# Spyware on my computer.



## darkcloud099 (Jan 12, 2010)

Hi I recently visited a website to watch movies online(sherlock holmes) and the website downloaded a spyware onto my computer and i can't get rid of it. Any help will be greatly appreciated! thanks a lot
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:41:33 AM, on 1/12/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/redirects/inclient/resetpassword.adp?loginId=
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Rkupasejadazayu] rundll32.exe "C:\WINDOWS\ewixabok.dll",Startup
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1220656730762
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 8612 bytes


----------



## emeraldnzl (Nov 3, 2007)

Hello darkcloud099,

Welcome to TSG.

Viewpoint Manager is considered as *foistware* instead of malware since it is mostly installed without users approval. This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

Up to you but I recommend removal of this program. Click on *Start* > *Control Panel* > *Add or Remove Programs* uninstall the following if they exist: *Viewpoint, Viewpoint Manager, Viewpoint Media Player*.

*Now*

You may have used Malwarebytes before. If you have, and still have it on your machine, please update and run. Post the scan report back here.

If you do not have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTL.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply.

*So when you return please post
MBAM log
the two OTL logs - OTL.txt and Extras.txt
*
Note: Unless otherwise instructed always post the logs in the forum. If reports don't fit on one post. It might be necessary to break the logs up to get them on the forum. Just use as many posts as you need, that's fine.


----------



## darkcloud099 (Jan 12, 2010)

thanks for the response! 
here's the mbam log you requested
Malwarebytes' Anti-Malware 1.44
Database version: 3554
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

1/13/2010 9:51:08 AM
mbam-log-2010-01-13 (09-51-08).txt

Scan type: Quick Scan
Objects scanned: 125627
Time elapsed: 9 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\helper32.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\Multi\Local Settings\Temporary Internet Files\Content.IE5\V3JQ291H\dfghfghgfj[1].dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\IS15.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.


----------



## darkcloud099 (Jan 12, 2010)

OTL Extras logfile created on: 1/13/2010 9:53:52 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Multi\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 320.26 Gb Free Space | 68.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC-E138B5FE005
Current User Name: Multi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\Administrator\Desktop\Claw\Redvex\Redvex 3.2 2-25-08\RedVex2.exe" = C:\Documents and Settings\Administrator\Desktop\Claw\Redvex\Redvex 3.2 2-25-08\RedVex2.exe:*:Enabled:RedVex2 -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*isabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\ijji\ENGLISH\u_gbound.exe" = C:\ijji\ENGLISH\u_gbound.exe:*:Enabled:<ijji Downloader> -- File not found
"C:\Program Files\Raptr\Raptr.exe" = C:\Program Files\Raptr\Raptr.exe:*:Enabled:Raptr Client -- File not found
"C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme" = C:\ijji\ENGLISH\Gunbound Revolution\GunBound.gme:*:Enabled:GunBound -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{235BBFC6-D863-4066-A01A-3BD504C31033}" = Nero 7 Premium
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3062D9D0-0EF0-4F0D-9575-26013FF60FC9}" = MapleStory
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{4FC583C2-45DB-44ac-AD30-8837DB845588}" = HP Photosmart Printer Software 9.0
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{F42B3AC4-A1C7-4AB0-A73E-6BDDE7043C80}" = 
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8E4B50E-A277-49f9-9BE2-39333B608989}" = D7200_Help
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2A8DE20-C75F-4799-8851-39E04771E2A1}" = PS_SF_02_Software_min
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E6DE49CA-30D6-427a-9440-09962E3CB9B8}" = PS_SF_02_ProductContext
"{E71C66F6-3D4A-4afd-89FC-0B00E8F4C974}" = D7200
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE95B5F7-F280-4b1c-89A6-CBDD59146581}" = PS_SF_02_Software
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F9954DA5-165D-47f5-94C3-95FDE3EB1BF3}" = D7200_doccd
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"avast!" = avast! Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel(R) PRO Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"VLC media player" = VLC media player 0.9.6
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9/8/2009 4:32:08 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\MULTI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HJXJLV1N.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}\DEFAULTS\PREFERENCES\DEFAULTS.JS
failed, 00000005.

Error - 9/8/2009 4:32:08 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\MULTI\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\HJXJLV1N.DEFAULT\PREFS.JS
failed, 00000005.

Error - 11/5/2009 12:15:53 AM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://viewmorepics.myspace.com/Mod...ices/PhotosQuickPostService.asmx/AddQuickPost
failed, 0000A413.

Error - 11/5/2009 12:34:43 AM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://viewmorepics.myspace.com/Mod...ices/PhotosQuickPostService.asmx/AddQuickPost
failed, 0000A413.

Error - 11/5/2009 8:42:55 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.meebo.com/mcmd/events?se...342a4694d66b3e&rev=15&clientId=0&focusTime=64
failed, 0000A413.

Error - 11/5/2009 10:17:25 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://news.yahoo.com/api/news/news...45bc82426c9fb23d21fa/ratetype/get/output/json
failed, 0000A413.

Error - 11/6/2009 11:03:55 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://suggestqueries.google.com/co...eResponse&q=Autumn's Concerto Episode 6&cp=27
failed, 0000A413.

Error - 11/8/2009 2:01:50 AM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://viewmorepics.myspace.com/Mod...ices/PhotosQuickPostService.asmx/AddQuickPost
failed, 0000A413.

Error - 11/9/2009 11:52:53 PM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://fim.adnxs.com/fpt?id=3593&si...encenetwork.com&age=&gender=&cb=1257825173752
failed, 0000A413.

Error - 11/15/2009 6:53:36 AM | Computer Name = ABC-E138B5FE005 | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://us.mc820.mail.yahoo.com/yab-...282375&auth=1981aa1081249b0e286b0da83102ebed&
failed, 0000A413.

[ Application Events ]
Error - 12/6/2009 10:55:12 PM | Computer Name = ABC-E138B5FE005 | Source = Application Error | ID = 1000
Description = Faulting application adobe_updater.exe, version 6.2.0.1474, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 12/14/2009 7:14:56 AM | Computer Name = ABC-E138B5FE005 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/18/2009 6:12:45 PM | Computer Name = ABC-E138B5FE005 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 12/21/2009 2:37:59 AM | Computer Name = ABC-E138B5FE005 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16945, faulting
module ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 12/21/2009 2:38:04 AM | Computer Name = ABC-E138B5FE005 | Source = Application Error | ID = 1001
Description = Fault bucket 1595852665.

Error - 12/24/2009 7:53:14 AM | Computer Name = ABC-E138B5FE005 | Source = Application Hang | ID = 1002
Description = Hanging application iw4sp.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/30/2009 4:49:54 PM | Computer Name = ABC-E138B5FE005 | Source = Application Error | ID = 1000
Description = Faulting application iw4sp.exe, version 0.0.0.0, faulting module iw4sp.exe,
version 0.0.0.0, fault address 0x0027461a.

Error - 12/31/2009 6:05:16 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault
address 0x000467e8.

Error - 1/9/2010 3:20:00 PM | Computer Name = ABC-E138B5FE005 | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.0.2.20, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x00018af2.

Error - 1/12/2010 9:15:45 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r5ha.dll, version 61.71.246.0, stamp 460a27bd, debug? 0, fault
address 0x000467e8.

[ OSession Events ]
Error - 9/16/2009 2:37:40 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 1286 seconds with 1020 seconds of active time. This session ended with a
crash.

Error - 9/17/2009 6:16:00 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 3704 seconds with 780 seconds of active time. This session ended with a 
crash.

Error - 10/17/2009 2:59:09 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 8033 seconds with 480 seconds of active time. This session ended with a 
crash.

Error - 10/17/2009 5:44:16 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 8256 seconds with 1020 seconds of active time. This session ended with a
crash.

Error - 10/18/2009 1:53:36 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 14712 seconds with 2100 seconds of active time. This session ended with 
a crash.

Error - 10/18/2009 6:43:38 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 10984 seconds with 1560 seconds of active time. This session ended with 
a crash.

Error - 10/19/2009 7:37:45 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 1382 seconds with 660 seconds of active time. This session ended with a 
crash.

Error - 10/19/2009 7:53:29 PM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 34 seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/27/2009 3:50:34 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 3808 seconds with 420 seconds of active time. This session ended with a 
crash.

Error - 10/27/2009 10:12:49 AM | Computer Name = ABC-E138B5FE005 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.6021.5000. This session 
lasted 22297 seconds with 2400 seconds of active time. This session ended with 
a crash.

< End of report >


----------



## darkcloud099 (Jan 12, 2010)

OTL logfile created on: 1/13/2010 9:53:52 AM - Run 1
OTL by OldTimer - Version 3.1.24.0 Folder = C:\Documents and Settings\Multi\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 320.26 Gb Free Space | 68.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ABC-E138B5FE005
Current User Name: Multi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Multi\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe ()
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Multi\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\ewixabok.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (NVSvc) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (libusb0) -- C:\WINDOWS\system32\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (USBAAPL) -- C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (e1express) Intel(R) -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (PPortJoystick) -- C:\WINDOWS\system32\drivers\PPortJoy.sys (Deon van der Westhuysen)
DRV - (PPJoyBus) -- C:\WINDOWS\system32\drivers\PPJoyBus.sys (Deon van der Westhuysen)
DRV - (usbser) -- C:\WINDOWS\system32\drivers\usbser.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (MN110-50) Microsoft(R) -- C:\WINDOWS\system32\drivers\MN110-50.SYS (Microsoft)

========== Standard Registry (All) ==========


----------



## darkcloud099 (Jan 12, 2010)

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {7A94E01E-EA07-44B8-AEB2-138FA5E763B8}:1.9.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/01 22:23:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}: C:\Documents and Settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8} [2010/01/12 01:18:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/05 19:57:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/12 22:09:05 | 00,000,000 | ---D | M]

[2009/03/29 17:04:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Mozilla\Extensions
[2009/03/29 17:04:12 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Multi\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/12 16:51:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\hjxjlv1n.default\extensions
[2009/09/02 22:44:49 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Profiles\hjxjlv1n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/12 16:51:07 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 19:57:45 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/09/14 00:46:10 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2010/01/05 19:57:45 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/01/05 19:57:45 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/11/06 08:33:48 | 01,332,224 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2008/12/10 16:33:34 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/07 13:20:42 | 00,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
[2009/07/07 13:20:42 | 00,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
[2010/01/05 19:57:45 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006/10/26 19:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/03/08 13:00:15 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/07/29 23:24:20 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/29 23:24:20 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/07/29 23:24:20 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/29 23:24:20 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/29 23:24:20 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/29 23:24:20 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/07/29 23:24:20 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: (288941 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 9977 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [Rkupasejadazayu] C:\WINDOWS\ewixabok.DLL ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1220656730762 (WUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Multi\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/09/05 14:54:29 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========


----------



## darkcloud099 (Jan 12, 2010)

[2010/01/13 09:37:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Multi\Application Data\Malwarebytes
[2010/01/13 09:37:33 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/13 09:37:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/01/13 09:37:30 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/13 09:37:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/12 11:03:12 | 00,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010/01/12 11:03:12 | 00,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010/01/12 01:58:05 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/01/12 01:56:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/01/12 01:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/12 01:18:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}
[2009/12/23 03:15:34 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2009/12/23 03:15:34 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2009/12/23 03:15:34 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2009/12/23 03:15:34 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2009/12/23 03:15:33 | 04,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2009/12/23 03:15:33 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2009/12/23 03:15:33 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2009/12/23 03:15:33 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2009/12/23 03:15:33 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2009/12/23 03:15:33 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2009/12/23 03:15:32 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2009/12/23 03:15:32 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2009/12/23 03:15:32 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2009/12/23 03:15:31 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2009/12/23 02:36:24 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/01/06 09:35:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/05 15:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CallingID
[2008/09/05 14:57:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/05 14:57:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/09/05 14:57:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/09/05 14:57:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/13 09:52:43 | 00,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\tonuimac.sys
[2010/01/13 09:37:14 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Multi\NTUSER.DAT
[2010/01/13 09:25:50 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/13 09:24:45 | 00,206,065 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/13 09:24:39 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/13 09:20:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/13 09:20:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/13 09:20:35 | 32,102,89152 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/13 09:19:42 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Multi\ntuser.ini
[2010/01/13 09:15:28 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Fsolewerecome.bin
[2010/01/12 23:18:22 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/12 22:08:49 | 00,000,120 | ---- | M] () -- C:\WINDOWS\Sjaweqepijo.dat
[2010/01/12 01:56:13 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/12 01:41:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Multi\Desktop\HijackThis.lnk
[2010/01/12 01:26:29 | 00,288,941 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 17:55:16 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/01/01 01:24:46 | 00,000,132 | ---- | M] () -- C:\Documents and Settings\Multi\default.pls
[2009/12/31 15:16:25 | 00,008,445 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[2009/12/27 19:27:39 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\Multi\Desktop\Shortcut to iw4mp.lnk
[2009/12/27 02:26:35 | 00,052,736 | ---- | M] () -- C:\Documents and Settings\Multi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 03:17:14 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\Multi\Desktop\Shortcut to iw4sp.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/13 09:52:42 | 00,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\tonuimac.sys
[2010/01/12 02:01:17 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/12 01:56:13 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/01/12 01:41:22 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Multi\Desktop\HijackThis.lnk
[2010/01/12 01:18:15 | 00,000,120 | ---- | C] () -- C:\WINDOWS\Sjaweqepijo.dat
[2010/01/12 01:18:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Fsolewerecome.bin
[2009/12/27 19:27:39 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\Multi\Desktop\Shortcut to iw4mp.lnk
[2009/12/23 03:17:14 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\Multi\Desktop\Shortcut to iw4sp.lnk
[2009/08/09 20:25:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/07/14 16:15:00 | 00,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/06/10 07:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/05 21:57:47 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/04/20 13:49:48 | 00,318,594 | ---- | C] () -- C:\Documents and Settings\Multi\Application Data\NMM-MetaData.db
[2009/03/29 17:03:17 | 00,052,736 | ---- | C] () -- C:\Documents and Settings\Multi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/19 22:31:41 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/01/21 13:29:43 | 00,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/11/06 08:37:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/11/06 08:34:00 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/11/06 08:33:02 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/10/29 06:11:13 | 00,012,912 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/10 12:30:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/05 15:14:52 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/16 13:01:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/03/29 22:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/08/03 17:07:00 | 00,172,032 | ---- | C] () -- C:\WINDOWS\ewixabok.dll

========== LOP Check ==========

[2008/09/09 22:20:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/10/12 20:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/06/05 22:03:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/10/10 11:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/10/10 11:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/01/12 22:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/05 14:59:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/08 13:00:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/03/29 17:00:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\acccore
[2009/08/10 17:26:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Bioshock
[2009/04/30 12:16:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\com.raptr.Raptr.848BBC53270CAC248E8FA0F339176201CDEB525F.1
[2009/06/05 22:03:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\DAEMON Tools Pro
[2009/07/02 12:19:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\fltk.org
[2010/01/03 11:52:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\LimeWire
[2009/05/25 16:07:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Nexon
[2009/04/20 13:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Nokia
[2009/04/20 13:41:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\PC Suite
[2009/04/30 12:16:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\Raptr
[2010/01/12 23:16:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Multi\Application Data\uTorrent
[2010/01/13 09:25:50 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========

< End of report >


----------



## emeraldnzl (Nov 3, 2007)

Hello darkcloud099,

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:OTL
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Rkupasejadazayu] C:\WINDOWS\ewixabok.DLL ()
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Commands
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.
*Next*

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

***Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall***

When finished, it will produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

*So when you return please post
OTL log.txt
ComboFix.txt
*


----------



## darkcloud099 (Jan 12, 2010)

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Rkupasejadazayu deleted successfully.
C:\WINDOWS\ewixabok.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\LaunchU3.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 1367018021 bytes
->Temporary Internet Files folder emptied: 59019967 bytes
->Java cache emptied: 35701757 bytes
->FireFox cache emptied: 130652963 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Multi
->Temp folder emptied: 20901608 bytes
->Temporary Internet Files folder emptied: 49605754 bytes
->Java cache emptied: 5073908 bytes
->FireFox cache emptied: 113864023 bytes

User: NetworkService
->Temp folder emptied: 22440 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1024388 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23937330 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 3921049204 bytes

Total Files Cleaned = 5,465.00 mb

OTL by OldTimer - Version 3.1.24.0 log created on 01152010_135132

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_6e4.dat moved successfully.

Registry entries deleted on Reboot...


----------



## emeraldnzl (Nov 3, 2007)

Looking good so far.

Look forward to the ComboFix log.


----------



## darkcloud099 (Jan 12, 2010)

ComboFix 10-01-18.03 - Multi 01/19/2010 7:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3062.2400 [GMT -8:00]
Running from: c:\documents and settings\Multi\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100119-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}
c:\documents and settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}\chrome.manifest
c:\documents and settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}\chrome\content\_cfg.js
c:\documents and settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}\chrome\content\overlay.xul
c:\documents and settings\Multi\Local Settings\Application Data\{7A94E01E-EA07-44B8-AEB2-138FA5E763B8}\install.rdf
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.

2010-01-17 03:44 . 2010-01-17 03:44 81 ----a-w- C:\CTX.DAT
2010-01-17 03:44 . 2010-01-17 03:44 -------- d-----w- c:\documents and settings\Multi\Citrix
2010-01-15 21:51 . 2010-01-15 21:51 -------- d-----w- C:\_OTL
2010-01-13 17:37 . 2010-01-13 17:37 -------- d-----w- c:\documents and settings\Multi\Application Data\Malwarebytes
2010-01-13 17:37 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-13 17:37 . 2010-01-13 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-13 17:37 . 2010-01-13 17:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-13 17:37 . 2010-01-08 00:07 19160 ----a-w-  c:\windows\system32\drivers\mbam.sys
2010-01-13 07:19 . 2010-01-13 07:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2010-01-12 19:03 . 2009-08-07 03:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-01-12 19:03 . 2009-08-07 03:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-01-12 09:58 . 2010-01-14 19:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-12 09:56 . 2010-01-12 09:56 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-01-12 09:41 . 2010-01-12 09:41 -------- d-----w- c:\program files\Trend Micro
2010-01-12 09:18 . 2010-01-15 21:51 120 ----a-w- c:\windows\Sjaweqepijo.dat
2010-01-12 09:18 . 2010-01-15 16:56 0 ----a-w- c:\windows\Fsolewerecome.bin
2009-12-23 10:36 . 2009-12-23 10:36 -------- d-----w- c:\program files\Activision

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 02:07 . 2008-09-10 00:02 -------- d-----w- c:\program files\Diablo II
2010-01-18 17:01 . 2009-04-04 05:32 -------- d-----w- c:\documents and settings\Multi\Application Data\LimeWire
2010-01-17 02:33 . 2009-05-18 05:46 69296 ----a-w- c:\documents and settings\Multi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-16 23:28 . 2009-08-27 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-16 23:25 . 2009-08-27 01:25 -------- d-----w- c:\program files\Microsoft Works
2010-01-16 21:01 . 2009-08-06 19:19 -------- d-----w- c:\program files\Heroes of Newerth
2010-01-15 04:18 . 2009-04-21 17:28 -------- d-----w- c:\documents and settings\Multi\Application Data\uTorrent
2010-01-13 06:09 . 2008-09-10 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-31 23:16 . 2008-09-10 06:48 8445 ----a-w- c:\windows\DIIUnin.dat
2009-12-10 02:38 . 2009-09-17 02:03 -------- d-----w- c:\documents and settings\Multi\Application Data\U3
2009-12-03 05:15 . 2008-12-08 09:09 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-24 23:54 . 2008-09-28 18:01 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-09-28 18:01 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-09-28 18:01 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-09-28 18:01 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-09-28 18:01 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-09-28 18:01 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-09-28 18:01 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-09-28 18:01 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-09-28 18:01 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-21 16:36 . 2004-08-04 01:07 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:46 . 2004-08-04 01:07 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-17 139264]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-05-07 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 09:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-10-01 20:57 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 20:06 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 23:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Activision\\Modern Warfare 2\\iw4mp.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/5/2009 9:57 PM 685816]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/28/2008 10:01 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/28/2008 10:01 AM 20560]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.2;c:\windows\system32\drivers\libusb0.sys [7/19/2009 8:00 PM 28160]
S3 MN110-50;Microsoft(R) USB Adapter MN-110;c:\windows\system32\drivers\MN110-50.SYS [4/23/2008 8:40 AM 25165]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [1/23/2004 3:33 PM 13952]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [1/23/2004 3:32 PM 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-03 01:36]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.aim.com/redirects/inclient/resetpassword.adp?loginId=
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Multi\Application Data\Mozilla\Firefox\Profiles\hjxjlv1n.default\
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 07:28
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A75C1E8]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb810cfc3
\Driver\ACPI -> ACPI.sys @ 0xb7e7dcb8
\Driver\atapi -> 0x8a6eb1e8
\Driver\iaStor -> 0x8a75c1e8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: Intel(R) 82566DC-2 Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xb7c54ba0
PacketIndicateHandler -> NDIS.sys @ 0xb7c61b21
SendHandler -> NDIS.sys @ 0xb7c3f87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1606980848-1336601894-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:41,f6,6f,5d,68,b5,b5,37,48,34,27,62,27,ef,fe,23,3a,7b,b9,8c,3a,bf,48,
45,26,e2,73,7a,78,bc,b0,a8,30,02,c2,2d,3c,84,2c,40,a2,af,1f,91,08,2f,3b,de,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3296)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msimtf.dll
c:\windows\system32\MSCTF.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2010-01-19 07:32:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-19 15:32

Pre-Run: 345,165,103,104 bytes free
Post-Run: 345,034,645,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - B83FAAD06730F7A5D0E28E334C2D5994
Thanks a lot guys


----------



## emeraldnzl (Nov 3, 2007)

Hello darkcloud099,

Your Java is out to date. Older versions are vunerable to attack.

Please follow these steps:


Download from here *Java Runtime Environment (JDK) Update * 
Scroll to where it says *"Windows XP/Vista/2000/2003/2008 online" * and download and follow the instructions.

Reboot your computer. 
You also need to uininstall older versions of Java.

 Click *Start* > *Control Panel* > *Add or Remove Programs*
 Remove all Java updates except the latest one you have just installed.

*After that*

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from *Here*

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:
*If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.*

*Next*

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

*Kaspersky works with Internet Explorer and Firefox 3.*

Go to *Kaspersky website* and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.


Read through the requirements and privacy statement and click on *Accept* button.
It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the *Save* button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Copy and paste that information in your next post.

*So when you return please post
MBAM log
Kaspersky scan results
and tell me how your computer is performing now
*


----------

