:44 PM 20560]
R2 IniPciCheck;IniPciCheck;c:\windows\system32\drivers\IPciChk.sys [12/09/2004 11:59 AM 5120]
R2 iRacingService;iRacing.com Helper Service;c:\program files\iRacing\iRacingService.exe [16/08/2009 10:08 PM 458912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [23/07/2008 7:03 PM 206096]
R2 sensorsview;sensorsview;c:\windows\system32\drivers\sensorsview.sys [17/08/2007 12:00 PM 4224]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [13/11/2009 11:28 AM 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 8:58 AM 20480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 6:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2010 9:00 PM 135664]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 4:51 PM 4096]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [06/05/2008 4:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:59]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 00:59]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004Core.job
- c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-17 00:03]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004UA.job
- c:\documents and settings\Mikey Chrobok\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-17 00:03]

2010-05-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://nascar.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Bar = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm
IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm
DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} - hxxp://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 21:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\Citrix\GoToAssist\508\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(1996)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\CTHELPER.EXE
c:\program files\Dell AIO Printer A940\dlbabmon.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-05-23 21:12:27 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 01:12
ComboFix2.txt 2010-05-23 20:05
ComboFix3.txt 2009-07-21 20:09

Pre-Run: 6,841,692,160 bytes free
Post-Run: 6,802,141,184 bytes free

- - End Of File - - 62B7C8BE035F78F34F55FC42BB0ACA11


----------



## 8dalejr.fan (Nov 20, 2005)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4135

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23/05/2010 9:43:01 PM
mbam-log-2010-05-23 (21-43-01).txt

Scan type: Quick scan
Objects scanned: 128681
Time elapsed: 14 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


----------



## 8dalejr.fan (Nov 20, 2005)

The ESET scanner is still plugging away.


----------



## 8dalejr.fan (Nov 20, 2005)

Not much in the ESET scan... picked up an old version of Combo Fix as a trojan (lol) and some files another anti-malware program took care of a while back.

C:\Documents and Settings\Mikey Chrobok\Desktop\Old Shortcuts\ComboFix.exe	probably a variant of Win32/Agent trojan
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\ddefgh.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\eedfii.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\fgiiii.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\giloqr.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\hkjjkj.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\lmmmoq.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\mmnonn.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\nqtvxx.ini	Win32/Adware.Virtumonde.NEO application
C:\Documents and Settings\Mikey Chrobok\Desktop\WinPFind3u\MovedFiles\WINDOWS\xxwxbc.ini	Win32/Adware.Virtumonde.NEO application


----------



## 8dalejr.fan (Nov 20, 2005)

For the OTL scan, do I put checkmarks in any of the boxes you had me check off the first time we ran the scan, or just open it, paste the text, and run it? 

It's almost 2am! ESET scan took a long time lol I will be back in the morning.


----------



## SweetTech (Jan 1, 1970)

Good Morning,

Before you proceed with the OTL scan, I need to see another log from you.

I would also like to see a list of files quarantined by ComboFix, so please do this:
Click *Start > Run* then copy/paste the following single-line command into the Run box and click *OK*:

*C:\Qoobox\ComboFix-quarantined-files.txt*

A text file should open. Post the contents of that file in your next reply.


----------



## 8dalejr.fan (Nov 20, 2005)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:33 AM, on 24/05/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\iRacing\iRacingService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Java\jre6\bin\jucheck.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nascar.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Search &Dictionary - C:\Program files\Lexico\Toolbar\dictionary.htm
O8 - Extra context menu item: Search &Thesaurus - C:\Program files\Lexico\Toolbar\thesaurus.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howudodat.com/chatterbox/download/appdl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - 
O16 - DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} (InstallerAX Class) - http://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} (OcarptMain Class) - https://oca.microsoft.com/en/secure/ocarpt.CAB
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: iRacing.com Helper Service (iRacingService) - iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730 - C:\Program Files\iRacing\iRacingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 11390 bytes


----------



## 8dalejr.fan (Nov 20, 2005)

2010-05-24 00:50:31 . 2010-05-24 00:50:31 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-05-23 20:50:23 . 2010-05-24 00:42:13 8,590 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat.vir
2010-05-23 20:04:45 . 2010-05-23 20:04:45 454 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ARCAUPDATERv1.reg.dat
2010-05-23 20:04:45 . 2010-05-23 20:04:45 480 ----a-w- C:\Qoobox\Quarantine\Registry_backups\AddRemove-ARCA Remax.reg.dat
2010-05-23 20:04:31 . 2010-05-23 20:04:31 276 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-AtiExtEvent.reg.dat
2010-05-23 20:01:52 . 2010-05-24 00:58:38 5,539 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-05-23 19:52:02 . 2010-05-24 00:49:14 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-04-08 15:09:10 . 2008-04-08 15:09:10 61,224 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Mikey Chrobok\GoToAssistDownloadHelper.exe.vir
2005-10-30 02:30:53 . 2005-10-30 02:30:53 8,590 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\NetworkService\Application Data\Microsoft\HTML Help\hh.dat.vir
2005-02-13 15:04:39 . 2005-02-13 15:04:45 15,751 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\backup\T\50213000.DAT.vir
2001-12-04 03:46:30 . 2001-12-04 03:46:30 722,192 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\VB40032.DLL.vir


----------



## 8dalejr.fan (Nov 20, 2005)

The Avast icons are still gone from the System Tray.


----------



## SweetTech (Jan 1, 1970)

Hello,

*ComboFix Script*


Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. 
They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".


*Copy/paste the text inside the Codebox below into notepad:*

Here's how to do that:
Click* Start > Run* type *Notepad* click *OK.*
This will open an empty notepad file:

*Copy* all the text *inside of the code box* - *Press Ctrl+C* (or right click on the highlighted section and choose 'copy')


```
KillAll::
DeQuarantine::
C:\Qoobox\Quarantine\C\Documents and Settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat.vir
Quit::
```
Now *paste* the copied text into the open notepad - press *CTRL+V* (or right click and choose 'paste')
*
Save this file to your desktop, Save this as "CFScript"*

Here's how to do that:

1.Click *File*;
2.Click *Save As*... Change the directory to your *desktop*;
3.Change the* Save as type* to *"All Files";*
4.Type in the file name: *CFScript*
5.Click *Save ...*











Referring to the *screenshot* above, *drag CFScript.txt* into *ComboFix.exe.*
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. 
*Copy and paste the contents of the log in your next reply.*

CAUTION: *Do not* mouse-click ComboFix's window while it is running. That may cause it to stall.

*NEXT:*

*OTL Custom Scan*


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Check the boxes beside *LOP Check* and *Purity Check*.
Under Extra Registry select *Use Safe List*
Under Custom Scan paste this in
*
netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys 180
*​
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.
You may need two posts to fit them both in.


*NEXT:*


Right-click the *Taskbar*
Select *Properties*
Make sure that the *Hide inactive icons *is *checked.*
Click on *Customize*
Look through the list and search for *Avast*.
Once you've located it make sure that you click the drop down arrow and choose *Always Show.*
Click *OK.*
Back on the Taskbar and Start Menu Properties window click on *Apply* then *OK.*
_*Repeat this process for any other programs that are missing from your system tray._


----------



## 8dalejr.fan (Nov 20, 2005)

I dragged the script and it launched ComboFix. It says there is a new update available and is giving me the option to update or not. What should I do? I'm leaving it on that screen until your instructions.


----------



## SweetTech (Jan 1, 1970)

Please allow it to update.


----------



## 8dalejr.fan (Nov 20, 2005)

ComboFix ran but now the Internet is dead. Seeing if a restart will help.


----------



## 8dalejr.fan (Nov 20, 2005)

This is the only log ComboFix produced. It is called DeQuarantine.txt.

C:\Qoobox\Quarantine\C\Documents and Settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat.vir -> C:\Documents and Settings\Mikey Chrobok\Application Data\Microsoft\HTML Help\hh.dat ( 8590 bytes )


----------



## SweetTech (Jan 1, 1970)

That's the log that was suppose to be produced.


----------



## 8dalejr.fan (Nov 20, 2005)

OTL logfile created on: 24/05/2010 12:19:18 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 464.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 6.23 Gb Free Space | 5.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (iRacingService) -- C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

========== Driver Services (SafeList) ==========

DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (sensorsview) -- C:\WINDOWS\system32\drivers\sensorsview.sys (Windows (R) 2000 DDK provider)
DRV - (atitray) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (papycpu2) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (IniPciCheck) -- C:\WINDOWS\system32\drivers\IPciChk.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nascar.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 20:12:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/05/23 21:02:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} http://download.howudodat.com/chatterbox/download/appdl.cab (AppDLCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} http://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab (InstallerAX Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} https://oca.microsoft.com/en/secure/ocarpt.CAB (OcarptMain Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.153.23.66 24.153.23.195 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/07/29 20:40:11 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/24 11:50:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/24 11:50:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/23 21:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/23 16:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/23 15:52:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/23 15:52:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/23 15:52:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/23 15:51:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Desktop\NASCAR Stuff (Old)
[2010/05/23 13:12:03 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/20 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\SystemRequirementsLab
[2010/05/14 13:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western_Digital
[2010/05/14 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Western Digital
[2010/05/14 13:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/14 13:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/05/14 13:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/05/14 13:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western Digital
[2010/05/13 18:55:22 | 004,142,592 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\qtintf.dll
[2010/05/13 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\APC
[2010/05/13 18:53:11 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/05/10 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\F1 Challenge GP10
[2010/04/30 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\TJSoft
[2010/04/30 15:39:01 | 000,000,000 | ---D | C] -- C:\f5c7058883af7d0511f35cf76916
[2010/04/29 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2009/07/24 13:25:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 12:17:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/24 12:15:16 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 12:14:25 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/24 12:14:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/24 12:14:12 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/24 12:13:57 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/24 12:13:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 12:13:30 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/24 12:04:47 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/24 12:04:47 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/24 12:04:47 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/24 12:04:47 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/24 12:04:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/24 12:04:47 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/24 12:04:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/24 12:04:47 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/24 12:04:27 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.dat
[2010/05/24 12:04:23 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.ini
[2010/05/24 11:49:40 | 003,696,151 | R--- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\ComboFix.exe
[2010/05/24 11:37:42 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2010/05/24 11:23:18 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004UA.job
[2010/05/23 23:23:04 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004Core.job
[2010/05/23 21:02:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/23 21:02:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/23 13:31:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
[2010/05/23 13:12:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/22 01:22:33 | 002,646,372 | -H-- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\IconCache.db
[2010/05/21 17:49:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/20 17:11:25 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/20 16:55:07 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences.dat
[2010/05/20 16:53:41 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences2.dat
[2010/05/19 13:10:38 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/17 17:30:12 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/17 13:24:21 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 19:37:18 | 000,000,659 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2010/05/15 13:19:11 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 18:55:21 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/10 19:46:55 | 000,030,800 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/10 06:40:02 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 22:31:18 | 000,001,267 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 16:48:04 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/03 17:40:14 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2010/04/30 15:37:44 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/30 15:37:44 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 15:37:44 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 17:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\Google Chrome.lnk
[2010/04/29 17:10:03 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/24 21:37:57 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/24 21:18:57 | 000,138,384 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/23 16:44:22 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/23 15:52:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 15:52:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/23 15:52:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/23 15:52:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/23 15:52:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/23 15:50:54 | 003,696,151 | R--- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\ComboFix.exe
[2010/05/23 13:31:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
[2010/05/21 17:18:15 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/17 13:24:20 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 11:55:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 21:15:07 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/13 18:55:21 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/03 17:40:14 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2009/07/24 13:25:47 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/07/24 13:25:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/07/02 07:46:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Michael_Walltrip.ini
[2008/07/11 11:22:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/18 09:40:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/18 09:40:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/18 09:40:17 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/18 09:40:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/18 09:40:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/16 13:16:27 | 000,002,168 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/11/10 20:15:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/20 17:55:46 | 000,000,911 | ---- | C] () -- C:\WINDOWS\Sof.INI
[2007/09/01 15:11:10 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/15 07:49:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/08/12 18:00:00 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/08/12 18:00:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/06/03 16:01:03 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/06/03 16:00:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2005/06/01 16:33:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\msxct2.ini
[2005/05/03 22:59:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/02/12 23:21:39 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/12 23:21:11 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/09 14:15:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/09 09:20:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/05 07:34:42 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2005/01/02 01:50:17 | 000,000,659 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2005/01/02 00:10:04 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2004/12/25 18:06:18 | 000,000,869 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2004/12/23 03:31:27 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2004/10/31 11:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/10/26 16:13:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/15 16:07:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/12 09:04:46 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/04 03:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 17:45:02 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2004/08/02 17:45:02 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2004/08/02 17:42:42 | 000,000,194 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/08/01 11:33:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/29 21:32:30 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/07/29 21:32:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/29 21:31:01 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/07/29 21:23:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/27 23:33:36 | 000,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/01/18 22:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ARCA Download Client
[2009/02/28 21:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ARCA Leverage Client
[2005/10/26 15:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2004/08/02 15:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/04/08 11:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2008/04/27 14:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Itiva
[2004/09/10 19:18:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/10/26 16:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2007/12/28 12:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2004/11/09 19:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/14 13:26:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/14 13:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/12/27 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/07/31 17:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\.clue-by-4.org
[2005/02/26 16:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Atari
[2004/08/02 22:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\InterTrust
[2004/08/02 22:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Leadertech
[2005/03/18 09:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Ratbag
[2005/02/13 22:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\spweng
[2010/05/20 17:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\SystemRequirementsLab
[2005/04/27 18:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Tenebril
[2010/05/14 13:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Western Digital
[2005/04/06 15:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mikey Chrobok\Application Data\{12EE7A5E-0674-42f9-A76B-000000004D00}
[2010/05/24 12:17:02 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/10/29 17:39:40 | 000,000,303 | ---- | M] () -- C:\Boot.bak
[2010/04/29 17:10:03 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2007/05/05 13:48:55 | 000,000,622 | ---- | M] () -- C:\ComboFix-quarantined-files.txt
[2007/04/23 17:23:29 | 000,006,388 | ---- | M] () -- C:\ComboFix2.txt
[2003/08/01 21:52:08 | 000,243,200 | ---- | M] () -- C:\composite2.max
[2004/07/29 20:40:30 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/24 11:53:07 | 000,000,212 | ---- | M] () -- C:\DeQuarantine.txt
[2010/05/24 12:13:30 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2005/09/27 17:10:05 | 000,000,048 | ---- | M] () -- C:\hWaitEventRetryInstall
[2004/07/29 20:40:30 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/01/26 16:43:18 | 000,003,248 | ---- | M] () -- C:\LGSInst.Log
[2004/12/26 12:24:10 | 000,000,004 | ---- | M] () -- C:\loadcounter.dat
[2005/01/14 16:06:20 | 000,000,184 | ---- | M] () -- C:\m00.exe.js
[2003/08/01 21:52:08 | 000,001,130 | ---- | M] () -- C:\MAXFILES.TXT
[2010/05/23 21:27:55 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2004/07/29 20:40:30 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/10/29 17:35:31 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2005/10/29 17:35:30 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/24 12:13:28 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2007/04/27 22:00:11 | 000,000,599 | ---- | M] () -- C:\rootlog.txt
[2007/04/14 13:55:33 | 000,000,342 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/07/29 16:20:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/07/29 16:20:02 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/07/29 16:20:02 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys 180 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


----------



## 8dalejr.fan (Nov 20, 2005)

OTL Extras logfile created on: 24/05/2010 12:19:18 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 464.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 6.23 Gb Free Space | 5.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe" = C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc.
Bellevue, WA 98005)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe" = C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Enabled:SoF2MP -- ()
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\ARCA Remax\ARCA.exe" = C:\Program Files\ARCA Remax\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\ARCA Download Client\ARCALeverageClient.exe" = C:\Program Files\ARCA Download Client\ARCALeverageClient.exe:*:Enabled:ARCA Download Client -- (ARCA Remax)
"C:\Program Files\ARCA 08\ARCA.exe" = C:\Program Files\ARCA 08\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\iRacing\iRacingService.exe" = C:\Program Files\iRacing\iRacingService.exe:*:Enabled:iRacingService -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingSim.exe" = C:\Program Files\iRacing\iRacingSim.exe:*:Enabled:iRacingSim -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLocalServer.exe" = C:\Program Files\iRacing\iRacingLocalServer.exe:*:Enabled:iRacingLocalServer -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingChat.exe" = C:\Program Files\iRacing\iRacingChat.exe:*:Enabled:iRacingChat -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLauncher.exe" = C:\Program Files\iRacing\iRacingLauncher.exe:*:Enabled:iRacingLauncher -- ()
"C:\Program Files\iRacing\updater\iRacingUpdater.exe" = C:\Program Files\iRacing\updater\iRacingUpdater.exe:*:Enabled:iRacingUpdater -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2F985C5E-4A0B-4ABF-8973-462F0F7E6884}_is1" = Talent Editor 2.0.3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40EE9162-F1DB-4D52-BEE4-013BFD523B8D}" = NEXTEL Track Updates
"{438BC259-E54C-4392-008E-2808B9C251CA}" = The Sims 2 Body Shop
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6814719C-B9E4-4C28-9E52-64C452E541AA}" = ARCA Leverage Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{9AF3F959-15FF-4BF7-AE25-43D54EB8557E}_is1" = Version 1.5
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10911FF-8969-43FD-B10D-DF8CA72C3269}" = NRatings
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims 2 Seasons
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EA1217B4-27D1-4964-B2C1-4A9E4AA1AB52}" = ARCA Leverage Client
"{EAC6DD68-514C-4B5D-009B-A36FF942C14B}" = F1 Challenge 99-02
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AceGain_LiveUpdate" = AceGain LiveUpdate 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"ARCA REMAX Mod1.0" = ARCA REMAX Mod
"avast!" = avast! Antivirus
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BFVCC Server Manager1.00_A Beta" = BFVCC Server Manager
"Bink and Smacker" = Bink and Smacker
"CAL" = Canon Camera Access Library
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"chevy_winning_moments" = chevy_winning_moments Screen Saver
"Conversion Pack for CTDP MODs v1.1" = Conversion Pack CTDP Seasons
"CSCLIB" = Canon Camera Support Core Library
"Dell AIO Printer A940" = Dell AIO Printer A940
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DriveFit" = DriveFit
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps
"Free Internet Eraser_is1" = Free Internet Eraser 2.05
"GoToAssist" = GoToAssist 8.0.0.508
"GPS Setup_is1" = Greenville-Pickens Speedway v1.1
"HaboDaCosta FR2000 Mod" = HaboDaCosta FR2000 Mod
"HD Tune_is1" = HD Tune 2.55
"High Detail F1 2004 MOD (Basic Version) v1" = Conversion Pack CTDP Seasons
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5CE42363-EC4B-4D0D-A27B-9B48F253E556}" = LimeWire
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Itiva Media Accelerator" = Itiva Media Accelerator
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"LimeWire" = LimeWire 4.8.1
"LMPV2_is1" = Late Model Mod V2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Michael_Walltrip_is1" = Michael_Walltrip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoRacer2CurVer" = Moto Racer 2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nascar Nextel Cup Series 2004 Update Final Version" = Nascar Nextel Cup Series 2004 Update Final Version
"NCTS_09_Update_V1.2" = NCTS_09_Update_V1.2
"NCTS09_1_1" = NCTS09_1_1
"Network Play System (Patching)" = Network Play System (Patching)
"NFL_Cup_Cars_Mod_1.0" = NFL Cup Cars Mod 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"Om3gA Racing's NK23 CTS2007" = Om3gA Racing's NK23 CTS2007
"OWR Mod For Papyrus NR2003 Season" = OWR Mod For Papyrus NR2003 Season
"Panda ActiveScan" = Panda ActiveScan
"Phoenix International Raceway 2004+" = Phoenix International Raceway 2004+
"Phoenix International Raceway 2005-Night" = Phoenix International Raceway 2005-Night
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Ping Plotter Freeware" = Ping Plotter Freeware
"PrintMaster Gold 2.10" = PrintMaster Gold 2.10
"Project Wildfire Trans Am Series for Nascar Racing 2003" = Project Wildfire Trans Am Series for Nascar Racing 2003
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Race Points Manager_is1" = Race Points Manager
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scribe" = Express Scribe Uninstall
"Security Task Manager" = Security Task Manager 1.6f
"SensorsView Pro 3.1" = SensorsView Pro 3.1
"Sketchpad" = Sketchpad
"Soldier of Fortune" = Soldier of Fortune
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor_is1" = Spyware Doctor 3.1
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"ST4UNST #1" = N4 Utility Machine
"ST6UNST #1" = Points Calculator v1.06
"ST6UNST #2" = Points Calculator v1.06 (C:\Program Files\WCPoints\)
"Steam App 4260" = RACE 07 Demo
"SystemRequirementsLab" = System Requirements Lab
"TrackPack 2004 V1.0 for F1 2004 MOD by CTDP v1" = Conversion Pack CTDP Seasons
"TVUPlayer" = TVUPlayer 2.3.7.1
"Whelen Modified Tour Mod for NASCAR Racing 2003 Season" = Whelen Modified Tour Mod for NASCAR Racing 2003 Season
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3" = GCalc 3
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Digital
Editions\Category.etb failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Digital
Editions\Category.etb failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\Application Data\Adobe\Acrobat\7.0\Collab\RSS
failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf failed, 0000A413.

Error - 27/12/2009 9:53:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf failed, 0000A413.

Error - 27/12/2009 9:53:53 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf failed, 0000A413.

Error - 27/12/2009 9:53:58 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\sclgntfy.dll failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Mikey Chrobok\ntuser.tmp failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\KBDUS.DLL failed, 0000A413.

Error - 27/12/2009 9:54:25 PM | Computer Name = LINDA-X9D9JVIDH | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\wuaueng.dll.mui failed, 0000A413.

[ Application Events ]
Error - 18/04/2010 4:29:34 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 23/04/2010 1:29:07 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application nr2003.exe, version 1.2.0.1, faulting module 
unknown, version 0.0.0.0, fault address 0x03991b3d.

Error - 20/10/2003 1:00:22 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 20/10/2003 1:01:13 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 30/04/2010 3:28:51 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:28 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:32 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1001
Description = Fault bucket 127288302.

Error - 12/05/2010 8:01:14 AM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2010 1:02:40 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3072, fault address 0x0003a09e.

Error - 23/05/2010 3:04:37 PM | Computer Name = LINDA-X9D9JVIDH | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Fatal Execution Engine Error
(7A00A482) (80131506)

[ System Events ]
Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done 
this 1 time(s).

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The APC UPS Service service terminated unexpectedly. It has done 
this 1 time(s).

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The Lavasoft Ad-Aware Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 24/05/2010 11:53:03 AM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7031
Description = The Windows Defender service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 15000 milliseconds:
Restart the service.

Error - 24/05/2010 12:02:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the avast! Web Scanner service
to connect.

Error - 24/05/2010 12:02:52 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7000
Description = The avast! Web Scanner service failed to start due to the following
error: %%1053

Error - 24/05/2010 12:03:15 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The avast! Web Scanner service terminated unexpectedly. It has done
this 1 time(s).

< End of report >


----------



## SweetTech (Jan 1, 1970)

Hello,

*Java Outdated*
*Your Java is out of date.* *Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.* Please follow these steps to remove older version Java components and update:

Download the latest version of *Java Runtime Environment (JRE) Version 6* and save it to your desktop.
Look for "*JDK 6 Update 20 (JDK or JRE)*".
Click the "*Download JRE*" button to the right.
Select your Platform: "_Windows_".
Select your Language: "_Multi-language_".
Read the License Agreement, and then check the box that says: "_Accept License Agreement_".
Click *Continue* and the page will refresh.
Under Required Files, check the box for *Windows Offline Installation*, click the link below it and save the file to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on *Add/Remove Programs* and remove *all* older versions of Java.

Check (_highlight_) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the *Remove* or *Change/Remove* button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on *jre-6u20-windows-i586.exe* to install the newest version.
If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the _Java Setup - Welcome_ window opens, click the *Install >* button.
If offered to install a Toolbar, just *uncheck* the box before continuing unless you want it.
_-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version._

Note: 
The *Java Quick Starter (JQS.exe)* adds a service to improve the initial startup time of Java applets and applications. 
To _*disable the JQS service*_ if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and *uncheck* the box for *Java Quick Starter*.
Click Ok and reboot your computer.

*NEXT*

*Clean Java Cache & Temporary Files*


After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
On the General tab, under Temporary Internet Files, click the *Settings* button.
Next, click on the Delete Files button
There are two options in the window to clear the cache - *Leave BOTH Checked*
*Applications and AppletsTrace and Log Files*

Click OK on Delete Temporary Files Window

*Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.*
Click OK to leave the Temporary Files Window
Click OK to leave the Java Control Panel.


*NEXT:*

*Update Adobe Reader*
Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy

 Go to *Start* > *Control Panel* > *Add/Remove Programs*
 Remove ALL instances of Adobe Reader
 Re-boot your computer as required.
 Once ALL versions of Adobe Reader have been uninstalled, visit: *<<here>>* and download the latest version of Adobe Reader
*Alternative Option:* after uninstalling Adobe Reader, you could try installing Foxit Reader from *>here<* Foxit Reader has fewer add-ons therefore loads more quickly.

*NEXT*

*OTL Fix*

*We need to run an OTL Fix*


Please reopen







on your desktop.
*Copy* and *Paste* the following code into the







textbox. Do not include the word "*Code*"


```
:Services
:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/05/23 13:31:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


----------



## 8dalejr.fan (Nov 20, 2005)

I have a bit of work to do for the next couple hours but I will run these fixes before dinner time and post back with an update.


----------



## SweetTech (Jan 1, 1970)

Okay. Thanks for letting me know.


----------



## 8dalejr.fan (Nov 20, 2005)

All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to interpret <:OTLO16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret <[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[2010/05/23 13:31:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe> in the current context!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Mikey Chrobok
->Temp folder emptied: 394049 bytes
->Temporary Internet Files folder emptied: 147532211 bytes
->Java cache emptied: 87162143 bytes
->Google Chrome cache emptied: 214974861 bytes
->Flash cache emptied: 2342826 bytes

User: NetworkService
->Temp folder emptied: 2688 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1126364 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23826 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 433.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Mikey Chrobok
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05242010_192102

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat moved successfully.

Registry entries deleted on Reboot...


----------



## 8dalejr.fan (Nov 20, 2005)

The Avast icons did not appear in the System Tray after I ran the step you posted earlier... they're still nowhere to be found.

I will be back in 3 hours to run whatever further steps you may have for me.


----------



## SweetTech (Jan 1, 1970)

Hello,

When you return, I'd like for you to re-run the OTL fix using this script below:


```
:Services
:OTL
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}  http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key  error.)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->  ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2010/05/23 13:31:44 | 000,293,376 | ---- | M] () -- C:\Documents and  Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```


----------



## 8dalejr.fan (Nov 20, 2005)

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
File/Folder C:\WINDOWS\System32\*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mikey Chrobok
->Temp folder emptied: 1687 bytes
->Temporary Internet Files folder emptied: 2337233 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17136 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Mikey Chrobok
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05242010_221648

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_5cc.dat moved successfully.

Registry entries deleted on Reboot...


----------



## 8dalejr.fan (Nov 20, 2005)

I'll be back tomorrow evening.


----------



## SweetTech (Jan 1, 1970)

Hello,

Take a look at this link here. Let me know if that fixes the issue with the Avast icon not appearing in your system tray.


----------



## 8dalejr.fan (Nov 20, 2005)

I actually saw that link yesterday, and running ashDisp.exe brings them back for the time being, but they're gone again once I restart. 

How do I put it in my Start-Up Folder like the article says?


----------



## SweetTech (Jan 1, 1970)

Hello,

Please go to Start > Run > Type in: cmd.exe

Copy and Paste the following hitting enter afterwords:

*copy "C:\Program Files\Alwil Software\Avast4\ashDisp.exe" "C:\Documents and Settings\Mikey Chrobok\Start Menu\Programs\Startup"*

You should receive a message that says 1 file(s) successfully copied. The above should add the ashDisp.exe file into your startup folder.


----------



## 8dalejr.fan (Nov 20, 2005)

I completed that step successfully but it did not help.

Avast still doesn't appear on startup, and now I get this error message:










How are we doing in terms of the infection?


----------



## SweetTech (Jan 1, 1970)

hmm... that is interesting.

From the logs I've been provided they are clean. You may want to consider uninstalling Avast and then reinstalling.

If you choose to go down this route you should first remove Avast using Add/Remove programs and then run the Avast removal tool.

I suggest you download the avast installation file as well as the removal tool so that you can disconnect yourself from the internet so no malware sneaks in.

*avast! Uninstall Utility*

Sometimes it's not possible to uninstall avast! the standard way - using the ADD/REMOVE PROGRAMS in control panel. In this case, you can use our uninstallation utility aswClear.


Download *aswClear.exe* on to your desktop
Start Windows in Safe Mode
Open (execute) the uninstall utility = aswClear.exe
If you installed avast! in a different folder than the default, browse for it. *Note:* Be careful! The content of any folder you choose will be deleted!
Click *REMOVE*
*Restart your computer*


----------



## 8dalejr.fan (Nov 20, 2005)

Ok, I'll try that. Then I'll update you on whether I get virus notifications when I pop CDs into the machine (this is the only time Avast would tell me I had the virus). 

This uninstall utility is to be run in regular Safe Mode, correct? Does it matter which user account: "Administrator" and "Mikey Chrobok" - the latter defaultly logs in with normal mode and has administrator privileges, and I usually use it to do stuff in Safe Mode, but I'm never sure. 

I'll provide an update hopefully before the night's out.


----------



## SweetTech (Jan 1, 1970)

Okay. I should be here.


----------



## 8dalejr.fan (Nov 20, 2005)

I installed the new version of Avast fine.

But every time I turn on my video game, I still get the original virus warning from Avast. The file name differs every time (see the pictures). I only get these messages when I put a CD into my burner and it spins up to load the game. So it seems like we haven't gotten rid of the infection.

http://i50.tinypic.com/35b8ec8.jpg
http://i49.tinypic.com/2q84vgl.jpg


----------



## SweetTech (Jan 1, 1970)

Where did you get this disc from? Did you create it and burn it yourself?


----------



## 8dalejr.fan (Nov 20, 2005)

What's really weird is that those files that have been quarantined have a "last modified" date of *tomorrow*.


----------



## SweetTech (Jan 1, 1970)

interesting..


----------



## 8dalejr.fan (Nov 20, 2005)

The disc is NASCAR Racing 2003 Season by Sierra/Papyrus. 

I purchased it from a major electronics store in February 2003 when it was released and I've had it on this system and another for 7 years. It was a 100% brand new, sealed legal copy of the game. 

Never had any problems with it until last week.


----------



## 8dalejr.fan (Nov 20, 2005)

I should add that the game itself works fine after it continues to load past the message.

Something is generating these malicious files (it seems) every time I turn on the game. Which I don't understand how the CD could do since it is not a CD-RW or a form of removable media that can be altered. It has a game on it.

Unless Avast is throwing me for a loop with a false positive.........................

*I haven't had any other problems with the system that would indicate to me that I have a virus, other than these darn Avast messages.*

Is there a website or something that offers an online scanner for me to upload these files to and see if they really are malicious?!


----------



## 8dalejr.fan (Nov 20, 2005)

Another thing to add...

Avast doesn't find a single thing when I let it run a full system scan.......................


----------



## SweetTech (Jan 1, 1970)

Yes.

*VirusTotal File Scan*
Please go to: *VirusTotal*












Click the *Browse* button and search for the following file: *<whatever file>*
Click *Open*
Then click *Send File*
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply


----------



## 8dalejr.fan (Nov 20, 2005)

It's in the virus chest... where do I point VirusTotal to in order to retrieve it? I don't want to take it out of the chest if it actually is something bad, because it has always been quarantined right away as soon as it was created.


----------



## 8dalejr.fan (Nov 20, 2005)

Look at the name of the second item it detected in the screenshot:

rmbamswissarm.sys 

Google says mbamswissarmy (a close variant of that name) is legitimate and associated with MalwareBytes Anti-Malware. This file seems to be rogue if it is trying to pose as something so close to something legit, in my opinion. 

Hmm.


----------



## SweetTech (Jan 1, 1970)

I've done a little searching and I can't seem to find where the quarantined folder is. If I had to guess I'd say that It'd be in one of the folders in the Application Data or AppData folder. It's pretty late on my end right now, so I'll have to get back to you tomorrow with a definitive answer.


----------



## SweetTech (Jan 1, 1970)

8dalejr.fan said:


> Look at the name of the second item it detected in the screenshot:
> 
> rmbamswissarm.sys
> 
> ...


Yes, I did notice that, and it is interesting


----------



## 8dalejr.fan (Nov 20, 2005)

Okay, goodnight.


----------



## SweetTech (Jan 1, 1970)

Good Morning,

I've had some more time to look into this a little more and it seems like there is no way to scan a file with VirusTotal while the file is in the virus chest. Take a look at this link I found here: http://forum.avast.com/index.php?topic=58556.msg493675#msg493675


----------



## 8dalejr.fan (Nov 20, 2005)

So, where do we go from here?


----------



## SweetTech (Jan 1, 1970)

Please do the following:

Go *Start > Run* and *copy/paste* the following single-line command into the Run box and click *OK*:


```
cmd /c dir /a /s "C:\f5c7058883af7d0511f35cf76916">"%userprofile%\desktop\look.txt"
```
A file called *look.txt* should appear on your Desktop. Please post the contents of this file.


----------



## 8dalejr.fan (Nov 20, 2005)

The April 30, 2010 at 3:39pm date corresponds to a visit by a technician to fix a blue screen error that was preventing bootup. Turned out that SATA RAID had been enabled by accident from a power failure, but before we figured this out, he was running some applications with special CDs (ex. Bart PE) to see if the hard drive was readable and data was recoverable.

I don't believe this is malicious.

Volume in drive C has no label.
Volume Serial Number is 6CED-6207

Directory of C:\f5c7058883af7d0511f35cf76916

30/04/2010 03:39 PM .
30/04/2010 03:39 PM ..
30/04/2010 03:39 PM amd64
30/04/2010 03:39 PM i386
0 File(s) 0 bytes

Directory of C:\f5c7058883af7d0511f35cf76916\amd64

30/04/2010 03:39 PM .
30/04/2010 03:39 PM ..
06/07/2008 08:06 AM 147,456 filterpipelineprintproc.dll
06/07/2008 08:06 AM 10,929 msxpsdrv.cat
19/06/2008 01:33 AM 2,204 msxpsdrv.inf
19/06/2008 11:03 AM 73 msxpsinc.gpd
19/06/2008 01:33 AM 72 msxpsinc.ppd
06/07/2008 08:06 AM 748,032 mxdwdrv.dll
06/07/2008 05:36 PM 2,936,832 xpssvcs.dll
7 File(s) 3,845,598 bytes

Directory of C:\f5c7058883af7d0511f35cf76916\i386

30/04/2010 03:39 PM .
30/04/2010 03:39 PM ..
06/07/2008 08:06 AM 89,088 filterpipelineprintproc.dll
06/07/2008 08:06 AM 10,929 msxpsdrv.cat
19/06/2008 01:33 AM 2,204 msxpsdrv.inf
19/06/2008 11:03 AM 73 msxpsinc.gpd
19/06/2008 01:33 AM 72 msxpsinc.ppd
06/07/2008 08:06 AM 765,440 mxdwdrv.dll
06/07/2008 08:06 AM 1,676,288 xpssvcs.dll
7 File(s) 2,544,094 bytes

Total Files Listed:
14 File(s) 6,389,692 bytes
8 Dir(s) 6,401,396,736 bytes free


----------



## SweetTech (Jan 1, 1970)

Hello,

Before running the OTL fix below could you insert the Nascar disc and the proceed with running the fix below.

*OTL Fix*

*We need to run an OTL Fix*

Please reopen







on your desktop.
*Copy* and *Paste* the following code into the







textbox. Do not include the word "*Code*"


```
:Services
:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]
```

*Push*








*OTL may ask to reboot the machine. Please do so if asked.*
*Click*







.
A report will open. *Copy* and *Paste* that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


----------



## 8dalejr.fan (Nov 20, 2005)

What will putting in the disk do?

Will the scan mess up the disk? This is the only copy I have and to get another one would cost me SIX HUNDRED dollars on eBay.

Sorry, I get kinda protective around this disk. *Just for the heck of it, before I do anything further, do you want me to try if I get a virus message when putting in any other disk into the machine?*


----------



## SweetTech (Jan 1, 1970)

Hello,

The scan should not mess up the disc. If your not comfortable putting the disc in while running the fix than that's fine.

Why don't you give that a try and see if you get a virus message.


----------



## 8dalejr.fan (Nov 20, 2005)

I don't get a message with anything else. 

But yet again, none of the other other games seem to write files to %temp% when they launch... the NASCAR game does - an animated cursor.


----------



## 8dalejr.fan (Nov 20, 2005)

SweetTech said:


> The scan should not mess up the disc. If your not comfortable putting the disc in while running the fix than that's fine.


Does the disc have anything to do with the fix?

I don't see how the disc can be a culprit since it is 7 years old and is non-rewriteable.


----------



## SweetTech (Jan 1, 1970)

Run the fix without the disc inserted.


----------



## 8dalejr.fan (Nov 20, 2005)

Running now.


----------



## 8dalejr.fan (Nov 20, 2005)

All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mikey Chrobok
->Temp folder emptied: 936027 bytes
->Temporary Internet Files folder emptied: 67600377 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 90342357 bytes
->Flash cache emptied: 1296 bytes

User: NetworkService
->Temp folder emptied: 4480 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4984 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 152.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: Mikey Chrobok
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05262010_182257

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


----------



## SweetTech (Jan 1, 1970)

*Re-Running OTL*

*We need to create a New FULL OTL Report*

Please *download *OTL from here if you have not done so already:
Main Mirror

*Save *it to your desktop.
*Double click* on the







icon on your desktop.
Click the "*Scan All Users*" checkbox.
Change the "*Extra Registry*" option to "*SafeList*"
Push the







button.
Two reports will open, *copy and paste them in a reply here*:
*OTL.txt* <-- _Will be opened_
*Extra.txt* <-- _Will be minimized_


----------



## 8dalejr.fan (Nov 20, 2005)

Output was set at Minimal instead of Standard when I ran this... don't know if this is what you want or not.

OTL logfile created on: 26/05/2010 7:40:32 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 6.32 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)
PRC - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\CTHELPER.EXE (Creative Technology Ltd)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
PRC - C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
PRC - C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd)

========== Win32 Services (SafeList) ==========

SRV - (iRacingService) -- C:\Program Files\iRacing\iRacingService.exe (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (AVG Anti-Spyware Guard) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (APC UPS Service) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (PnkBstrK) -- C:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (sensorsview) -- C:\WINDOWS\system32\drivers\sensorsview.sys (Windows (R) 2000 DDK provider)
DRV - (atitray) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys ()
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()
DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()
DRV - (AVG Anti-Spyware Driver) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ()
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (AvgAsCln) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys (GRISOFT, s.r.o.)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\WINDOWS\system32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (MCSTRM) -- C:\WINDOWS\system32\drivers\mcstrm.sys (RealNetworks, Inc.)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (papycpu2) -- C:\WINDOWS\System32\DRIVERS\papycpu2.sys ()
DRV - (papyjoy) -- C:\WINDOWS\System32\DRIVERS\papyjoy.sys ()
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (HidBatt) -- C:\WINDOWS\system32\drivers\hidbatt.sys (Microsoft Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (IniPciCheck) -- C:\WINDOWS\system32\drivers\IPciChk.sys (Microsoft Corporation)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search, = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://nascar.com/
IE - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1960408961-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-682003330-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 20:12:06 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/05/23 21:02:08 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AsioReg] C:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1960408961-682003330-725345543-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Search &Dictionary - C:\Program Files\Lexico\Toolbar\dictionary.htm ()
O8 - Extra context menu item: Search &Thesaurus - C:\Program Files\Lexico\Toolbar\thesaurus.htm ()
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (GuideWorks Pty. Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} http://www.pcpitstop.com/internet/pcpConnCheck.cab (iCC Class)
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} http://download.howudodat.com/chatterbox/download/appdl.cab (AppDLCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} Reg Error: Value error. (WUWebControl Class)
O16 - DPF: {6BA77042-FC93-4AED-B0E8-824979156BA4} http://chevy.a.content.maven.net/mvms/vfs/chevy/chevylive/live/install/installerAX.cab (InstallerAX Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab (Anonymizer Anti-Spyware Scanner)
O16 - DPF: {AEF76437-F960-4EBC-97EA-7BBB4230CF38} https://oca.microsoft.com/en/secure/ocarpt.CAB (OcarptMain Class)
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} http://www.systemrequirementslab.com/sysreqlab.cab (System Requirements Lab Class)
O16 - DPF: {CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.4.0/jinstall-1_4_0-windows-i586.cab (Java Plug-in 1.4.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.153.23.66 24.153.23.195 64.71.255.198
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 21:32:36 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/25 21:32:35 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/25 21:32:34 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/25 21:32:33 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/25 21:32:32 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/25 21:32:32 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/25 21:32:31 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/25 21:32:12 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/25 21:32:12 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/25 21:32:01 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/05/25 21:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/24 19:21:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/24 19:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/24 19:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/05/24 19:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/24 18:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/24 18:15:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/24 18:14:51 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/24 18:14:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/24 18:14:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/24 18:14:51 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/24 18:14:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/24 11:50:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/24 11:50:17 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/05/23 21:47:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/23 16:05:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/23 15:52:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/23 15:52:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/23 15:52:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/23 15:51:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/23 13:31:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Desktop\NASCAR Stuff (Old)
[2010/05/23 13:12:03 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/20 17:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\SystemRequirementsLab
[2010/05/14 13:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/05/14 13:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western_Digital
[2010/05/14 13:19:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Application Data\Western Digital
[2010/05/14 13:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/05/14 13:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/05/14 13:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/05/14 13:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\Western Digital
[2010/05/13 18:55:22 | 004,142,592 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\qtintf.dll
[2010/05/13 18:55:21 | 000,000,000 | ---D | C] -- C:\Program Files\APC
[2010/05/13 18:53:11 | 000,009,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbatt.sys
[2010/05/13 18:53:06 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidbatt.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2010/05/13 18:53:05 | 000,014,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\battc.sys
[2010/05/10 20:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\F1 Challenge GP10
[2010/04/30 15:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\TJSoft
[2010/04/30 15:39:01 | 000,000,000 | ---D | C] -- C:\f5c7058883af7d0511f35cf76916
[2010/04/29 17:04:29 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2009/07/24 13:25:37 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/05/26 19:23:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004UA.job
[2010/05/26 19:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/26 18:28:55 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/26 18:26:33 | 000,182,038 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/26 18:26:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/26 18:25:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/26 18:25:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/26 18:25:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/26 18:25:27 | 1072,762,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/26 18:24:31 | 011,272,192 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.dat
[2010/05/26 18:24:31 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/26 18:24:31 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/26 18:24:31 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/26 18:24:31 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2010/05/26 18:24:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/05/26 18:24:31 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/05/26 18:24:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/26 18:24:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2010/05/26 18:24:26 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Mikey Chrobok\ntuser.ini
[2010/05/26 01:17:38 | 002,647,870 | -H-- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\IconCache.db
[2010/05/25 23:23:07 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-682003330-725345543-1004Core.job
[2010/05/25 21:32:36 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/25 21:32:32 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/25 17:33:03 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/24 22:10:52 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/05/24 19:15:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/24 18:14:25 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/05/24 18:14:25 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/05/24 18:14:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/05/24 18:14:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/05/24 18:14:25 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/05/24 11:49:40 | 003,696,151 | R--- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\ComboFix.exe
[2010/05/23 21:02:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/23 21:02:08 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/23 13:31:44 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
[2010/05/23 13:12:05 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mikey Chrobok\Desktop\OTL.exe
[2010/05/21 17:49:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/20 16:55:07 | 000,000,042 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences.dat
[2010/05/20 16:53:41 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\jagex_runescape_preferences2.dat
[2010/05/17 13:24:21 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 19:37:18 | 000,000,659 | ---- | M] () -- C:\WINDOWS\DELLSTAT.INI
[2010/05/15 13:19:11 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 18:55:21 | 000,000,629 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/10 19:46:55 | 000,030,800 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/10 06:40:02 | 000,152,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/09 22:31:18 | 000,001,267 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/09 16:48:04 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 16:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/03 17:40:14 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2010/04/30 15:37:44 | 000,505,234 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/30 15:37:44 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 15:37:44 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 17:23:47 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\Google Chrome.lnk
[2010/04/29 17:10:03 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2010/05/25 21:32:36 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/25 21:28:47 | 1072,762,880 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/24 19:15:53 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/05/23 15:52:10 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/23 15:52:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/23 15:52:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/23 15:52:10 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/23 15:52:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/23 15:50:54 | 003,696,151 | R--- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\ComboFix.exe
[2010/05/23 13:31:43 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\mwgcpue4.exe
[2010/05/21 17:18:15 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Tutoring letter.doc
[2010/05/17 13:24:20 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Thank you - Cardiology.doc
[2010/05/15 11:55:38 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\Printers.doc
[2010/05/14 13:18:44 | 000,001,118 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/05/14 13:18:44 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/05/13 21:15:07 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\My 2010 PC Build.doc
[2010/05/13 18:55:21 | 000,000,629 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk
[2010/05/11 06:58:57 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\Desktop\F1 2010.lnk
[2010/05/03 17:40:14 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Mikey Chrobok\My Documents\GEOG 1400 Title Page.doc
[2010/04/30 15:49:56 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NRatings.lnk
[2009/07/24 13:25:47 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/07/24 13:25:47 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2009/07/02 07:46:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Michael_Walltrip.ini
[2008/07/11 11:22:55 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/05/03 05:46:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/05/03 05:46:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/05/03 05:46:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/05/03 05:46:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/05/03 05:46:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/01/18 09:40:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/01/18 09:40:18 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/01/18 09:40:17 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/01/18 09:40:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/01/18 09:40:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/16 13:16:27 | 000,002,168 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2007/11/10 20:15:35 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/10/20 17:55:46 | 000,000,911 | ---- | C] () -- C:\WINDOWS\Sof.INI
[2007/09/01 15:11:10 | 000,138,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/04/15 07:49:46 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/11/10 09:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/08/12 18:00:00 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2006/08/12 18:00:00 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/06/03 16:01:03 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/06/03 16:00:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\ARFolder.INI
[2005/06/01 16:33:46 | 000,000,085 | ---- | C] () -- C:\WINDOWS\msxct2.ini
[2005/05/03 22:59:06 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2005/02/12 23:21:39 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/02/12 23:21:11 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/01/09 14:15:24 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/01/09 09:20:18 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/05 07:34:42 | 000,000,105 | ---- | C] () -- C:\WINDOWS\mapiuid.ini
[2005/01/02 01:50:17 | 000,000,659 | ---- | C] () -- C:\WINDOWS\DELLSTAT.INI
[2005/01/02 00:10:04 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2004/12/25 18:06:18 | 000,000,869 | ---- | C] () -- C:\WINDOWS\CoDUO.INI
[2004/12/23 03:31:27 | 000,000,770 | ---- | C] () -- C:\WINDOWS\Sof2.INI
[2004/10/31 11:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2004/10/26 16:13:14 | 000,000,177 | ---- | C] () -- C:\WINDOWS\System32\dlbacoin.ini
[2004/10/01 17:33:46 | 000,000,679 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/09/28 06:38:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wmatimer.dll
[2004/09/15 16:07:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/12 09:04:46 | 000,010,022 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2004/08/04 03:56:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/02 17:45:02 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\papycpu2.sys
[2004/08/02 17:45:02 | 000,001,856 | ---- | C] () -- C:\WINDOWS\System32\drivers\papyjoy.sys
[2004/08/02 17:42:42 | 000,000,194 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2004/08/01 11:33:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/07/29 21:32:30 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2004/07/29 21:32:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/07/29 21:31:01 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/07/29 21:23:42 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2004/07/12 17:07:21 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/12/27 23:33:36 | 000,002,129 | ---- | C] () -- C:\WINDOWS\lexbar.ini
[2002/11/13 15:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbavs.dll
[2001/12/14 13:34:46 | 000,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[1999/07/23 14:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 487 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
< End of report >


----------



## 8dalejr.fan (Nov 20, 2005)

OTL Extras logfile created on: 26/05/2010 7:40:32 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Mikey Chrobok\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 6.32 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LINDA-X9D9JVIDH
Current User Name: Mikey Chrobok
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe" = C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe:*:Enabled:NASCAR Racing 2003 Season -- (Sierra Entertainment, Inc.
Bellevue, WA 98005)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe" = C:\Program Files\Soldier of Fortune II - Double Helix GOLD\SoF2MP.exe:*:Enabled:SoF2MP -- ()
"C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe" = C:\Program Files\Microsoft Games\Age of Mythology\aomx.exe:*:Enabled:Age of Mythology - The Titans Expansion -- (Ensemble Studios)
"C:\Program Files\ARCA Remax\ARCA.exe" = C:\Program Files\ARCA Remax\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe" = C:\Program Files\Itiva\Itiva Media Accelerator\ItivaMediaAccelerator.exe:*:Enabled:Itiva Media Accelerator -- (Itiva Digital Media)
"C:\Program Files\ARCA Download Client\ARCALeverageClient.exe" = C:\Program Files\ARCA Download Client\ARCALeverageClient.exe:*:Enabled:ARCA Download Client -- (ARCA Remax)
"C:\Program Files\ARCA 08\ARCA.exe" = C:\Program Files\ARCA 08\ARCA.exe:*:Enabled:ARCA -- (Sim Factory LLC)
"C:\Program Files\TVUPlayer\TVUPlayer.exe" = C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Program Files\iRacing\iRacingService.exe" = C:\Program Files\iRacing\iRacingService.exe:*:Enabled:iRacingService -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingSim.exe" = C:\Program Files\iRacing\iRacingSim.exe:*:Enabled:iRacingSim -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLocalServer.exe" = C:\Program Files\iRacing\iRacingLocalServer.exe:*:Enabled:iRacingLocalServer -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingChat.exe" = C:\Program Files\iRacing\iRacingChat.exe:*:Enabled:iRacingChat -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iRacing\iRacingLauncher.exe" = C:\Program Files\iRacing\iRacingLauncher.exe:*:Enabled:iRacingLauncher -- ()
"C:\Program Files\iRacing\updater\iRacingUpdater.exe" = C:\Program Files\iRacing\updater\iRacingUpdater.exe:*:Enabled:iRacingUpdater -- (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13AA6556-BA96-4468-A8B4-1AD4A75AD5A0}" = Logitech Gaming Software
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2F985C5E-4A0B-4ABF-8973-462F0F7E6884}_is1" = Talent Editor 2.0.3.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40EE9162-F1DB-4D52-BEE4-013BFD523B8D}" = NEXTEL Track Updates
"{438BC259-E54C-4392-008E-2808B9C251CA}" = The Sims 2 Body Shop
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4468EF97-A253-4699-9E1C-88CAE2C6832D}" = ABBYY FineReader 5.0 Sprint
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4 Rush Hour
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6814719C-B9E4-4C28-9E52-64C452E541AA}" = ARCA Leverage Client
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = The Sims 2 Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BECF123-B0EF-4E51-B7F3-923EFE15CC4A}" = Battlefield 2(TM) Demo
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.7
"{9A00D1BA-D03A-44E5-AF28-86A1F377DF61}" = The Sims Makin' Magic
"{9AF3F959-15FF-4BF7-AE25-43D54EB8557E}_is1" = Version 1.5
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A23866A0-738B-4091-9924-0B0DE3988A15}" = VP6 VFW Codec
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}" = NASCAR® Racing 2003 Season
"{B1AD83A0-DC92-41E3-B111-E9472349768C}" = RollerCoaster Tycoon 2: Wacky Worlds
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BA1E1AFD-D1F2-4C52-88C3-186FC5E61604}" = RollerCoaster Tycoon 2: Time Twister
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}" = iRacing.com Race Simulation
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10911FF-8969-43FD-B10D-DF8CA72C3269}" = NRatings
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{EA1217B4-27D1-4964-B2C1-4A9E4AA1AB52}" = ARCA Leverage Client
"{EAC6DD68-514C-4B5D-009B-A36FF942C14B}" = F1 Challenge 99-02
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"AceGain_LiveUpdate" = AceGain LiveUpdate 1.0
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"ARCA REMAX Mod1.0" = ARCA REMAX Mod
"avast5" = avast! Free Antivirus
"Avery Wizard 2.1 MSW11" = Avery® Wizard 2.1 for Microsoft® Office Word 2003
"AVGAntiSpyware75" = AVG Anti-Spyware 7.5
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Belarc Advisor 2.0" = Belarc Advisor 7.2
"BFVCC Server Manager1.00_A Beta" = BFVCC Server Manager
"Bink and Smacker" = Bink and Smacker
"CAL" = Canon Camera Access Library
"Call of Duty Game of the Year Edition" = Call of Duty Game of the Year Edition
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"chevy_winning_moments" = chevy_winning_moments Screen Saver
"Conversion Pack for CTDP MODs v1.1" = Conversion Pack CTDP Seasons
"CSCLIB" = Canon Camera Support Core Library
"Dell AIO Printer A940" = Dell AIO Printer A940
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DriveFit" = DriveFit
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps
"Free Internet Eraser_is1" = Free Internet Eraser 2.05
"GoToAssist" = GoToAssist 8.0.0.508
"GPS Setup_is1" = Greenville-Pickens Speedway v1.1
"HaboDaCosta FR2000 Mod" = HaboDaCosta FR2000 Mod
"HD Tune_is1" = HD Tune 2.55
"High Detail F1 2004 MOD (Basic Version) v1" = Conversion Pack CTDP Seasons
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5CE42363-EC4B-4D0D-A27B-9B48F253E556}" = LimeWire
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Itiva Media Accelerator" = Itiva Media Accelerator
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.6.5 Full
"LimeWire" = LimeWire 4.8.1
"LMPV2_is1" = Late Model Mod V2
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Michael_Walltrip_is1" = Michael_Walltrip
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MotoRacer2CurVer" = Moto Racer 2
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nascar Nextel Cup Series 2004 Update Final Version" = Nascar Nextel Cup Series 2004 Update Final Version
"NCTS_09_Update_V1.2" = NCTS_09_Update_V1.2
"NCTS09_1_1" = NCTS09_1_1
"Network Play System (Patching)" = Network Play System (Patching)
"NFL_Cup_Cars_Mod_1.0" = NFL Cup Cars Mod 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"Om3gA Racing's NK23 CTS2007" = Om3gA Racing's NK23 CTS2007
"OWR Mod For Papyrus NR2003 Season" = OWR Mod For Papyrus NR2003 Season
"Panda ActiveScan" = Panda ActiveScan
"Phoenix International Raceway 2004+" = Phoenix International Raceway 2004+
"Phoenix International Raceway 2005-Night" = Phoenix International Raceway 2005-Night
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa2" = Picasa 2
"Ping Plotter Freeware" = Ping Plotter Freeware
"PrintMaster Gold 2.10" = PrintMaster Gold 2.10
"Project Wildfire Trans Am Series for Nascar Racing 2003" = Project Wildfire Trans Am Series for Nascar Racing 2003
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Race Points Manager_is1" = Race Points Manager
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scribe" = Express Scribe Uninstall
"Security Task Manager" = Security Task Manager 1.6f
"SensorsView Pro 3.1" = SensorsView Pro 3.1
"Sketchpad" = Sketchpad
"Soldier of Fortune" = Soldier of Fortune
"Soldier of Fortune II - Double Helix GOLD" = Soldier of Fortune II - Double Helix GOLD
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor_is1" = Spyware Doctor 3.1
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"ST4UNST #1" = N4 Utility Machine
"ST6UNST #1" = Points Calculator v1.06
"ST6UNST #2" = Points Calculator v1.06 (C:\Program Files\WCPoints\)
"Steam App 4260" = RACE 07 Demo
"SystemRequirementsLab" = System Requirements Lab
"TrackPack 2004 V1.0 for F1 2004 MOD by CTDP v1" = Conversion Pack CTDP Seasons
"TVUPlayer" = TVUPlayer 2.3.7.1
"Whelen Modified Tour Mod for NASCAR Racing 2003 Season" = Whelen Modified Tour Mod for NASCAR Racing 2003 Season
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works" = Microsoft Works 4.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1960408961-682003330-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/04/2010 1:29:07 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application nr2003.exe, version 1.2.0.1, faulting module 
unknown, version 0.0.0.0, fault address 0x03991b3d.

Error - 20/10/2003 1:00:22 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 20/10/2003 1:01:13 AM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

Error - 30/04/2010 3:28:51 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:28 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 30/04/2010 3:48:32 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1001
Description = Fault bucket 127288302.

Error - 12/05/2010 8:01:14 AM | Computer Name = LINDA-X9D9JVIDH | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 15/05/2010 1:02:40 PM | Computer Name = LINDA-X9D9JVIDH | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module urlmon.dll, version 6.0.2900.3072, fault address 0x0003a09e.

Error - 23/05/2010 3:04:37 PM | Computer Name = LINDA-X9D9JVIDH | Source = .NET Runtime | ID = 1023
Description = .NET Runtime version 2.0.50727.3053 - Fatal Execution Engine Error
(7A00A482) (80131506)

Error - 25/05/2010 9:15:05 PM | Computer Name = LINDA-X9D9JVIDH | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 26/05/2010 6:22:58 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The iRacing.com Helper Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The PnkBstrA service terminated unexpectedly. It has done this 1 
time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The PnkBstrB service terminated unexpectedly. It has done this 1 
time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The Canon Camera Access Library 8 service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Drive Manager service terminated unexpectedly. It
has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The WD SmartWare Background Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 26/05/2010 6:22:59 PM | Computer Name = LINDA-X9D9JVIDH | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

< End of report >


----------



## SweetTech (Jan 1, 1970)

Download * Dr.Web CureIt* to the desktop.

Doubleclick the *drweb-cureit.exe* file, then on *Start* and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the *Complete Scan*.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow







at the right, and the scan will start.
Click *'Yes to all'* if it asks if you want to cure/move the file.
When the scan has finished, look and see if you can click the following icon next to the files found:








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:








This will move it to the *%userprofile%\DoctorWeb\quarantaine-folder* if it can't be cured. (this in case if we need samples)
After selecting, in the *Dr.Web CureIt* menu on top, click file and choose save report list
Save the report to your desktop. The report will be called *DrWeb.csv*
*Close Dr.Web Cureit*.
*Reboot your computer* to allow files that were in use to be moved/deleted during reboot.
After reboot, post the contents of the log from *Dr.Web* you saved previously in your next reply along with a new *OTL log*.
*NOTE*: _ During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on *X* in upper right corner._


----------



## 8dalejr.fan (Nov 20, 2005)

Will run that now - disable Avast first??

What kind of OTL log?


----------



## SweetTech (Jan 1, 1970)

I forgot to remove that from my instructions. The Dr.Web log will suffice.


----------



## 8dalejr.fan (Nov 20, 2005)

Disable Avast before running DrWeb?


----------



## SweetTech (Jan 1, 1970)

Yes.


----------



## 8dalejr.fan (Nov 20, 2005)

Nothing seems to happen after I double-click drweb-cureit.exe and then "Run".


----------



## SweetTech (Jan 1, 1970)

hmm.. interesting.. do me a favor delete the copy you have on your desktop (if it lets you) and download a fresh copy.

If that still doesn't work for you then try this one below:

Please click *here* to download *AVP Tool by Kaspersky*.

Save it to your desktop. 
Reboot your computer into SafeMode.
_You can do this by restarting your computer and continually tapping the *F8* key until a menu appears.
Use your up arrow key to highlight SafeMode then hit *enter*_*.*​
Double click the setup file to run it.
Click Next to continue.
It will by default install it to your desktop folder.Click Next.
Hit ok at the prompt for scanning in Safe Mode.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.

 System Memory
Startup Objects
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have) 

After that click on *Security level* then choose *Customize* then click on the tab that says *Heuristic Analyzer* then choose *Enable Deep rootkit search* then choose *ok*.
Then choose OK again then you are back to the main screen.


Then click on Scan at the to right hand Corner.
It will automatically Neutralize any objects found.
If some objects are left un-neutralized then click the button that says Neutralize all
If it says it cannot be Neutralized then chooose The delete option when prompted.
After that is done click on the reports button at the bottom and save it to file name it *Kas*.
Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under *Detected* post those results in your next reply.

*Note: This tool will self uninstall when you close it so please save the log before closing it.​*
*​*


----------



## 8dalejr.fan (Nov 20, 2005)

Tried redownloading 3 times from your link and none of them ran.

Trying again by downloading it directly from the DrWeb site. If that doesn't work, I'll move on to the Kaspersky scan.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Still doesn't work.


----------



## SweetTech (Jan 1, 1970)

Try the Kaspersky tool.


----------



## 8dalejr.fan (Nov 20, 2005)

Running it now.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Only 4% done after 52 minutes. This is gonna take a while. I'll leave it on overnight and let it run.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Typing from my other computer this morning...

After 10.5 hours, it's only 39% done. 

The only things it has found so far are quarantined files from very old virus scans (a heck of a lot from Norton, which I hadn't had installed on that computer in more than 5 years. I deleted those because there's no point of having them there, plus I figured Norton got rid of them when I uninstalled their program.


----------



## SweetTech (Jan 1, 1970)

Okay. Thanks for the update. Lets see what else the Kaspersky tool finds.


----------



## 8dalejr.fan (Nov 20, 2005)

70% after 15 hours. Nothing new found since my last update.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Didn't find anything meaningful... just old quarantined items.


----------



## 8dalejr.fan (Nov 20, 2005)

Autoscan: completed 1 minute ago (events: 246, objects: 822864, time: 18:48:21)	
26/05/2010 9:45:32 PM	Task started 
26/05/2010 9:55:46 PM	Detected: Trojan-Downloader.VBS.Iframe.b	C:\Documents and Settings\Mikey Chrobok\.housecall6.6\Quarantine\1[1].htm.bac_a03544/CryptFF.b 
26/05/2010 10:00:31 PM	Deleted: Trojan-Downloader.VBS.Iframe.b	C:\Documents and Settings\Mikey Chrobok\.housecall6.6\Quarantine\1[1].htm.bac_a03544 
27/05/2010 4:21:53 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\018D1D2C/CryptFF 
27/05/2010 4:21:55 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\01F65CB9/CryptFF 
27/05/2010 4:21:55 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\000A31F0/CryptFF 
27/05/2010 7:54:47 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\000A31F0 
27/05/2010 7:54:47 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\020958A3/CryptFF 
27/05/2010 7:54:47 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\018D1D2C 
27/05/2010 7:54:47 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\020D02A0/CryptFF 
27/05/2010 7:54:51 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\01F65CB9 
27/05/2010 7:54:52 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\020958A3 
27/05/2010 7:54:53 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\02207E8A/CryptFF 
27/05/2010 7:54:53 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\021A2A91/CryptFF 
27/05/2010 7:55:03 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\021A2A91 
27/05/2010 7:55:03 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\022A7C7F/CryptFF 
27/05/2010 7:55:03 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\020D02A0 
27/05/2010 7:55:03 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\02305078/CryptFF 
27/05/2010 7:55:05 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\02207E8A 
27/05/2010 7:55:06 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\022A7C7F 
27/05/2010 7:55:08 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\023E786A/CryptFF 
27/05/2010 7:55:08 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\02305078 
27/05/2010 7:55:09 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\03560471/CryptFF 
27/05/2010 7:55:10 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\03600266/CryptFF 
27/05/2010 7:55:13 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\023E786A 
27/05/2010 7:55:13 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\038D4E33/CryptFF 
27/05/2010 7:55:13 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\03600266 
27/05/2010 7:55:14 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\039A7625/CryptFF 
27/05/2010 7:55:14 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\03560471 
27/05/2010 7:55:14 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\073D3DD3/CryptFF 
27/05/2010 7:55:30 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\073D3DD3 
27/05/2010 7:55:30 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\076E339D/CryptFF 
27/05/2010 7:55:30 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\038D4E33 
27/05/2010 7:55:30 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\077C5B8F/CryptFF 
27/05/2010 7:55:31 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\039A7625 
27/05/2010 7:55:31 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\077F058B/CryptFF 
27/05/2010 7:55:37 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\077C5B8F 
27/05/2010 7:55:39 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0AC354D1/CryptFF 
27/05/2010 7:55:42 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\076E339D 
27/05/2010 7:55:43 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0AC354D1 
27/05/2010 7:55:43 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\077F058B 
27/05/2010 7:55:44 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0ACA28CA/CryptFF 
27/05/2010 7:55:44 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0BDE6542/CryptFF 
27/05/2010 7:55:46 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0BD71149/CryptFF 
27/05/2010 7:55:50 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0ACA28CA 
27/05/2010 7:55:52 AM	Detected: Exploit.HTML.ObjData	C:\Program Files\Norton AntiVirus\Quarantine\0D22204E.htm/CryptFF 
27/05/2010 7:55:55 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0BD71149 
27/05/2010 7:55:56 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0BDE6542 
27/05/2010 7:55:56 AM	Deleted: Exploit.HTML.ObjData	C:\Program Files\Norton AntiVirus\Quarantine\0D22204E.htm 
27/05/2010 7:55:57 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D620BA5/CryptFF 
27/05/2010 7:55:57 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D4E0FBA/CryptFF 
27/05/2010 7:55:57 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D4411C5/CryptFF 
27/05/2010 7:56:07 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D4411C5 
27/05/2010 7:56:07 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D6535A1/CryptFF 
27/05/2010 7:56:07 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D620BA5 
27/05/2010 7:56:07 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D75078F/CryptFF 
27/05/2010 7:56:07 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D4E0FBA 
27/05/2010 7:56:07 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D79318B/CryptFF 
27/05/2010 7:56:17 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D79318B 
27/05/2010 7:56:17 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0D6535A1 
27/05/2010 7:56:18 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0E053790/CryptFF 
27/05/2010 7:56:18 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0DF13BA5/CryptFF 
27/05/2010 7:56:18 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0D75078F 
27/05/2010 7:56:19 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0FCB578B/CryptFF 
27/05/2010 7:56:25 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0FCB578B 
27/05/2010 7:56:25 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0FD87F7D/CryptFF 
27/05/2010 7:56:25 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0E053790 
27/05/2010 7:56:25 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0FE27D72/CryptFF 
27/05/2010 7:56:25 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0DF13BA5 
27/05/2010 7:56:25 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0FE5276F/CryptFF 
27/05/2010 7:56:29 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\0FE27D72 
27/05/2010 7:56:30 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\13596A36/CryptFF 
27/05/2010 7:56:33 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0FD87F7D 
27/05/2010 7:56:34 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\13596A36 
27/05/2010 7:56:35 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\0FE5276F 
27/05/2010 7:56:35 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\13661228/CryptFF 
27/05/2010 7:56:36 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\13E53161/CryptFF 
27/05/2010 7:56:37 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\13DB336C/CryptFF 
27/05/2010 7:56:41 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\13DB336C 
27/05/2010 7:56:41 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\174E1FCE/CryptFF 
27/05/2010 7:56:41 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\13661228 
27/05/2010 7:56:42 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\17581DC3/CryptFF 
27/05/2010 7:56:44 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\13E53161 
27/05/2010 7:56:45 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\174E1FCE 
27/05/2010 7:56:47 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\19FA600D/CryptFF 
27/05/2010 7:56:47 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\17581DC3 
27/05/2010 7:56:47 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\1A003406/CryptFF 
27/05/2010 7:56:49 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\1BED5DBA/CryptFF 
27/05/2010 7:56:53 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\19FA600D 
27/05/2010 7:56:54 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\1BED5DBA 
27/05/2010 7:56:54 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\1A003406 
27/05/2010 7:56:55 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\1BF431B3/CryptFF 
27/05/2010 7:56:55 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\279604D0/CryptFF 
27/05/2010 7:56:57 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\279030D7/CryptFF 
27/05/2010 7:57:03 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\1BF431B3 
27/05/2010 7:57:04 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\279604D0 
27/05/2010 7:57:05 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\279030D7 
27/05/2010 7:57:05 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\29A165AF/CryptFF 
27/05/2010 7:57:05 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\2AE21A07/CryptFF 
27/05/2010 7:57:05 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\29AB63A4/CryptFF 
27/05/2010 7:57:11 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\29AB63A4 
27/05/2010 7:57:11 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\29A165AF 
27/05/2010 7:57:12 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\2AE86DFF/CryptFF 
27/05/2010 7:57:12 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\2AE21A07 
27/05/2010 7:57:14 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\2AE86DFF 
27/05/2010 7:57:14 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\32FC1096/CryptFF 
27/05/2010 7:57:15 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\32FD42A1/CryptFF 
27/05/2010 7:57:15 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3303169A/CryptFF 
27/05/2010 7:57:19 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\32FC1096 
27/05/2010 7:57:19 AM	Detected: Trojan.Win32.StartPage.tj	C:\Program Files\Norton AntiVirus\Quarantine\330516DB/CryptFF 
27/05/2010 7:57:19 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3303169A 
27/05/2010 7:57:19 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\33093887/CryptFF 
27/05/2010 7:57:19 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\32FD42A1 
27/05/2010 7:57:20 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\33166079/CryptFF 
27/05/2010 7:57:25 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\33093887 
27/05/2010 7:57:27 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\33190A75/CryptFF 
27/05/2010 7:57:28 AM	Deleted: Trojan.Win32.StartPage.tj	C:\Program Files\Norton AntiVirus\Quarantine\330516DB 
27/05/2010 7:57:29 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\39073DF0/CryptFF 
27/05/2010 7:57:30 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\33166079 
27/05/2010 7:57:30 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\39113BE5/CryptFF 
27/05/2010 7:57:30 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\33190A75 
27/05/2010 7:57:30 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\39C9323D/CryptFF 
27/05/2010 7:57:36 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\39C9323D 
27/05/2010 7:57:37 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\39073DF0 
27/05/2010 7:57:37 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\39113BE5 
27/05/2010 7:57:38 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\39CF0636/CryptFF 
27/05/2010 7:57:39 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B64489E/CryptFF 
27/05/2010 7:57:40 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3AF85F15/CryptFF 
27/05/2010 7:57:45 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3AF85F15 
27/05/2010 7:57:45 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\39CF0636 
27/05/2010 7:57:45 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B64489E 
27/05/2010 7:57:46 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3B9C174C/CryptFF 
27/05/2010 7:57:47 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B954354/CryptFF 
27/05/2010 7:57:47 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3B8F6F5B/CryptFF 
27/05/2010 7:57:51 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3B8F6F5B 
27/05/2010 7:57:51 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B9F4149/CryptFF 
27/05/2010 7:57:51 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3B9C174C 
27/05/2010 7:57:52 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3E3A0B95/CryptFF 
27/05/2010 7:57:52 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B954354 
27/05/2010 7:57:52 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3E473387/CryptFF 
27/05/2010 7:57:55 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\3E3A0B95 
27/05/2010 7:57:57 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3B9F4149 
27/05/2010 7:57:57 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\3E473387 
27/05/2010 7:57:57 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\42A41EEA/CryptFF 
27/05/2010 7:57:57 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\42406494/CryptFF 
27/05/2010 7:57:57 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\42570A7B/CryptFF 
27/05/2010 7:58:02 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\42570A7B 
27/05/2010 7:58:02 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\42A41EEA 
27/05/2010 7:58:03 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\47C30D5D/CryptFF 
27/05/2010 7:58:03 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\47CA6156/CryptFF 
27/05/2010 7:58:03 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\42406494 
27/05/2010 7:58:03 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\48992EBA/CryptFF 
27/05/2010 7:58:12 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\47C30D5D 
27/05/2010 7:58:12 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\47CA6156 
27/05/2010 7:58:13 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\48992EBA 
27/05/2010 7:58:14 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\48D74C75/CryptFF 
27/05/2010 7:58:15 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\4CC25D1E/CryptFF 
27/05/2010 7:58:15 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\4CCC5B13/CryptFF 
27/05/2010 7:58:21 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\4CCC5B13 
27/05/2010 7:58:22 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\48D74C75 
27/05/2010 7:58:23 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\4CC25D1E 
27/05/2010 7:58:23 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5A6F5647/CryptFF 
27/05/2010 7:58:23 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\4CDC2D01/CryptFF 
27/05/2010 7:58:23 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\4CE300FA/CryptFF 
27/05/2010 7:58:27 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\4CE300FA 
27/05/2010 7:58:28 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5A6F5647 
27/05/2010 7:58:29 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5A932420/CryptFF 
27/05/2010 7:58:29 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\4CDC2D01 
27/05/2010 7:58:30 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5BCC05E5/CryptFF 
27/05/2010 7:58:30 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5BC95BE8/CryptFF 
27/05/2010 7:58:31 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5A932420 
27/05/2010 7:58:33 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5ECC07D0/CryptFF 
27/05/2010 7:58:36 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5BCC05E5 
27/05/2010 7:58:37 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5ECC07D0 
27/05/2010 7:58:37 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5ED25BC9/CryptFF 
27/05/2010 7:58:38 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\5BC95BE8 
27/05/2010 7:58:39 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\64A04D0A/CryptFF 
27/05/2010 7:58:39 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\64AA4AFF/CryptFF 
27/05/2010 7:58:40 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\5ED25BC9 
27/05/2010 7:58:42 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\65F96AB7/CryptFF 
27/05/2010 7:58:45 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\64A04D0A 
27/05/2010 7:58:45 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\660368AC/CryptFF 
27/05/2010 7:58:45 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\65F96AB7 
27/05/2010 7:58:45 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\66B22D9C/CryptFF 
27/05/2010 7:58:45 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\64AA4AFF 
27/05/2010 7:58:45 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\66B90194/CryptFF 
27/05/2010 7:58:50 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\66B22D9C 
27/05/2010 7:58:51 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\660368AC 
27/05/2010 7:58:52 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\66B90194 
27/05/2010 7:58:52 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\67710218/CryptFF 
27/05/2010 7:58:53 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\67825406/CryptFF 
27/05/2010 7:58:54 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\697D7405/CryptFF 
27/05/2010 7:59:00 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\697D7405 
27/05/2010 7:59:00 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\698447FE/CryptFF 
27/05/2010 7:59:00 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\67710218 
27/05/2010 7:59:00 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\69916FF0/CryptFF 
27/05/2010 7:59:02 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\67825406 
27/05/2010 7:59:03 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\698447FE 
27/05/2010 7:59:04 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\699419EC/CryptFF 
27/05/2010 7:59:05 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\69916FF0 
27/05/2010 7:59:06 AM	Detected: Backdoor.Win32.Small.dc	C:\Program Files\Norton AntiVirus\Quarantine\6CED6AF0/CryptFF 
27/05/2010 7:59:07 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\6DFE0EFB/CryptFF 
27/05/2010 7:59:08 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\699419EC 
27/05/2010 7:59:09 AM	Deleted: Backdoor.Win32.Small.dc	C:\Program Files\Norton AntiVirus\Quarantine\6CED6AF0 
27/05/2010 7:59:10 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\6E0138F7/CryptFF 
27/05/2010 7:59:14 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\6DFE0EFB 
27/05/2010 7:59:16 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\727A50B1/CryptFF 
27/05/2010 7:59:16 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\72747CB8/CryptFF 
27/05/2010 7:59:20 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\727A50B1 
27/05/2010 7:59:20 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\6E0138F7 
27/05/2010 7:59:21 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\730F7418/CryptFF 
27/05/2010 7:59:21 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\72747CB8 
27/05/2010 7:59:21 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73131E14/CryptFF 
27/05/2010 7:59:21 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\731C1C09/CryptFF 
27/05/2010 7:59:26 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\731C1C09 
27/05/2010 7:59:26 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\730F7418 
27/05/2010 7:59:26 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73237002/CryptFF 
27/05/2010 7:59:26 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\734069E2/CryptFF 
27/05/2010 7:59:26 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73131E14 
27/05/2010 7:59:26 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73513BD0/CryptFF 
27/05/2010 7:59:30 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\734069E2 
27/05/2010 7:59:31 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\736861B7/CryptFF 
27/05/2010 7:59:33 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73237002 
27/05/2010 7:59:34 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\736861B7 
27/05/2010 7:59:34 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\73513BD0 
27/05/2010 7:59:35 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\736E35AF/CryptFF 
27/05/2010 7:59:36 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\77E61DD5/CryptFF 
27/05/2010 7:59:37 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\77C823F6/CryptFF 
27/05/2010 7:59:39 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\736E35AF 
27/05/2010 7:59:40 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\77C823F6 
27/05/2010 7:59:40 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\77E61DD5 
27/05/2010 7:59:42 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7BB15353/CryptFF 
27/05/2010 7:59:42 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\780641B1/CryptFF 
27/05/2010 7:59:42 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\781D6798/CryptFF 
27/05/2010 7:59:48 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\781D6798 
27/05/2010 7:59:49 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\780641B1 
27/05/2010 7:59:49 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7BB15353 
27/05/2010 7:59:49 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\7F48641E/CryptFF 
27/05/2010 7:59:49 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7F3F6629/CryptFF 
27/05/2010 7:59:49 AM	Detected: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\7BC22541/CryptFF 
27/05/2010 7:59:54 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\7BC22541 
27/05/2010 7:59:54 AM	Deleted: Exploit.HTML.Iframe.FileDownload	C:\Program Files\Norton AntiVirus\Quarantine\7F48641E 
27/05/2010 7:59:55 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7F3F6629 
27/05/2010 7:59:55 AM	Detected: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7FBF6C43/CryptFF 
27/05/2010 7:59:58 AM	Deleted: Email-Worm.Win32.NetSky.q	C:\Program Files\Norton AntiVirus\Quarantine\7FBF6C43 
27/05/2010 4:33:54 PM	Task completed


----------



## 8dalejr.fan (Nov 20, 2005)

After I saved that log, I accidentally froze it (stupid me accidentally clicked the button copy the log of all 800,000 files lol), so I had to kill the task. 

The tool never uninstalled: can we do that?

And what do we do now that Kaspersky said it's clean?


----------



## SweetTech (Jan 1, 1970)

I think you should be able to just delete the icon off your desktop, but before doing that I'd like to check something first.

Please do the following:

Go *Start > Run* and *copy/paste* the following single-line command into the Run box and click *OK*:


```
cmd /c dir /a /s "%userprofile%\Desktop\Kaspersky Lab Tool">"%userprofile%\desktop\look.txt"
```
A file called *look.txt* should appear on your Desktop. Please post the contents of this file.

*I also take it that you are still receiving that virus alert when inserting the disc into your computer.*


----------



## 8dalejr.fan (Nov 20, 2005)

Well, I'm not sure if I can just delete it... it's set to run at startup as a background task for some reason.

There is an uninstall executable in the setup folder.

I didn't try the disc again (I have to set up my racing wheel before the game lets me turn it on... that takes some time to assemble) but I will try again later. I presume I will still get the same message though.


----------



## SweetTech (Jan 1, 1970)

Try to run the uninstaller that is in the Kaspersky folder.

Also, Please do the following.

*VirusTotal File Scan*
Please go to: *VirusTotal*











Click the *Browse* button and search for the following file: *C:\Papyrus\NASCAR Racing 2003 Season\NR2003.exe*
Click *Open*
Then click *Send File*
Please be patient while the file is scanned.
Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

*Please post the results in your next reply*


----------



## 8dalejr.fan (Nov 20, 2005)

The uninstaller popped up by itself and ran automatically.

Quirky thing is... look at the date of last start:









40 years ago!!


----------



## 8dalejr.fan (Nov 20, 2005)

The results of look.txt... I don't think it did what you want (but the tool is already gone so maybe that's why):

Volume in drive C has no label.
Volume Serial Number is 6CED-6207


----------



## 8dalejr.fan (Nov 20, 2005)

The *NR2003.exe* file was clean.

File NR2003.exe received on 2010.05.28 01:53:23 (UTC)
Current status: Loading ... finished

Result: 0/41 (0%)

Antivirus Version Last Update Result 
a-squared 4.5.0.50 2010.05.10 - 
AhnLab-V3 2010.05.28.00 2010.05.28 - 
AntiVir 8.2.1.242 2010.05.27 - 
Antiy-AVL 2.0.3.7 2010.05.26 - 
Authentium 5.2.0.5 2010.05.28 - 
Avast 4.8.1351.0 2010.05.27 - 
Avast5 5.0.332.0 2010.05.27 - 
AVG 9.0.0.787 2010.05.27 - 
BitDefender 7.2 2010.05.28 - 
CAT-QuickHeal 10.00 2010.05.27 - 
ClamAV 0.96.0.3-git 2010.05.27 - 
Comodo 4942 2010.05.25 - 
DrWeb 5.0.2.03300 2010.05.28 - 
eSafe 7.0.17.0 2010.05.27 - 
eTrust-Vet 35.2.7515 2010.05.27 - 
F-Prot 4.6.0.103 2010.05.27 - 
F-Secure 9.0.15370.0 2010.05.27 - 
Fortinet 4.1.133.0 2010.05.26 - 
GData 21 2010.05.28 - 
Ikarus T3.1.1.84.0 2010.05.28 - 
Jiangmin 13.0.900 2010.05.27 - 
Kaspersky 7.0.0.125 2010.05.27 - 
McAfee 5.400.0.1158 2010.05.28 - 
McAfee-GW-Edition 2010.1 2010.05.27 - 
Microsoft 1.5802 2010.05.28 - 
NOD32 5151 2010.05.27 - 
Norman 6.04.12 2010.05.27 - 
nProtect 2010-05-27.03 2010.05.27 - 
Panda 10.0.2.7 2010.05.27 - 
PCTools 7.0.3.5 2010.05.28 - 
Prevx 3.0 2010.05.28 - 
Rising 22.49.03.04 2010.05.27 - 
Sophos 4.53.0 2010.05.28 - 
Sunbelt 6366 2010.05.28 - 
Symantec 20101.1.0.89 2010.05.27 - 
TheHacker 6.5.2.0.288 2010.05.27 - 
TrendMicro 9.120.0.1004 2010.05.27 - 
TrendMicro-HouseCall 9.120.0.1004 2010.05.28 - 
VBA32 3.12.12.5 2010.05.27 - 
ViRobot 2010.5.20.2326 2010.05.27 - 
VirusBuster 5.0.27.0 2010.05.27 - 
Additional information 
File size: 5423105 bytes 
MD5...: 445fa8e7704ef7e3dcbaa3b293e0b6a5 
SHA1..: ce660973325d3daf4794b5288575ccf3f795ea43 
SHA256: 27e76919be6722bee0dcaddc92454fea338e99a97404df6220448314feb4500a 
ssdeep: 98304:XZM3tSZjk5jSf/QTLuCq6CIicZI5Ql3TzRd0xnIU6RLk:XZM3tSZKjSnQT
LuCq6zTVd0FvX

PEiD..: - 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xc2ebf7
timedatestamp.....: 0x3f5799e6 (Thu Sep 04 20:00:38 2003)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x2e8000 0x2e8000 6.59 e69b9ad0c7ac0619e07d50f72e486812
.rdata 0x2e9000 0x317e8 0x32000 5.34 2be2adca7dd3fecaa0feb3a9ba991559
.data 0x31b000 0x894cb9 0x46000 5.08 62c509a565c57decbb1297987806f62d
.ojhrz 0xbb0000 0x89000 0x89000 7.68 5424548b40931238d389c0e3d8a1ae0d
.nehprt 0xc39000 0xed91c 0xee000 5.39 ebd3acc2d496c088f12ebe675ed1b825
.idata 0xd27000 0x3ef8 0x4000 5.79 9fa6c92d189ec0b8ed77dd5fbfd9a6b3
.rsrc 0xd2b000 0x41278 0x42000 3.49 381b4be5189ff2539ab4b5565ed41247

( 14 imports ) 
> binkw32.dll: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected]
> rts.dll: [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@@Z, [email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected], ringbufInit, [email protected]@[email protected]@XZ, [email protected]@[email protected]@XZ, [email protected]@@[email protected]@Z, [email protected]@YAXXZ, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected]@Z, ringbufWrite, ringbufAvail, [email protected]@YAHXZ, [email protected]@YAHXZ, [email protected]@@QAE_N[email protected], [email protected]@[email protected]@[email protected], [email protected]@@[email protected]@[email protected], [email protected]@@[email protected]@[email protected]@@Z, [email protected]@@[email protected], [email protected]@YAHXZ, _fileS[email protected]@[email protected]@[email protected]@[email protected], mmxOk, [email protected]@[email protected]@@Z, [email protected]@YAPAXXZ, [email protected]@YA_NXZ, [email protected]@YAPBDXZ, [email protected]@@QAEXXZ, [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@XZ, [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@Z, [email protected]@@[email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@@[email protected]@[email protected]@@Z, [email protected]@@[email protected]@[email protected]@@Z, XYdprintf, [email protected]@[email protected]@[email protected], [email protected]@@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@@[email protected], [email protected]@@[email protected], [email protected]@@QAE_NXZ, [email protected]@@[email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@@Z, [email protected]@@[email protected]@[email protected], [email protected]@@[email protected]@[email protected], [email protected]@@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected]@Z, [email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@YAXXZ, [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@Z, [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], mgetDebugMemory, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@@Z, [email protected]@[email protected], [email protected]@[email protected][email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@@[email protected]@Z, [email protected]@[email protected], [email protected]@[email protected][email protected], [email protected]@[email protected]@[email protected], [email protected]@@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@@[email protected]@XZ, [email protected]@YANXZ, testStackUsageBegin, [email protected]@[email protected]@XZ, [email protected]@YAPBDXZ, [email protected]@YAPBDXZ, [email protected]@YAPBDXZ, [email protected]@YAXXZ, testStackUsageEnd, [email protected]@[email protected], [email protected]@[email protected], [email protected]@YAKXZ, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected], [email protected]@YAXXZ, [email protected]@[email protected]@[email protected]@[email protected], [email protected]@@[email protected]@[email protected], _fileGetDi[email protected]@[email protected]@[email protected], [email protected]@YAPBDXZ, [email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@[email protected], [email protected]@[email protected]@[email protected]@@Z, [email protected]@[email protected]@[email protected]@Z, rdtsc, [email protected]@@[email protected]@XZ, [email protected]@@QAEXXZ, [email protected]@@[email protected], [email protected]@[email protected]@[email protected], ringbufUsed, [email protected]@@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@@[email protected]@[email protected], [email protected]@@UAEXXZ, clrDebugWin, [email protected]@[email protected], mprintf, [email protected]@@[email protected]@[email protected], ringbufRead, ringbufHead, ringbufAdvanceTail, ringbufAdvanceHead, ringbufPeekNFromTail, ringbufTail
> dsound.dll: DirectSoundCreate
> dinput.dll: DirectInputCreateA
> vorbisfile.dll: ov_info, ov_open_callbacks, ov_pcm_seek, ov_clear, ov_read, ov_pcm_total
> kernel32.dll: EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetCPInfo, SetFilePointer, SetUnhandledExceptionFilter, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, GetVersionExA, GetEnvironmentVariableA, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, LCMapStringW, LCMapStringA, FatalAppExitA, TlsGetValue, SetLastError, TlsFree, TlsAlloc, HeapSize, GetUserDefaultLCID, GetDriveTypeA, GetFullPathNameA, GetCurrentDirectoryA, DeleteFileA, IsBadReadPtr, RaiseException, RtlUnwind, TerminateProcess, ExitThread, TlsSetValue, SetConsoleMode, HeapFree, ExitProcess, GetVersion, GetStartupInfoA, SystemTimeToFileTime, GetSystemTime, GetTimeZoneInformation, GetDiskFreeSpaceA, GetSystemTimeAsFileTime, GetConsoleMode, PeekConsoleInputA, GetNumberOfConsoleInputEvents, SetFileAttributesA, GetFileAttributesA, SetCurrentDirectoryA, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FindFirstFileA, GetACP, GetOEMCP, GetStringTypeA, GetStringTypeW, FlushFileBuffers, IsBadCodePtr, SetStdHandle, SetConsoleCtrlHandler, SetEndOfFile, GetLocaleInfoW, CompareStringA, CompareStringW, SetEnvironmentVariableA, SetFileTime, HeapReAlloc, LocalFileTimeToFileTime, GetVolumeInformationA, CreateDirectoryA, lstrcpyA, lstrcpynA, lstrcatA, VirtualQueryEx, GetThreadContext, GetModuleHandleA, FindResourceA, LoadResource, LockResource, SizeofResource, WideCharToMultiByte, GetShortPathNameA, SetEvent, WaitForSingleObjectEx, GetModuleFileNameA, InterlockedIncrement, InterlockedDecrement, FormatMessageA, LocalFree, MultiByteToWideChar, GetTickCount, GetThreadPriority, SuspendThread, ResumeThread, GetPriorityClass, GetCurrentThread, DuplicateHandle, GetCurrentProcess, SetPriorityClass, CreateThread, GetLocalTime, ReadConsoleInputA, HeapAlloc, WriteConsoleA, SetThreadPriority, GetProcessAffinityMask, SetThreadAffinityMask, OutputDebugStringA, GetCurrentThreadId, LeaveCriticalSection, EnterCriticalSection, GetWindowsDirectoryA, FreeLibrary, GetProcAddress, LoadLibraryA, GetPrivateProfileIntA, Sleep, QueryPerformanceCounter, QueryPerformanceFrequency, GetLastError, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, CloseHandle, OpenEventA, CreateFileMappingA, CreateEventA, WaitForMultipleObjects, PulseEvent, WaitForSingleObject, PurgeComm, GetCommState, GetCommProperties, SetCommConfig, GetCommConfig, SetCommTimeouts, GetCommTimeouts, SetCommMask, GetCommMask, SetCommState, CreateFileA, WriteFile, ResetEvent, GetOverlappedResult, ReadFile, ClearCommError, GetCommandLineA, CreateProcessA, InitializeCriticalSection, DeleteCriticalSection, GetTempPathA, ReleaseMutex, DeviceIoControl, GetCurrentProcessId, GetUserDefaultLangID, OpenProcess, GetSystemDirectoryA, WriteProcessMemory, SearchPathA, CreateMutexA, CreateSemaphoreA, ReleaseSemaphore, FindNextFileA, GetDiskFreeSpaceExA, VirtualProtectEx, QueryDosDeviceA
> user32.dll: GetSystemMenu, GetWindowLongA, SetWindowPos, GetWindowRect, GetDesktopWindow, GetParent, ChangeDisplaySettingsA, ReleaseDC, GetDC, SetWindowTextA, ShowCursor, GetSystemMetrics, ScreenToClient, GetCursorPos, SetCursorPos, ClientToScreen, PostMessageA, GetKeyState, DeleteMenu, GetKeyNameTextA, InvalidateRect, MessageBoxA, DestroyWindow, CreateWindowExA, RegisterClassA, LoadCursorA, SystemParametersInfoA, DefWindowProcA, LoadStringA, SetClassLongA, GetClassLongA, LoadIconA, DestroyIcon, DestroyCursor, SendMessageA, wsprintfA, IsWindow, GetClientRect, GetUpdateRect, DispatchMessageA, TranslateMessage, PeekMessageA, SetWindowLongA, SetForegroundWindow, GetActiveWindow, CallWindowProcA, EndPaint, BeginPaint, DrawTextA, PostQuitMessage, SetActiveWindow, SetFocus, UpdateWindow, ShowWindow, CopyImage, LoadImageA, SetSystemCursor, LoadCursorFromFileA, UnregisterClassA
> winmm.dll: mmioOpenA, mmioDescend, mmioClose, mmioAscend, mmioRead, joyGetPos, timeBeginPeriod, timeGetDevCaps, timeEndPeriod
> wsock32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
> gdi32.dll: PatBlt, GetTextExtentPoint32A, SetBkMode, SetBkColor, SetTextColor, SelectObject, CreateFontA, GetDeviceCaps, StretchBlt, BitBlt, DeleteDC, CreateCompatibleDC, CreateDIBSection, GetStockObject, DeleteObject, CreateBitmap, CreateCompatibleBitmap, StretchDIBits, SetStretchBltMode, RectVisible
> advapi32.dll: RegCreateKeyExA, RegCloseKey, RegQueryValueExA, RegEnumKeyExA, RegOpenKeyExA, RegSetValueExA, RegDeleteValueA, RegDeleteKeyA, RegEnumValueA, ControlService, QueryServiceConfigA, QueryServiceStatus, OpenSCManagerA, CreateServiceA, OpenServiceA, StartServiceA, DeleteService, CloseServiceHandle, RegOpenKeyA
> ole32.dll: CoUninitialize, CoInitialize, CoCreateInstance
> shell32.dll: ShellExecuteA
> version.dll: GetFileVersionInfoA, GetFileVersionInfoSizeA, VerQueryValueA

( 287 exports ) 
[email protected][email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@[email protected], [email protected][email protected]@@@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@@@[email protected], [email protected][email protected]@@@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@@@[email protected], [email protected][email protected]@@@@[email protected]@[email protected]@[email protected], [email protected][email protected]@@@@[email protected][email protected]@@[email protected], [email protected][email protected]@@@@[email protected], [email protected]@[email protected], [email protected]@[email protected]@@Z, [email protected]@[email protected]@@[email protected], [email protected]@[email protected], [email protected]@[email protected], __0[email protected]@[email protected]@Z, [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@@QBEQBDXZ, [email protected]@@[email protected]@XZ, [email protected][email protected][email protected]@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected]@@QBEHXZ, [email protected]@@QBE_NXZ, [email protected]@@QBE_NXZ, [email protected]@@QAEPBDXZ, [email protected]@[email protected]@XZ, [email protected][email protected][email protected]@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected]@@[email protected], [email protected]@@QBEQBDXZ, [email protected]@@[email protected], [email protected]@[email protected], [email protected][email protected][email protected]@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], _Par[email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected][email protected][email protected]@@@@UAEXXZ, [email protected]@@QBEQBDXZ, [email protected]@@[email protected], [email protected]@@[email protected], [email protected]@@[email protected], [email protected][email protected][email protected]@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@UAEX[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@UAE_NXZ, [email protected][email protected][email protected]@@@@UAE_NXZ, [email protected][email protected][email protected]@@@@UAE_NXZ, [email protected][email protected][email protected]@@@@UAE_NXZ, [email protected][email protected][email protected]@@@@UAE_NXZ, [email protected][email protected][email protected]@@@@UAE_NXZ, [email protected]@@[email protected]@XZ, [email protected][email protected][email protected]@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected][email protected][email protected]@@@@[email protected], [email protected]@@QAEXXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected]@[email protected]@Z, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YA_NXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YAHXZ, [email protected]@@QBEPBDXZ, [email protected]@@[email protected]@XZXZ, [email protected]@YAHXZ, [email protected]@YAHXZ, [email protected]@YAHXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected]@YA_NXZ, [email protected][email protected]@QAE_NXZ, [email protected]@@QAE_NXZ, [email protected]@@QAE_NXZ, [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], [email protected]@YA[email protected], [email protected]@@[email protected], [email protected]@YA_NXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YAXXZ, [email protected]@YA_KXZ, [email protected]@YA_KXZ, [email protected]@YA_KXZ, [email protected]@[email protected]@XZ, [email protected]@YAHXZ, [email protected]@YAMXZ, [email protected]@[email protected]@XZ, [email protected]@YA_NXZ, [email protected]@[email protected]@@Z, [email protected]@[email protected], [email protected]@YAXXZ, [email protected]@[email protected], [email protected]@[email protected]@@Z, [email protected]@[email protected], [email protected]@[email protected], [email protected]@[email protected], pcre_free, pcre_malloc

RDS...: NSRL Reference Data Set
- 
pdfid.: - 
trid..: DirectShow filter (47.7%)
Windows OCX File (29.2%)
Petite compressed Win32 executable (16.9%)
DOS Executable Borland C++ (3.0%)
Win32 Executable Generic (2.0%) 
sigcheck:
publisher....: Sierra Entertainment, Inc.
copyright....: Copyright (c) 2003 Sierra Entertainment, Inc.
product......: NR2003
description..: NASCAR Racing 2003 Season
original name: NR2003.exe
internal name: NR2003
file version.: 1, 2, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


----------



## SweetTech (Jan 1, 1970)

I am starting to run out of ideas. I need to think about this a little more and see what else I can come up with.


----------



## 8dalejr.fan (Nov 20, 2005)

Thanks for your efforts. 

It seems like we're both stumped.


----------



## SweetTech (Jan 1, 1970)

*Run TrendMicro Sysclean Package*

Please download and run the Trend Micro Sysclean Package on your computer.
*NOTE!* This scan will probably take a long time to run on your computer so be patient and don't use it while it's scanning.

*Trend Micro Damage Cleanup Engine*

[*]Make sure you read this document to understand how to use the program. Trend Micro Sysclean Package *README 1st*
[*]Basically there are 3 parts that need to be downloaded from these links:​
Sysclean Package
Virus Pattern Files
Spyware Pattern Files


As an example on 2008-10-17 the files to download are: *sysclean.com* | *lpt605.zip* | *ssapiptn697.zip*
*NOTE!* These file names are examples and you must visit Trend Micro for the very latest files which may have different names.
Create a brand new folder to copy these files to.
As an example: *C:\DCE*
Then open each of the zipped archive files and copy their contents to *C:\DCE*
Copy the file *sysclean.com* to the new folder *C:\DCE* as well.
Double-click on the file *sysclean.com* that is in the *C:\DCE* folder and follow the on-screen instructions.

After doing all of this, please post back your results, including the log file *sysclean.log* that will be left behind by sysclean.

This self-extracting archive is a stand-alone fix package that incorporates the Trend Micro VSAPI Malware and Spyware scanning engines as well as the Trend Micro Damage Cleanup Engine and Template.
*This tool supports the following features:*
o Terminate all detected malware/spyware instances in memory
o Remove malware/spyware registry entries
o Remove malware/spyware entries from system files
o Scan for and delete all detected malware/spyware copies in all local drives
How To Use Compressed (Zipped) Folders in Windows XP​


----------



## 8dalejr.fan (Nov 20, 2005)

Well, I'll try it tomorrow. I can't leave the computer on all night again - makes the room so hot I can't sleep (not to mention it making my hydro bill go up). 

Do you think it'll take 18 hours like the last scan?


----------



## SweetTech (Jan 1, 1970)

It's quite possible that it may.

Why don't you hold off on doing the above scan. Let me take the night to think about this some more and do a little more research and see what I come up with tomorrow.


----------



## 8dalejr.fan (Nov 20, 2005)

Okay.


----------



## SweetTech (Jan 1, 1970)

Hello,

I'd like for you to proceed with running the TrendMicro Sysclean Package.


----------



## 8dalejr.fan (Nov 20, 2005)

I'll run this now.


----------



## SweetTech (Jan 1, 1970)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

Could you please point me in the direction of the files to download? I read the readme but the links in it don't point me to anything. I can't find the virus pattern.


----------



## 8dalejr.fan (Nov 20, 2005)

Is it the Enterprise Pattern - Windows that I'm looking for?


----------



## 8dalejr.fan (Nov 20, 2005)

And the spyware pattern - the only one I see is *ssaptn931.zip* but the readme says to look for a file called *ssapiptn* (extra p and i).


----------



## SweetTech (Jan 1, 1970)

Use the links in this post here: http://forums.techguy.org/7411938-post122.html

I believe the links I have there are the links to the updated download location for those files.


----------



## SweetTech (Jan 1, 1970)

Actually use this link for the Spyware Pattern Downloads.

Sorry for all of the confusion. These links are a pain to find.


----------



## 8dalejr.fan (Nov 20, 2005)

Okay.


----------



## 8dalejr.fan (Nov 20, 2005)

The Readme is confusing. First they say:

1) Disable antivirus
2) Click on the Sysclean.com file
3) Enable antivirus
4) Run a scan

Is this correct? They tell me to disable AV, but have it enabled when I run the scan?!

Or do they mean to manually scan with Avast after I run Sysclean? (This is pointless: I've already done this and nothing is there).


----------



## SweetTech (Jan 1, 1970)

The last time I ran this tool I didn't run into so many problems with this. Lets scratch this tool. I need to see what other options we have.


----------



## 8dalejr.fan (Nov 20, 2005)

Okay.


----------



## SweetTech (Jan 1, 1970)

I've been looking through this whole thread again, and I'm starting to seriously think that this is a False Positive from Avast. In one of your previous posts you mentioned something about an animated cursor that this game utilizes. I have a feeling that Avast may not like this and thus are alerting you to an infection. You may want to consider submitting the file(s) to Avast the next time you are prompted with this alert.

I'm sorry I should have thought of this earlier.


----------



## 8dalejr.fan (Nov 20, 2005)

Makes sense... to tell you the truth, I don't think I started getting these messages until after I updated Avast. 

If I submit the file to Avast through the program, will they get back to me or anything?

Or should I (risk it) take the file out of the quarantine the next time it pops up and run it through VirusTotal?

I can ask some of my fellow NR2003ers using Avast if they get this message... but what if they don't?


----------



## SweetTech (Jan 1, 1970)

8dalejr.fan said:


> Makes sense... to tell you the truth, I don't think I started getting these messages until after I updated Avast.
> 
> If I submit the file to Avast through the program, will they get back to me or anything?
> 
> ...


I believe there should be some way to include your e-mail address when submitting the file to Avast. But I'm not absolutely positive.

You could take the file ut of quarantine the next time it pops up and see what VirusTotal has to say about he file on question.

If your fellow NR2003ers don't get this message then we'll have to take things from there.

Lets hope that this is a false positive.


----------



## 8dalejr.fan (Nov 20, 2005)

I posted a question there. Let's see what they have to say. 
http://www.rubbins-racin.com/forum/viewtopic.php?f=20&t=62484


----------



## SweetTech (Jan 1, 1970)

Okay. Lets see what others say.


----------



## 8dalejr.fan (Nov 20, 2005)

Will (WG_TRG) said:



> I got it with AVG. Just set it to ignore NR2003.


So perhaps it is a false positive.


----------



## SweetTech (Jan 1, 1970)

Yeah, it appears that it is.


----------



## 8dalejr.fan (Nov 20, 2005)

Still weird though that the game (and not something rogue) would produce "rmbamswissarm.sys".


----------



## SweetTech (Jan 1, 1970)

Yeah, that is a little weird.


----------



## 8dalejr.fan (Nov 20, 2005)

Well, not everybody is getting it. Somebody else told me that:



> I use Avast and NR2003 and have never encountered such a problem.


----------



## SweetTech (Jan 1, 1970)

Well that is interesting. I'm not sure what to tell you. I'm not seeing any sings of an infection being on your computer, so the only other thing that I believe it is would be a false positive.


----------



## 8dalejr.fan (Nov 20, 2005)

Ok. Thanks for your efforts ST.


----------



## SweetTech (Jan 1, 1970)

Hello,

Your more than welcome.

*We just have a few housekeeping issues to address now.*

*If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.*

*NEXT:*

*Time for some housekeeping*
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: *ComboFix /Uninstall *

*NEXT:*

*OTL Clean-Up*
Clean up with *OTL:*

Double-click *OTL.exe* to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CLEANUP* button
Say *Yes* to the prompt and then allow the program to reboot your computer.
*If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.*

*NEXT:*

*All Clean Speech*

*===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===*​Below I have included a number of recommendations for how to protect your computer against malware infections.

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article*
Strong passwords: How to create and use them* then consider a *password keeper,* to keep all your passwords safe.

Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

*SpywareBlaster* protects against bad ActiveX, it immunizes your PC against them.

*SpywareGuard* offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

*Make Internet Explorer more secure*
Click *Start* > *Run*
Type *Inetcpl.cpl* & click *OK*
Click on the *Security* tab
Click *Reset all zones to default level*
Make sure the *Internet Zone* is selected & Click *Custom level*
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click *OK*, then *Apply* button and then *OK* to exit the Internet Properties page.

*ATF Cleaner* - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

*MVPS Hosts file* replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
*WOT*, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
*Green* to go
*Yellow* for caution
*Red* to stop
WOT has an addon available for both Firefox and IE
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from *Here*
If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
*NoScript* - for blocking ads and other potential website attacks


*Keep a backup of your important files* - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

*ERUNT* (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
*Think Prevention.*
*PC Safety and Security--What Do I Need?.*

***Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them. *

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.


----------



## 8dalejr.fan (Nov 20, 2005)

I still believe they're rogue. Look how close they are to legit file names:

rmbamswissarm.sys (mbamswissarmy.sys)
xctaud2k.sys (ctaud2k.sys)
cati1xbx.sys (ati1xbx.sys)
mvolsnap.sys (volsnap.sys) 
susbcamd.sys (usbcamd.sys)
sipsec.sys (ipsec.sys)
qslip.sys (slip.sys)
ntosdvd.sys (tosdvd.sys)
kwanarp.sys (wanarp.sys)
uatmepvc.sys (atmepvc.sys)

Every file reported as being infected has an additional letter at the front compared to a legit file name.


----------

