WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Internet Security 2010, BSOD

2 posters

descriptionInternet Security 2010, BSOD EmptyInternet Security 2010, BSOD29th January 2010, 11:14 pm

more_horiz
Well, here I am again. I don't understand, I keep everything fully updated. Oh well, a little bit of background....I can only run Windows in debugging mode, otherwise I get the blue screen of death before Windows loads. I ran Malware Bytes (and reinstalled it and ran it again), AVG, and Superanti-Spyware and have removed numerous trojans from my comp but I still get the BSOD when I try to run Windows in either normal or safe mode. Anyway, here's the hijack this log, thanks in advance

Here is the Hijack This log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:13:17 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\AIM7\aim.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\iTunes\iTunes.exe
C:\Downloads\winlogon.scr
C:\Program Files\Last.fm\LastFM.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [AIM] "C:\Program Files\AIM7\aim.exe" /d locale=en-US
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - https://upload.facebook.com/controls/FacebookPhotoUploader.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 5439 bytes

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD30th January 2010, 5:57 pm

more_horiz
Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD30th January 2010, 10:54 pm

more_horiz
Here's the log. I should also mention clicking on google results takes me to irrelevant spam/search pages.

Malwarebytes' Anti-Malware 1.44
Database version: 3585
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/29/2010 7:30:29 PM
mbam-log-2010-01-29 (19-30-29).txt

Scan type: Quick Scan
Objects scanned: 122652
Time elapsed: 12 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Downloads\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD31st January 2010, 2:02 am

more_horiz
Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD31st January 2010, 2:24 am

more_horiz
OTL logfile created on: 1/30/2010 9:19:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Harry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 134.40 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Harry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
PRC - [2009/12/14 00:55:36 | 000,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009/12/12 09:22:00 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 09:22:00 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/11/16 20:52:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/16 03:11:52 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/11/16 03:11:51 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/16 03:11:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/11/16 03:11:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/08/21 20:57:14 | 000,487,424 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004/04/15 03:20:38 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/14 00:55:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/11/16 20:52:52 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/16 03:11:43 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/16 03:11:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2007/08/21 20:57:14 | 000,487,424 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/08/21 20:05:00 | 000,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006/03/30 08:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/09/03 18:21:26 | 000,323,584 | ---- | M] (Apple Computer, Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)
SRV - [2005/04/03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/07/15 01:49:26 | 000,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)
SRV - [2004/04/15 03:26:50 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003/04/04 13:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/08/01 09:22:40 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [1999/12/13 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2009/11/16 03:12:06 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/16 03:12:06 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/16 03:12:05 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/08/19 21:24:55 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/04/08 14:37:12 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2009/02/27 16:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/12/04 13:50:06 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/12/04 13:50:02 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/02/20 21:05:38 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/12/11 02:23:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/08/21 21:07:39 | 002,417,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/07 10:52:48 | 000,014,408 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2004/07/16 03:24:34 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/06/09 12:16:44 | 000,840,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2004/04/29 17:55:42 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/04/01 15:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/09/22 08:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 08:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/07/16 15:42:18 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/10/01 13:43:32 | 000,119,798 | ---- | M] (SP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\spca561.sys -- (CA561)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.cnn.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p="
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 09:23:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 20:12:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/11 20:12:35 | 000,000,000 | ---D | M]

[2009/09/05 09:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Extensions
[2009/09/05 09:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/14 03:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions
[2009/03/20 21:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions\moveplayer@movenetworks.com
[2010/01/29 03:34:27 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\searchplugins\amazondotcom.xml
[2009/03/31 23:49:39 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\searchplugins\ebay.xml
[2010/01/29 03:34:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/11/12 22:36:20 | 000,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
[2006/09/17 14:07:24 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2009/11/16 17:29:53 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKCU..\Run: [AIM] C:\Program Files\AIM7\aim.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupscripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonscriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupscriptSync = 0
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} https://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Harry\My Documents\My Pictures\samhain.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Harry\My Documents\My Pictures\samhain.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/04/04 23:55:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/30 21:14:09 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
[2010/01/17 03:37:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/17 03:37:05 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/17 03:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/14 02:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\Lifetime - 1995 - hello bastards
[2010/01/14 02:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\Lifetime - 1993 - background
[2010/01/12 05:19:49 | 000,000,000 | ---D | C] -- C:\quake
[2010/01/12 02:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/01/12 02:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/01/10 21:09:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\Application Data\Skype
[2010/01/10 21:08:36 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/01/02 02:16:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Harry\My Documents\World Demise
[2009/11/16 03:08:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/11/16 03:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/05/06 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2007/05/06 23:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2006/01/21 04:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2005/09/21 15:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2005/04/06 00:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2005/04/05 14:26:20 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Harry\My Documents\*.tmp files -> C:\Documents and Settings\Harry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/30 21:14:10 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Harry\Desktop\OTL.exe
[2010/01/30 21:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\zoeahybq.job
[2010/01/30 20:48:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/30 20:47:32 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/30 20:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/30 20:45:27 | 012,058,624 | -H-- | M] () -- C:\Documents and Settings\Harry\NTUSER.DAT
[2010/01/30 20:45:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Harry\ntuser.ini
[2010/01/30 20:29:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004UA.job
[2010/01/30 17:28:28 | 054,897,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/01/30 10:29:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004Core.job
[2010/01/29 04:33:35 | 000,021,931 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000602.jpg
[2010/01/29 04:33:34 | 000,022,843 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000603.jpg
[2010/01/29 04:30:07 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Google Chrome.lnk
[2010/01/29 04:14:55 | 000,021,124 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG000597.jpg
[2010/01/29 04:08:26 | 000,025,416 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\oaaaa.JPG
[2010/01/29 04:06:58 | 000,025,417 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\nigga.jpg
[2010/01/28 18:13:51 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/19 14:18:11 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\Harry Skoyles - Resume.doc
[2010/01/19 01:23:18 | 002,711,204 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\06 Bloody Red Eyes.mp3
[2010/01/18 17:39:53 | 005,616,864 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\07 - Legion.mp3
[2010/01/18 17:38:49 | 001,983,773 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Carry On - 02 Waiting On Forever (A Life Less Plagued).mp3
[2010/01/17 03:37:14 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 22:03:52 | 000,186,880 | ---- | M] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 04:38:26 | 000,091,204 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327276_26ea9fe423.jpg
[2010/01/16 04:38:21 | 000,093,538 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327248_f60992cfba.jpg
[2010/01/16 04:38:12 | 000,092,893 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327190_ffb337fe2b.jpg
[2010/01/16 04:38:06 | 000,066,429 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278327176_059ed33a1d.jpg
[2010/01/16 04:37:29 | 000,093,371 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326988_19bf348923.jpg
[2010/01/16 04:37:12 | 000,117,373 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4277580119_faacfc1996.jpg
[2010/01/16 04:37:02 | 000,120,348 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326896_5748999573.jpg
[2010/01/16 04:36:41 | 000,085,938 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4278326828_f52738b04b.jpg
[2010/01/16 04:36:17 | 000,098,429 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\4277579949_2a1a9de8f8.jpg
[2010/01/16 03:52:25 | 000,001,031 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/16 03:52:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/16 03:52:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/16 02:46:28 | 000,121,856 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010/01/15 19:59:53 | 000,000,001 | ---- | M] () -- C:\s
[2010/01/15 19:58:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/14 18:57:18 | 000,138,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/01/14 18:56:56 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/01/14 18:56:56 | 000,214,488 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010/01/14 02:20:23 | 000,075,425 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Photo on 2010-01-14 at 02.18 #3.jpg
[2010/01/13 22:48:46 | 002,866,342 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\049.JPG
[2010/01/13 22:48:39 | 003,143,860 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\041.JPG
[2010/01/13 22:30:28 | 000,017,356 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\fuck.JPG
[2010/01/13 21:20:52 | 000,064,158 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\18459_660426073801_11003178_38645203_1228959_n.jpg
[2010/01/12 02:51:29 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/10 22:05:13 | 000,060,318 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\1124090429.jpg
[2010/01/10 19:13:38 | 000,046,887 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0129.JPG
[2010/01/10 19:13:34 | 000,038,535 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0109.JPG
[2010/01/10 19:13:31 | 000,036,184 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0156.JPG
[2010/01/10 19:13:27 | 000,041,153 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0151.JPG
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/02 01:24:19 | 000,921,654 | ---- | M] () -- C:\Snap.bmp
[2010/01/02 01:24:18 | 000,460,800 | ---- | M] () -- C:\WINDOWS\snap.dat
[2010/01/02 00:59:25 | 000,051,961 | ---- | M] () -- C:\Documents and Settings\Harry\My Documents\IMG_0095.JPG
[2010/01/02 00:54:56 | 000,033,751 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_13.jpg
[2010/01/02 00:53:38 | 000,029,484 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_9.jpg
[2010/01/02 00:53:07 | 000,032,766 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_7.jpg
[2010/01/02 00:46:40 | 000,028,280 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_1.jpg
[2010/01/02 00:46:29 | 000,032,847 | ---- | M] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101.jpg
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Harry\My Documents\*.tmp files -> C:\Documents and Settings\Harry\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/29 19:23:13 | 009,056,986 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\02 Like Knives.mp3
[2010/01/29 04:34:26 | 000,021,931 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000602.jpg
[2010/01/29 04:34:19 | 000,022,843 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000603.jpg
[2010/01/29 04:16:06 | 000,021,124 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG000597.jpg
[2010/01/29 04:08:26 | 000,025,416 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\oaaaa.JPG
[2010/01/29 04:06:58 | 000,025,417 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\nigga.jpg
[2010/01/19 01:21:08 | 002,711,204 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\06 Bloody Red Eyes.mp3
[2010/01/18 17:38:11 | 005,616,864 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\07 - Legion.mp3
[2010/01/18 17:37:33 | 001,983,773 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Carry On - 02 Waiting On Forever (A Life Less Plagued).mp3
[2010/01/17 03:37:14 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/16 04:38:25 | 000,091,204 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327276_26ea9fe423.jpg
[2010/01/16 04:38:20 | 000,093,538 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327248_f60992cfba.jpg
[2010/01/16 04:38:11 | 000,092,893 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327190_ffb337fe2b.jpg
[2010/01/16 04:38:05 | 000,066,429 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278327176_059ed33a1d.jpg
[2010/01/16 04:37:29 | 000,093,371 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326988_19bf348923.jpg
[2010/01/16 04:37:12 | 000,117,373 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4277580119_faacfc1996.jpg
[2010/01/16 04:37:02 | 000,120,348 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326896_5748999573.jpg
[2010/01/16 04:36:41 | 000,085,938 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4278326828_f52738b04b.jpg
[2010/01/16 04:36:17 | 000,098,429 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\4277579949_2a1a9de8f8.jpg
[2010/01/16 02:46:27 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010/01/15 19:59:53 | 000,000,001 | ---- | C] () -- C:\s
[2010/01/14 02:20:28 | 000,075,425 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Photo on 2010-01-14 at 02.18 #3.jpg
[2010/01/13 22:48:46 | 002,866,342 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\049.JPG
[2010/01/13 22:48:39 | 003,143,860 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\041.JPG
[2010/01/13 22:30:28 | 000,017,356 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\fuck.JPG
[2010/01/13 21:20:52 | 000,064,158 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\18459_660426073801_11003178_38645203_1228959_n.jpg
[2010/01/12 02:51:29 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/01/10 22:05:13 | 000,060,318 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\1124090429.jpg
[2010/01/10 19:13:37 | 000,046,887 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0129.JPG
[2010/01/10 19:13:34 | 000,038,535 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0109.JPG
[2010/01/10 19:13:31 | 000,036,184 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0156.JPG
[2010/01/10 19:13:27 | 000,041,153 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0151.JPG
[2010/01/02 00:59:24 | 000,051,961 | ---- | C] () -- C:\Documents and Settings\Harry\My Documents\IMG_0095.JPG
[2010/01/02 00:56:23 | 000,033,751 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_13.jpg
[2010/01/02 00:55:40 | 000,029,484 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_9.jpg
[2010/01/02 00:55:22 | 000,032,766 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_7.jpg
[2010/01/02 00:49:56 | 000,028,280 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101_1.jpg
[2010/01/02 00:49:32 | 000,032,847 | ---- | C] () -- C:\Documents and Settings\Harry\Desktop\Snapshot_20100101.jpg
[2009/03/31 17:35:59 | 000,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2009/03/31 17:35:59 | 000,000,180 | ---- | C] () -- C:\WINDOWS\ap561.ini
[2009/03/31 17:35:59 | 000,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2008/04/08 10:55:24 | 000,000,177 | ---- | C] () -- C:\WINDOWS\track.INI
[2008/02/20 21:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/02/20 21:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/02/20 21:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/02/20 21:03:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/05 21:22:28 | 000,138,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/02/05 21:22:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Harry\Application Data\PnkBstrK.sys
[2008/02/04 21:57:11 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/05/29 01:21:55 | 000,000,634 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2007/03/26 06:21:15 | 000,000,428 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/12/14 19:01:40 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\SearchResults.wpl
[2006/10/22 16:04:13 | 000,017,921 | ---- | C] () -- C:\WINDOWS\hplj1300.ini
[2006/07/02 21:21:03 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2006/02/13 03:43:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2006/01/31 00:13:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\fusioncache.dat
[2005/12/05 20:21:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/11/21 15:21:05 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/10/28 11:47:26 | 000,000,704 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/10/26 22:57:44 | 000,000,555 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2005/10/09 00:25:52 | 000,001,386 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/09/25 03:00:49 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2005/08/18 02:05:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI
[2005/07/09 00:22:22 | 000,000,012 | ---- | C] () -- C:\WINDOWS\Showtime1.ini
[2005/07/06 02:15:39 | 000,000,628 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/04/23 02:08:01 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/04/19 22:15:18 | 000,186,880 | ---- | C] () -- C:\Documents and Settings\Harry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/04/11 16:47:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/04/05 17:59:25 | 000,000,285 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2005/04/05 14:26:44 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/04/05 14:26:21 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/04/05 14:26:21 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/04/05 14:26:20 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/04/05 14:26:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2005/04/05 14:26:13 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2001/07/31 11:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
< End of report >

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD31st January 2010, 2:24 am

more_horiz
OTL Extras logfile created on: 1/30/2010 9:19:18 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\Harry\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 584.00 Mb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 134.40 Gb Free Space | 57.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.03 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Harry
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 -- File not found
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\Soulseek\slsk.exe" = C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek -- ()
"C:\Program Files\MSN\MSNCoreFiles\msn6.exe" = C:\Program Files\MSN\MSNCoreFiles\msn6.exe:*:Disabled:MSN Explorer -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Computer, Inc.)
"C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_05\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Program Files\Last.fm\LastFM.exe" = C:\Program Files\Last.fm\LastFM.exe:*:Enabled:LastFM -- (Last.fm)
"C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe" = C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\Documents and Settings\Harry\My Documents\TM2.EXE" = C:\Documents and Settings\Harry\My Documents\TM2.EXE:*:Enabled:Twisted Metal 2 -- (Sony Computer Entertainment America Inc.)
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\SIERRA\SODA\offroad.exe" = C:\SIERRA\SODA\offroad.exe:*:Enabled:offroad -- File not found
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\AIM7\aim.exe" = C:\Program Files\AIM7\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Harry\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 mp3 to wav converter_is1" = #1 mp3 to wav converter 1.5.07
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{0F8F3415-CB0A-49A6-A23A-D8390444B127}" = DeadAIM
"{1485B7CD-4CBD-4039-8EAE-5A22993D7F54}" = hp LaserJet 1150 / 1300
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5A272FB7-EBCA-4F8C-8FCE-309A430BF3AF}" = ATI Catalyst Control Center
"{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{936FC286-71F9-11D8-B9BF-00E018FAA1E4}" = USB PC Camera
"{A10D9B03-AABB-47D7-8A30-2FEA97E70BC7}" = Quake Live Mozilla Plugin
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™️ 4.1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AIM_7" = AIM 7
"All ATI Software" = ATI - Software Uninstall Utility
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Carmageddon 2 Carpocalypse Now" = Carmageddon 2 Carpocalypse Now
"CaseLinrV55" = CaseLinr 5.5
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CSCLIB" = Canon Camera Support Core Library
"Dell AIO Printer A920" = Dell AIO Printer A920
"DukesterX 1.5_is1" = DukesterX 1.5.1
"EOS Utility" = Canon Utilities EOS Utility
"GTK 2.0" = GTK+ Runtime 2.6.9 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallShield_{5A4AFC3E-4973-46A1-92D6-3A1C5E52948A}" = iTunes
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"JFDuke3D" = JFDuke3D 20051009
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PhotoStitch" = Canon Utilities PhotoStitch
"Postal Classic & Uncut" = Postal Classic & Uncut
"PunkBusterSvc" = PunkBuster Services
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek" = SoulSeek Client 156c
"Steam App 10" = Counter-Strike
"UnityWebPlayer" = Unity Web Player
"VDMSound" = VDMSound
"vwfvrvuzxd" = RON Tool Netupbanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2002Setup" = Microsoft Works 2002 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZMBV" = Zip Motion Block Video codec (Remove Only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2009 4:43:38 AM | Computer Name = COMPUTER | Source = Application Hang | ID = 1002
Description = Hanging application chrome.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2009 7:29:25 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 8:29:24 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 9:29:24 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 10:29:25 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 11:29:23 AM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 12:29:24 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 1:29:25 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 11/30/2009 2:29:24 PM | Computer Name = COMPUTER | Source = Google Update | ID = 20
Description =

Error - 1/11/2010 3:27:56 AM | Computer Name = COMPUTER | Source = Application Error | ID = 1000
Description = Faulting application winrott_full_v1.25.exe, version 1.2.2.0, faulting
module winrott_full_v1.25.exe, version 1.2.2.0, fault address 0x000e8538.

[ System Events ]
Error - 1/29/2010 7:13:07 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/29/2010 10:57:20 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 4:05:35 AM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 6:59:20 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/30/2010 9:47:41 PM | Computer Name = COMPUTER | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/30/2010 9:48:52 PM | Computer Name = COMPUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Beep sptd

Error - 1/30/2010 10:00:34 PM | Computer Name = COMPUTER | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service iPodService
with arguments "-Service" in order to run the server: {7A7FB085-6068-4898-8CCA-480A9187277C}


< End of report >

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD31st January 2010, 8:03 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    [2010/01/30 21:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\zoeahybq.job
    [2010/01/16 02:46:28 | 000,121,856 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010/01/15 19:59:53 | 000,000,001 | ---- | M] () -- C:\s


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD31st January 2010, 11:37 pm

more_horiz
That seems to have taken care of the spam redirection from clicking Google results. BSOD in normal/safe mode still though, in case that's something you need to know.

========== OTL ==========
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\WINDOWS\tasks\zoeahybq.job moved successfully.
C:\WINDOWS\system32\18467.exe moved successfully.
C:\s moved successfully.

OTL by OldTimer - Version 3.1.27.1 log created on 01312010_183705

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD1st February 2010, 12:37 am

more_horiz
Does the BSOD give you any information?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD1st February 2010, 12:54 am

more_horiz
I transcribed the message:

If this screen appears again, follow these steps.

Disable or uninstall any anti-virus, disk degragmenting or backup utilities. Check your hard drive configuration, and check for any updated drivers. Run chkdsk /F to check for hard disk corruption, and then restart your computer.

Technical info

*** STOP: 0x00000024 (0x001902FE, 0xF7C9B3D4, 0xF7C9B0D0, Ox86681805)


I had not run a chkdsk because for a while I was struggling to even do simple tasks while the virus was at its worst. If this is unfixable, no worries, since I can appear to do everything I need to do in debugging mode, and a new computer isn't far in the future.

edit: it looks like I'm still being redirected to spam sites from Google results, but only when I use Chrome (I was using firefox earlier). I'm gonna try to reinstall.

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 1:08 am

more_horiz
bump

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 1:11 am

more_horiz
Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Internet Security 2010, BSOD CF_download_FF

    Internet Security 2010, BSOD CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Internet Security 2010, BSOD Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Internet Security 2010, BSOD Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 2:32 am

more_horiz
no more BSOD on startup, and google search results are no longer redirecting!

ComboFix 10-02-02.02 - Harry 02/02/2010 21:05:57.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.610 [GMT -5]
Running from: c:\documents and settings\Harry\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\120.SCR
C:\230.SCR
C:\410.SCR
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\desktop
c:\windows\desktop\pldecal.wad
c:\windows\hip
c:\windows\system32\Thumbs.db

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-01-03 to 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-01 09:29 . 2010-02-01 09:29 -------- d-----w- c:\program files\AGD Interactive
2010-01-31 23:37 . 2010-01-31 23:37 -------- d-----w- C:\_OTL
2010-01-17 08:37 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-17 08:37 . 2010-01-17 08:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-17 08:37 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 00:57 . 2010-01-16 00:57 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2010-01-14 10:17 . 2010-01-14 10:17 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2010-01-12 10:19 . 2010-01-12 10:31 -------- d-----w- C:\quake
2010-01-12 07:58 . 2010-01-12 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Last.fm
2010-01-12 07:51 . 2010-01-12 07:51 -------- d-----w- c:\program files\Common Files\Skype
2010-01-11 02:09 . 2010-01-18 06:11 -------- d-----w- c:\documents and settings\Harry\Application Data\Skype
2010-01-11 02:08 . 2010-01-12 07:51 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 07:00 . 2008-05-01 08:10 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 23:41 . 2006-11-29 00:20 -------- d-----w- c:\program files\DOSBox-0.65
2010-02-01 09:39 . 2008-12-09 23:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 09:23 . 2009-06-10 23:30 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-18 06:11 . 2008-11-07 09:58 -------- d-----w- c:\documents and settings\Harry\Application Data\skypePM
2010-01-17 03:14 . 2007-10-01 02:22 -------- d-----w- c:\documents and settings\Harry\Application Data\ZoomBrowser EX
2010-01-17 03:02 . 2007-07-14 08:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ZoomBrowser
2010-01-16 08:00 . 2009-03-27 13:50 -------- d-----w- c:\program files\Steam
2010-01-14 23:57 . 2008-02-06 02:22 138504 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 23:56 . 2008-02-06 02:20 214488 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-12 08:00 . 2006-08-03 04:36 -------- d-----w- c:\program files\Last.fm
2010-01-12 07:51 . 2008-11-07 09:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-02 06:24 . 2005-07-13 06:32 460800 ----a-w- c:\windows\snap.dat
2009-12-14 05:55 . 2008-02-06 02:20 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-12-14 05:26 . 2009-12-14 05:26 -------- d-----w- c:\documents and settings\Harry\Application Data\id Software
2009-12-14 05:26 . 2009-12-14 05:26 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-12-14 05:26 . 2009-12-14 05:26 -------- d-----w- c:\documents and settings\All Users\Application Data\id Software
2009-11-17 01:52 . 2008-12-10 01:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 08:12 . 2009-11-16 08:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-16 08:12 . 2009-11-16 08:12 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-16 08:12 . 2009-11-16 08:12 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-16 08:12 . 2009-11-16 08:12 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM7\aim.exe" [2009-10-01 3634024]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-28 1830128]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-16 08:12 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnapDetect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk
backup=c:\windows\pss\SnapDetect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Harry^Start Menu^Programs^Startup^Deewoo.lnk]
path=c:\documents and settings\Harry\Start Menu\Programs\Startup\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Harry^Start Menu^Programs^Startup^DW_Start.lnk]
path=c:\documents and settings\Harry\Start Menu\Programs\Startup\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2008-11-18 16:40 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2003-08-01 15:31 61440 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2005-08-12 19:43 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2009-12-31 14:37 2033432 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
2003-09-17 14:43 57344 ----a-w- c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]
2006-04-02 05:12 144896 ----a-w- c:\program files\AIM\DeadAIM.ocm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-11 14:19 133104 ----atw- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2005-09-03 23:21 274432 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
2004-06-10 16:51 60928 ----a-w- c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2004-04-12 00:15 290816 ----a-w- c:\program files\Dell\Media Experience\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2005-09-16 13:55 155648 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 18:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient]
2002-12-16 20:51 36864 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-10-29 23:20 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-17 01:52 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-05-28 21:43 1830128 ------w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup]
2003-03-31 22:28 155648 ----a-w- c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 05:00 90112 ------w- c:\windows\Updreg.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN\\MSNCoreFiles\\msn6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Harry\\My Documents\\TM2.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\AIM7\\aim.exe"=
"c:\\Documents and Settings\\Harry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Harry\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/16/2009 3:12 AM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/16/2009 3:12 AM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/4/2008 1:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/4/2008 1:50 PM 55024]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [11/16/2009 3:11 AM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/16/2009 3:11 AM 285392]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/4/2008 1:50 PM 7408]
S0 ufsb;ufsb;c:\windows\system32\drivers\mlvecajq.sys --> c:\windows\system32\drivers\mlvecajq.sys [?]
S3 XIRLINK;Dsc Pro Digital Camera;c:\windows\system32\DRIVERS\C-itnt.sys --> c:\windows\system32\DRIVERS\C-itnt.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/27/2009 4:04 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004Core.job
- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 14:19]

2010-02-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1844237615-725345543-1004UA.job
- c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-11 14:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title = Windows Internet Explorer provided by Comcast
FF - ProfilePath - c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.cnn.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-msgr1&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Harry\Application Data\Mozilla\Firefox\Profiles\xfkrg0cn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Harry\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Harry\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: network.protocol-handler.warn-external.dnupdate - false.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Internet Security 2010 - c:\program files\InternetSecurity2010\IS2010.exe
MSConfigStartUp-smss32 - c:\windows\system32\smss32.exe
AddRemove-CaseLinrV55 - c:\program files\CaseLinr\DeIsL1.isu
AddRemove-Dell AIO Printer A920 - c:\windows\System32\spool\drivers\w32x86\3\DLBKUN5C.EXE
AddRemove-HijackThis - c:\documents and settings\Harry\My Documents\My Music\iTunes\iTunes Music\HijackThis.exe
AddRemove-vwfvrvuzxd - c:\windows\system32\vwfvrvuzxd.exe
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 21:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2868)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\CTsvcCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-02-02 21:31:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-03 02:30

Pre-Run: 143,349,297,152 bytes free
Post-Run: 144,210,538,496 bytes free

- - End Of File - - 0FA0574F0E36079A3F6D1E0308A0FE60

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 7:49 pm

more_horiz
Please download the OTMoveIt by OldTimer.

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :services
    ufsb



  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 8:35 pm

more_horiz
========== SERVICES/DRIVERS ==========
Service ufsb stopped successfully!
Service ufsb deleted successfully!

OTM by OldTimer - Version 3.1.7.1 log created on 02032010_153502

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 9:26 pm

more_horiz
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD3rd February 2010, 9:48 pm

more_horiz
It's running great. No BSOD, spam sites, etc. Anything else I should do, like a MBAM scan?

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD4th February 2010, 12:35 am

more_horiz
Yes, do one more MBAM scan before we put the lid on this.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
Internet Security 2010, BSOD DXwU4
Internet Security 2010, BSOD VvYDg

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD4th February 2010, 12:49 am

more_horiz
No malicious items detected. Thanks for all your help Belahzur (again)

descriptionInternet Security 2010, BSOD EmptyRe: Internet Security 2010, BSOD

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum