your request from my OTL scan

2 posters

WiredWX Christian Hobby Weather Tools :: GeekPolice tech support archive :: Technical Support

your request from my OTL scan21st March 2011, 10:01 am

re some games will not work on my computer

OTL Extras logfile created on: 21/03/2011 09:37:25 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\DOCUME~1\ROBERT~1\DESKTOP
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 39.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\PROGRA~1
Drive C: | 71.70 Gb Total Space | 51.80 Gb Free Space | 72.24% Space Free | Partition Type: NTFS
Drive D: | 2.82 Gb Total Space | 1.35 Gb Free Space | 47.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDF7732135 | User Name: Robert Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DD14E2E-48E2-3CB0-1B52-CCF9FF79C8D4}" = Sky Poker
"{120D5C95-9AB6-4890-9E99-AC98B2F3688D}_is1" = Uniblue TurboWeb Toolbar
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1" = Sky Poker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Google Chrome" = Google Chrome
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 14:56:39 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 23/02/2011 14:23:05 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 03:19:54 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/02/2011 03:20:13 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 10:29:43 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/02/2011 10:30:02 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 15:48:54 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 15:50:28 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7022
Description = The Uniblue TurboWeb Toolbar service hung on starting.

Error - 25/02/2011 03:48:49 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/02/2011 03:49:09 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 25/02/2011 03:50:59 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7022
Description = The Uniblue TurboWeb Toolbar service hung on starting.

< End of report >

Last edited by coopisastokie on 21st March 2011, 10:06 am; edited 1 time in total

Re: your request from my OTL scan21st March 2011, 10:04 am

i'll try again part 1

OTL logfile created on: 21/03/2011 09:50:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\DOCUME~1\ROBERT~1\DESKTOP
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\PROGRA~1
Drive C: | 71.70 Gb Total Space | 51.77 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
Drive D: | 2.82 Gb Total Space | 1.35 Gb Free Space | 47.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDF7732135 | User Name: Robert Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 09:31:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cooper\Desktop\OTL.com
PRC - [2011/03/19 15:03:34 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/17 19:01:53 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/15 02:14:36 | 000,326,144 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\TurboWeb\turboweb.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/11/20 00:41:47 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/04/17 05:12:38 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2010/04/17 01:36:42 | 000,026,480 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/05/27 05:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/11/15 23:04:32 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Digital Media Reader\shwiconEM.exe

========== Modules (SafeList) ==========

MOD - [2011/03/21 09:31:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cooper\Desktop\OTL.com
MOD - [2011/03/19 15:04:12 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2009/05/25 05:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2008/05/13 17:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
MOD - [2008/04/14 00:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Running] -- -- (helpsvc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/02 10:57:54 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/12/15 02:14:36 | 000,326,144 | ---- | M] (Uniblue Systems Limited) [Auto | Running] -- C:\Program Files\Uniblue\TurboWeb\turboweb.exe -- (TurboWeb)
SRV - [2010/11/25 09:49:46 | 000,517,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/11/20 00:41:47 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2006/10/19 03:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/10/09 22:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008/08/07 00:12:10 | 004,755,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/29 17:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 11:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2004/11/16 01:41:54 | 000,036,804 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/06/17 14:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 14:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 14:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/12/17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2)
DRV - [2003/12/17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFlt2.sys -- (LHidFlt2)
DRV - [2002/05/21 10:50:00 | 000,005,846 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2)
DRV - [2001/08/17 13:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 6F A6 1E AC CD CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1,localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8088

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/21 17:51:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/19 15:04:13 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2010/12/30 23:59:21 | 000,428,373 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14750 more lines...
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 18:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 11:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 09:32:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/03/21 09:31:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Robert Cooper\Desktop\OTL.com
[2011/03/21 09:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/03/21 09:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/03/21 09:23:41 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/03/21 09:21:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/21 09:13:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/03/21 09:13:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/21 09:13:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/21 09:13:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/21 09:13:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/21 09:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/21 09:13:29 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/21 09:13:29 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/21 09:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/03/21 09:12:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cooper\Application Data\Sun
[2011/03/19 15:04:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2011/03/19 15:04:01 | 000,198,848 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/03/19 15:03:41 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/03/19 15:03:41 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/03/19 15:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2011/03/19 15:03:38 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/03/19 15:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011/03/19 15:03:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011/03/19 15:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cooper\Application Data\Real
[2011/03/17 19:23:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Robert Cooper\Application Data\PC Unleashed Online
[2011/03/17 19:23:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Unleashed Online
[2011/03/17 19:19:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Driver Whiz
[2011/03/17 18:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2011/03/17 18:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EA Games
[2011/03/17 18:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2011/02/21 17:52:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/02/21 17:52:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/21 17:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 09:32:11 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\Robert Cooper\Desktop\Shortcut to OTL.pif
[2011/03/21 09:31:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Robert Cooper\Desktop\OTL.com
[2011/03/21 09:30:46 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
[2011/03/21 09:30:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
[2011/03/21 09:27:29 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 09:25:37 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/21 09:23:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/21 09:23:41 | 000,001,619 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/03/21 09:15:04 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/21 09:13:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 09:13:18 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/03/21 09:13:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/03/21 09:13:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/03/21 09:13:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/03/21 09:13:17 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/03/21 08:59:01 | 109,361,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/21 08:52:59 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/21 08:52:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/20 22:24:12 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2011/03/20 18:00:01 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2011/03/19 15:04:30 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Offers.lnk
[2011/03/19 15:04:30 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/03/19 15:04:01 | 000,198,848 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2011/03/19 15:03:41 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2011/03/19 15:03:41 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2011/03/19 15:03:38 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2011/03/18 21:19:39 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/03/17 18:58:09 | 000,000,199 | RHS- | M] () -- C:\boot.ini
[2011/03/17 18:10:15 | 000,000,553 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/03/17 18:09:59 | 000,001,911 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play SimGolf.lnk
[2011/03/15 21:41:11 | 000,522,756 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/15 21:41:11 | 000,094,546 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/14 18:09:38 | 000,165,721 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/09 20:37:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/21 17:52:45 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/21 06:58:52 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Robert Cooper\My Documents\Default.rdp
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 09:32:11 | 000,002,855 | ---- | C] () -- C:\Documents and Settings\Robert Cooper\Desktop\Shortcut to OTL.pif
[2011/03/21 09:25:37 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/21 09:25:36 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/21 09:23:42 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/03/21 09:23:41 | 000,001,619 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Security Scan Plus.lnk
[2011/03/21 08:59:01 | 109,361,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/03/19 15:05:12 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
[2011/03/19 15:05:11 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
[2011/03/19 15:04:30 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Offers.lnk
[2011/03/19 15:04:30 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2011/03/17 18:09:59 | 000,001,911 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play SimGolf.lnk
[2011/03/14 18:09:38 | 000,165,721 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/03/09 20:36:00 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/21 17:52:45 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/21 06:58:52 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Robert Cooper\My Documents\Default.rdp
[2011/01/21 18:35:02 | 000,000,553 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010/12/09 08:46:06 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2010/11/25 00:09:48 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/11/21 23:24:52 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/20 19:58:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/20 15:37:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/11/20 00:19:50 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2010/08/23 21:25:56 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/08/23 21:25:41 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010/08/23 21:25:41 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010/08/23 21:25:37 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010/08/23 21:25:32 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010/08/23 21:25:25 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010/08/23 21:24:54 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010/08/23 21:24:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010/08/23 21:23:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010/08/23 21:23:34 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/05/27 04:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/27 04:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 17:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 17:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 17:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/27 10:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 09:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 18:07:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/26 18:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 16:12:43 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 16:12:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 16:12:10 | 000,522,756 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 16:12:10 | 000,094,546 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 10:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/26 10:54:01 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/04 11:00:00 | 000,000,067 | ---- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/11/20 02:01:22 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/20 01:11:11 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Robert Cooper\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/26 18:09:49 | 000,000,079 | ---- | M] () -- C:\DOCUME~1\ROBERT~1\APPLIC~1\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/06/02 12:22:02 | 000,537,432 | ---- | M] (Microsoft Corporation) -- C:\DOCUME~1\ROBERT~1\My Documents\DXSETUP.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/20 01:11:10 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Robert Cooper\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 10:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 10:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 10:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 11:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 11:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 11:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 11:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 11:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2004/08/04 11:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 11:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 11:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 11:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 11:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 11:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 11:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 11:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 11:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 11:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2008/04/13 18:44:59 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2010/12/31 13:10:33 | 001,854,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2008/04/14 00:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/14 00:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/14 00:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/14 00:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/14 00:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/14 00:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/14 00:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/14 00:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/14 00:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/14 00:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/14 00:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/14 00:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/14 00:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2008/04/14 00:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008/04/14 00:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >
[2007/06/29 17:11:16 | 000,403,467 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\XAudio.exe

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %SYSTEMDRIVE%\*.* >
[2010/11/20 00:44:59 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2004/08/26 18:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/17 18:58:09 | 000,000,199 | RHS- | M] () -- C:\boot.ini
[2004/08/26 18:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/08/26 18:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/08/26 18:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 19:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/20 01:58:06 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/21 08:52:50 | 2000,683,008 | -HS- | M] () -- C:\pagefile.sys
[2010/11/20 00:54:08 | 000,000,000 | ---- | M] () -- C:\REQUEST_OEMRESET_ENDUSER
[2010/11/20 00:39:42 | 000,000,002 | RHS- | M] () -- C:\USER

< %PROGRAMFILES%\*. >
[2011/03/21 09:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/11/20 00:42:43 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2011/02/20 16:54:36 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/11/21 22:54:16 | 000,000,000 | ---D | M] -- C:\Program Files\BigFix
[2010/11/25 00:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/03/21 09:13:47 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/07/28 17:38:38 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/01/04 09:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/11/20 00:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Digital Media Reader
[2011/01/07 23:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\DVDVideoSoft
[2011/03/17 18:07:57 | 000,000,000 | ---D | M] -- C:\Program Files\EA Games
[2010/12/26 21:21:14 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2010/11/20 20:21:40 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2011/01/21 19:46:06 | 000,000,000 | ---D | M] -- C:\Program Files\Innovative Solutions
[2011/03/17 18:07:57 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2011/02/09 16:31:57 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/21 09:13:12 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/12/30 23:25:49 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/21 09:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\McAfee Security Scan
[2010/11/20 02:03:36 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2010/11/21 23:09:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2011/01/21 19:38:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft DirectX SDK (June 2010)
[2010/11/20 00:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2010/11/20 00:45:24 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/03/08 21:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/11/20 00:45:41 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/11/22 20:15:54 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2010/11/20 17:41:22 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/11/20 17:29:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/11/20 17:56:00 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2010/11/20 00:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/11/20 01:59:37 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2011/01/18 19:58:53 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/11/20 00:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/12/16 02:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2011/03/19 15:04:27 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2010/11/20 17:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/12/03 09:00:05 | 000,000,000 | ---D | M] -- C:\Program Files\SkyPoker
[2011/02/18 19:50:35 | 000,000,000 | ---D | M] -- C:\Program Files\Sports Interactive
[2011/01/21 19:49:36 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/07 15:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Starters Orders 4
[2011/03/17 19:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2010/12/27 02:52:18 | 000,000,000 | ---D | M] -- C:\Program Files\Uniblue
[2005/07/28 17:38:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2010/12/27 02:31:50 | 000,000,000 | ---D | M] -- C:\Program Files\USB Vibration
[2011/02/02 21:23:12 | 000,000,000 | ---D | M] -- C:\Program Files\Veetle
[2010/11/20 22:12:24 | 000,000,000 | ---D | M] -- C:\Program Files\vShare
[2010/11/22 20:37:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2010/11/21 23:09:50 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2010/11/21 23:09:38 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2010/11/22 20:12:15 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/11/22 20:12:14 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2010/11/20 01:59:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/07/28 17:38:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2010/11/20 00:13:31 | 000,000,000 | ---D | M] -- C:\Program Files\xerox

< %appdata%\*.* >
[2004/08/26 10:54:35 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Robert Cooper\Application Data\desktop.ini

< MD5 for: AGP440.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 18:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 13:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0041\DriverFiles\i386\atapi.sys
[2008/04/13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0043\DriverFiles\i386\atapi.sys
[2004/08/04 11:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:disk.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 11:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 18:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 00:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 11:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 00:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 18:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 11:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 11:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 00:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2004/08/04 11:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:usbstor.sys
[2010/11/20 01:55:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2008/04/13 18:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2008/04/14 01:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2008/04/14 01:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=A32426D9B14A089EAA1D922E0C5801A9 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-03-16 08:24:25

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2AC7ECBB
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >

Re: your request from my OTL scan21st March 2011, 10:05 am

part 2

OTL Extras logfile created on: 21/03/2011 09:50:37 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\DOCUME~1\ROBERT~1\DESKTOP
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 37.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1908 3816 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\PROGRA~1
Drive C: | 71.70 Gb Total Space | 51.77 Gb Free Space | 72.20% Space Free | Partition Type: NTFS
Drive D: | 2.82 Gb Total Space | 1.35 Gb Free Space | 47.72% Space Free | Partition Type: FAT32

Computer Name: YOUR-BDF7732135 | User Name: Robert Cooper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"80:TCP" = 80:TCP:*:Disabled:Windows Remote Management - Compatibility Mode (HTTP-In)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0DD14E2E-48E2-3CB0-1B52-CCF9FF79C8D4}" = Sky Poker
"{120D5C95-9AB6-4890-9E99-AC98B2F3688D}_is1" = Uniblue TurboWeb Toolbar
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}" = BlackBerry Device Software Updater
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C4504A1-9280-11D5-9F7E-00902712427E}" = Sid Meier's SimGolf
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E35AF511-B618-4D02-B559-0F2147341D3B}" = AVG 2011
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC0AB585-B279-4A77-8BB5-64C403E43EE7}" = Football Manager 2005
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"com.orbis.air.SkyPoker.7C82499D7E4526CADD9D1D1B010AFE250A7BEC27.1" = Sky Poker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Google Chrome" = Google Chrome
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"PROSet" = Intel(R) PRO Network Connections Drivers
"RealPlayer 12.0" = RealPlayer
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:05 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 10:00:06 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 24/01/2011 14:56:39 | Computer Name = YOUR-BDF7732135 | Source = Windows Search Service | ID = 3013
Description = The entry
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

[ System Events ]
Error - 23/02/2011 14:23:05 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 03:19:54 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/02/2011 03:20:13 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 10:29:43 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 24/02/2011 10:30:02 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 15:48:54 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 24/02/2011 15:50:28 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7022
Description = The Uniblue TurboWeb Toolbar service hung on starting.

Error - 25/02/2011 03:48:49 | Computer Name = YOUR-BDF7732135 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 001320D8436B has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/02/2011 03:49:09 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7000
Description = The XAudioService service failed to start due to the following error:
%%193

Error - 25/02/2011 03:50:59 | Computer Name = YOUR-BDF7732135 | Source = Service Control Manager | ID = 7022
Description = The Uniblue TurboWeb Toolbar service hung on starting.

< End of report >

Re: your request from my OTL scan21st March 2011, 10:28 pm

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................
Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
your request from my OTL scan DXwU4

Re: your request from my OTL scan22nd March 2011, 9:59 am

Here below are the combix results, thanks
ComboFix 11-03-21.02 - Robert Cooper 22/03/2011 9:33.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.791 [GMT 0:00]
Running from: c:\documents and settings\Robert Cooper\Desktop\Combo-Fix.exe
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert Cooper\Application Data\PriceGong
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\z.xml
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-03-21 10:08 . 2011-03-21 10:08 -------- d-----w- C:\_OTL
2011-03-21 09:32 . 2011-03-21 09:32 -------- d--h--w- c:\windows\PIF
2011-03-21 09:23 . 2011-03-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-21 09:23 . 2011-03-21 15:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\windows\Sun
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-21 09:13 . 2011-03-21 09:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 09:13 . 2011-03-21 09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Java
2011-03-19 15:04 . 2011-03-19 15:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-19 15:03 . 2011-03-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-19 15:03 . 2011-03-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-19 15:03 . 2011-03-19 15:04 -------- d-----w- c:\program files\Real
2011-03-17 19:23 . 2011-03-17 19:23 -------- d-----w- c:\documents and settings\Robert Cooper\Application Data\PC Unleashed Online
2011-03-17 19:23 . 2011-03-17 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2011-03-17 19:19 . 2011-03-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2011-03-17 18:32 . 2011-03-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-17 18:07 . 2011-03-17 18:07 -------- d-----w- c:\program files\EA Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-09 13:53 . 2010-08-23 21:25 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-23 21:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-23 21:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-23 21:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:31 . 2011-01-21 19:31 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-01-21 14:44 . 2010-08-23 21:26 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2010-08-23 21:23 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-23 21:26 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 08:24 . 2010-12-26 08:24 53248 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
2010-12-22 12:34 . 2010-08-23 21:24 301568 ----a-w- c:\windows\system32\kerberos.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-17 2423752]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-19 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 TurboWeb;Uniblue TurboWeb Toolbar;c:\program files\Uniblue\TurboWeb\turboweb.exe [27/12/2010 02:52 326144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 20:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/11/2010 20:05 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2010 21:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 20:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
2011-03-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8088
uInternet Settings,ProxyOverride = 127.0.0.1,localhost
IE: Free YouTube to MP3 Converter - c:\documents and settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 09:38
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-22 09:40:44
ComboFix-quarantined-files.txt 2011-03-22 09:40
.
Pre-Run: 55,779,729,408 bytes free
Post-Run: 56,809,062,400 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F31B27A9FF1A399B8312BF6695DA83C8

Re: your request from my OTL scan23rd March 2011, 1:24 pm

Hello.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
File:: uInternet Settings,ProxyServer = http=127.0.0.1:8088 uInternet Settings,ProxyOverride = 127.0.0.1,localhost
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: your request from my OTL scan23rd March 2011, 3:26 pm

See now this i where i start to struggle, i did what i thought you meant but the dragging of CFScript never happened, but combofix did another scan, with what looks like different results?? Do not know as i Know nothing about this part of computers. Anyway below are the latest results of the scan
ComboFix 11-03-22.09 - Robert Cooper 23/03/2011 15:11:43.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.821 [GMT 0:00]
Running from: c:\documents and settings\Robert Cooper\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-23 14:50 . 2011-03-23 14:50 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AC2C7F1-3BDF-458C-AFFE-697F814771AE}\MpKsl1cfcd41e.sys
2011-03-23 11:25 . 2011-02-10 22:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AC2C7F1-3BDF-458C-AFFE-697F814771AE}\mpengine.dll
2011-03-22 09:53 . 2011-02-10 22:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-22 09:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-22 09:49 . 2011-03-22 09:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-03-21 10:08 . 2011-03-21 10:08 -------- d-----w- C:\_OTL
2011-03-21 09:32 . 2011-03-21 09:32 -------- d--h--w- c:\windows\PIF
2011-03-21 09:23 . 2011-03-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-21 09:23 . 2011-03-21 15:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\windows\Sun
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-21 09:13 . 2011-03-21 09:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 09:13 . 2011-03-21 09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Java
2011-03-19 15:04 . 2011-03-19 15:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-19 15:03 . 2011-03-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-19 15:03 . 2011-03-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-19 15:03 . 2011-03-19 15:04 -------- d-----w- c:\program files\Real
2011-03-17 19:23 . 2011-03-17 19:23 -------- d-----w- c:\documents and settings\Robert Cooper\Application Data\PC Unleashed Online
2011-03-17 19:23 . 2011-03-17 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2011-03-17 19:19 . 2011-03-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2011-03-17 18:32 . 2011-03-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-17 18:07 . 2011-03-17 18:07 -------- d-----w- c:\program files\EA Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-09 13:53 . 2010-08-23 21:25 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-23 21:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-23 21:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-23 21:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:31 . 2011-01-21 19:31 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-01-21 14:44 . 2010-08-23 21:26 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2010-08-23 21:23 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-23 21:26 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 08:24 . 2010-12-26 08:24 53248 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_09.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-23 14:50 . 2011-03-23 14:50 16384 c:\windows\Temp\Perflib_Perfdata_484.dat
+ 2010-10-24 21:25 . 2010-10-24 21:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-22 09:49 . 2011-03-22 09:49 786432 c:\windows\Installer\13c130.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 479744 c:\windows\Installer\13c129.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 301056 c:\windows\Installer\13c123.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-17 2423752]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-19 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl1cfcd41e;MpKsl1cfcd41e;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9AC2C7F1-3BDF-458C-AFFE-697F814771AE}\MpKsl1cfcd41e.sys [23/03/2011 14:50 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 TurboWeb;Uniblue TurboWeb Toolbar;c:\program files\Uniblue\TurboWeb\turboweb.exe [27/12/2010 02:52 326144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 20:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/11/2010 20:05 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2010 21:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 20:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1CFCD41E
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
2011-03-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
2011-03-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8088
uInternet Settings,ProxyOverride = 127.0.0.1,localhost
IE: Free YouTube to MP3 Converter - c:\documents and settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 15:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3712)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-23 15:19:29
ComboFix-quarantined-files.txt 2011-03-23 15:19
ComboFix2.txt 2011-03-23 14:46
.
Pre-Run: 56,785,108,992 bytes free
Post-Run: 56,783,880,192 bytes free
.
- - End Of File - - 219F3E7526EB60AFCBBD6DC13A2E02EA

Re: your request from my OTL scan23rd March 2011, 10:12 pm

Hello.
I made a slight error in my script, so lets get it right this time.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
DDS:: uInternet Settings,ProxyServer = http=127.0.0.1:8088 uInternet Settings,ProxyOverride = 127.0.0.1,localhost
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

Re: your request from my OTL scan24th March 2011, 3:03 pm

Right do not know if i'm doing this right, but i could still not get

drag CFScript.txt over to combofix , it just saved then nothing , so clicked on combofix & it said a new update was available, so i downloaded that & ran combofix again, here are the results

ComboFix 11-03-23.06 - Robert Cooper 24/03/2011 14:45:47.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.794 [GMT 0:00]
Running from: c:\documents and settings\Robert Cooper\Desktop\Combo-Fix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert Cooper\Application Data\PriceGong
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 14:16 . 2011-03-24 14:16 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{397C468F-F214-48AA-9D5D-1B457F88B595}\MpKsl1fbf3a35.sys
2011-03-24 14:16 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{397C468F-F214-48AA-9D5D-1B457F88B595}\mpengine.dll
2011-03-24 10:55 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\ConduitEngine
2011-03-24 10:55 . 2011-03-24 10:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-24 10:49 . 2011-03-24 10:49 -------- d-----w- c:\program files\Conduit
2011-03-24 10:49 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\DVDVideoSoftTB
2011-03-24 10:49 . 2011-03-24 10:55 -------- d-----w- c:\program files\DVDVideoSoftTB
2011-03-22 09:53 . 2011-02-10 22:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-22 09:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-22 09:49 . 2011-03-22 09:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-03-21 10:08 . 2011-03-21 10:08 -------- d-----w- C:\_OTL
2011-03-21 09:32 . 2011-03-21 09:32 -------- d--h--w- c:\windows\PIF
2011-03-21 09:23 . 2011-03-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-21 09:23 . 2011-03-21 15:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\windows\Sun
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-21 09:13 . 2011-03-21 09:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 09:13 . 2011-03-21 09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Java
2011-03-19 15:04 . 2011-03-19 15:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-19 15:03 . 2011-03-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-19 15:03 . 2011-03-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-19 15:03 . 2011-03-19 15:04 -------- d-----w- c:\program files\Real
2011-03-17 19:23 . 2011-03-17 19:23 -------- d-----w- c:\documents and settings\Robert Cooper\Application Data\PC Unleashed Online
2011-03-17 19:23 . 2011-03-17 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2011-03-17 19:19 . 2011-03-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2011-03-17 18:32 . 2011-03-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-17 18:07 . 2011-03-17 18:07 -------- d-----w- c:\program files\EA Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-09 13:53 . 2010-08-23 21:25 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-23 21:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-23 21:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-23 21:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:31 . 2011-01-21 19:31 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-01-21 14:44 . 2010-08-23 21:26 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2010-08-23 21:23 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-23 21:26 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 08:24 . 2010-12-26 08:24 53248 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_09.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-24 14:04 . 2011-03-24 14:04 16384 c:\windows\Temp\Perflib_Perfdata_498.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 94546 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 94546 c:\windows\system32\perfc009.dat
+ 2010-12-09 08:46 . 2011-03-24 11:24 1660 c:\windows\bthservsdp.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 522756 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 522756 c:\windows\system32\perfh009.dat
+ 2010-10-24 21:25 . 2010-10-24 21:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-22 09:49 . 2011-03-22 09:49 786432 c:\windows\Installer\13c130.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 479744 c:\windows\Installer\13c129.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 301056 c:\windows\Installer\13c123.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-17 2423752]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-19 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl1fbf3a35;MpKsl1fbf3a35;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{397C468F-F214-48AA-9D5D-1B457F88B595}\MpKsl1fbf3a35.sys [24/03/2011 14:16 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 TurboWeb;Uniblue TurboWeb Toolbar;c:\program files\Uniblue\TurboWeb\turboweb.exe [27/12/2010 02:52 326144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 20:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/11/2010 20:05 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2010 21:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 20:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL1FBF3A35
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
2011-03-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
2011-03-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8088
uInternet Settings,ProxyOverride = 127.0.0.1,localhost
IE: Free YouTube to MP3 Converter - c:\documents and settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 14:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-24 14:53:55
ComboFix-quarantined-files.txt 2011-03-24 14:53
ComboFix2.txt 2011-03-23 15:19
ComboFix3.txt 2011-03-23 14:46
.
Pre-Run: 56,541,732,864 bytes free
Post-Run: 56,559,300,608 bytes free
.
- - End Of File - - DA7CCFAD1411E90334161A02B289C47E

If i am doing something wrong, could you please explain step by step, how to save the notepad txt to the right place, as i think this might be where im going wrong..........sorry but i'm a complete novice to do with these type of things.......thx for being patient

Re: your request from my OTL scan24th March 2011, 9:03 pm

If i am doing something wrong, could you please explain step by step, how to save the notepad txt to the right place, as i think this might be where im going wrong..........sorry but i'm a complete novice to do with these type of things.......thx for being patient

No problem. Smile...

Copy and paste everything inside my quote box, into a notepad file. Then save the text file as CFScript. Next drag and drop CFScript.txt onto Combofix.

Re: your request from my OTL scan25th March 2011, 2:13 pm

Well hopefully i am now on the same wavelength
i put them both on desktop, then dragged FSCript.txt onto combofix& it ran here are the results, hope i did it right this time lol

ComboFix 11-03-24.06 - Robert Cooper 25/03/2011 14:00:18.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.818 [GMT 0:00]
Running from: c:\documents and settings\Robert Cooper\Desktop\Combo-Fix.exe.exe
Command switches used :: c:\documents and settings\Robert Cooper\Desktop\CFScript.txt.lnk
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Robert Cooper\Application Data\PriceGong
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Robert Cooper\Application Data\PriceGong\Data\z.xml
.
.
((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))
.
.
2011-03-25 13:04 . 2011-03-25 13:04 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B527D26-6E4B-45A6-BCE3-49F9236682C7}\MpKsl54e7620b.sys
2011-03-24 14:54 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B527D26-6E4B-45A6-BCE3-49F9236682C7}\mpengine.dll
2011-03-24 10:55 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\ConduitEngine
2011-03-24 10:55 . 2011-03-24 10:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-24 10:49 . 2011-03-24 10:49 -------- d-----w- c:\program files\Conduit
2011-03-24 10:49 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\DVDVideoSoftTB
2011-03-24 10:49 . 2011-03-24 10:55 -------- d-----w- c:\program files\DVDVideoSoftTB
2011-03-22 09:53 . 2011-02-10 22:54 5943120 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-22 09:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-22 09:49 . 2011-03-22 09:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-03-21 10:08 . 2011-03-21 10:08 -------- d-----w- C:\_OTL
2011-03-21 09:32 . 2011-03-21 09:32 -------- d--h--w- c:\windows\PIF
2011-03-21 09:23 . 2011-03-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-21 09:23 . 2011-03-21 15:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\windows\Sun
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-21 09:13 . 2011-03-21 09:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 09:13 . 2011-03-21 09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Java
2011-03-19 15:04 . 2011-03-19 15:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-19 15:03 . 2011-03-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-19 15:03 . 2011-03-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-19 15:03 . 2011-03-19 15:04 -------- d-----w- c:\program files\Real
2011-03-17 19:23 . 2011-03-17 19:23 -------- d-----w- c:\documents and settings\Robert Cooper\Application Data\PC Unleashed Online
2011-03-17 19:23 . 2011-03-17 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2011-03-17 19:19 . 2011-03-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2011-03-17 18:32 . 2011-03-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-17 18:07 . 2011-03-17 18:07 -------- d-----w- c:\program files\EA Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-09 13:53 . 2010-08-23 21:25 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-23 21:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-23 21:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-23 21:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:31 . 2011-01-21 19:31 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-01-21 14:44 . 2010-08-23 21:26 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2010-08-23 21:23 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-23 21:26 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-26 08:24 . 2010-12-26 08:24 53248 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{6BA13EFC-E8D0-4D37-AF04-42796CF0E8F5}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_09.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-25 13:04 . 2011-03-25 13:04 16384 c:\windows\Temp\Perflib_Perfdata_4b0.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 94546 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 94546 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 522756 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 522756 c:\windows\system32\perfh009.dat
+ 2010-10-24 21:25 . 2010-10-24 21:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-22 09:49 . 2011-03-22 09:49 786432 c:\windows\Installer\13c130.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 479744 c:\windows\Installer\13c129.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 301056 c:\windows\Installer\13c123.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-03-17 2423752]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-19 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl54e7620b;MpKsl54e7620b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B527D26-6E4B-45A6-BCE3-49F9236682C7}\MpKsl54e7620b.sys [25/03/2011 13:04 28752]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]
R2 TurboWeb;Uniblue TurboWeb Toolbar;c:\program files\Uniblue\TurboWeb\turboweb.exe [27/12/2010 02:52 326144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 20:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/11/2010 20:05 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2010 21:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 20:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL54E7620B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
2011-03-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
2011-03-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:8088
uInternet Settings,ProxyOverride = 127.0.0.1,localhost
IE: Free YouTube to MP3 Converter - c:\documents and settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-25 14:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-25 14:08:30
ComboFix-quarantined-files.txt 2011-03-25 14:08
ComboFix2.txt 2011-03-24 14:53
ComboFix3.txt 2011-03-23 15:19
ComboFix4.txt 2011-03-23 14:46
.
Pre-Run: 56,465,129,472 bytes free
Post-Run: 56,471,887,872 bytes free
.
- - End Of File - - 1FF6271BFB1B83B235ED81D448907990

Re: your request from my OTL scan25th March 2011, 8:24 pm

Hello.
Nearly there, the file was saved as a .txt.ink file, that's a shortcut, not a regular text file.

Re: your request from my OTL scan26th March 2011, 10:40 am

5th time lucky i hope

ComboFix 11-03-25.01 - Robert Cooper 26/03/2011 10:29:45.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1270.820 [GMT 0:00]
Running from: c:\documents and settings\Robert Cooper\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Robert Cooper\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\ROBERT~1\LOCALS~1\Temp\SAS4.tmp
c:\documents and settings\Robert Cooper\Local Settings\temp\SAS4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-02-26 to 2011-03-26 )))))))))))))))))))))))))))))))
.
.
2011-03-26 10:18 . 2011-03-26 10:18 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38230690-6B1C-40A5-8586-F4A39566C7CF}\MpKsl8eaa9fed.sys
2011-03-26 10:14 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38230690-6B1C-40A5-8586-F4A39566C7CF}\mpengine.dll
2011-03-24 10:55 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\ConduitEngine
2011-03-24 10:55 . 2011-03-24 10:55 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-03-24 10:49 . 2011-03-24 10:49 -------- d-----w- c:\program files\Conduit
2011-03-24 10:49 . 2011-03-24 10:59 -------- d-----w- c:\documents and settings\Robert Cooper\Local Settings\Application Data\DVDVideoSoftTB
2011-03-24 10:49 . 2011-03-24 10:55 -------- d-----w- c:\program files\DVDVideoSoftTB
2011-03-22 09:53 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-22 09:52 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-22 09:49 . 2011-03-22 09:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2011-03-21 15:06 . 2011-03-21 15:06 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2011-03-21 10:08 . 2011-03-21 10:08 -------- d-----w- C:\_OTL
2011-03-21 09:32 . 2011-03-21 09:32 -------- d--h--w- c:\windows\PIF
2011-03-21 09:23 . 2011-03-21 09:23 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2011-03-21 09:23 . 2011-03-21 15:04 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\windows\Sun
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Common Files\Java
2011-03-21 09:13 . 2011-03-21 09:13 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-21 09:13 . 2011-03-21 09:13 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-21 09:13 . 2011-03-21 09:13 -------- d-----w- c:\program files\Java
2011-03-19 15:04 . 2011-03-19 15:04 -------- d-----w- c:\program files\Common Files\xing shared
2011-03-19 15:03 . 2011-03-19 15:03 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-19 15:03 . 2011-03-19 15:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-03-19 15:03 . 2011-03-19 15:04 -------- d-----w- c:\program files\Real
2011-03-17 19:23 . 2011-03-17 19:23 -------- d-----w- c:\documents and settings\Robert Cooper\Application Data\PC Unleashed Online
2011-03-17 19:23 . 2011-03-17 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Unleashed Online
2011-03-17 19:19 . 2011-03-17 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2011-03-17 18:32 . 2011-03-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2011-03-17 18:07 . 2011-03-17 18:07 -------- d-----w- c:\program files\EA Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\fm2005segatest1_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-18 19:52 . 2011-02-18 19:52 49152 ----a-r- c:\documents and settings\Robert Cooper\Application Data\Microsoft\Installer\{EC0AB585-B279-4A77-8BB5-64C403E43EE7}\editor_EC0AB585B2794A778BB564C403E43EE7.exe
2011-02-09 13:53 . 2010-08-23 21:25 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-08-23 21:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2010-08-23 21:25 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-08-23 21:25 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 19:31 . 2011-01-21 19:31 111960 ----a-w- c:\windows\dxsdkuninst.exe
2011-01-21 14:44 . 2010-08-23 21:26 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2010-08-23 21:23 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2010-08-23 21:26 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_09.38.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-26 10:17 . 2011-03-26 10:17 16384 c:\windows\Temp\Perflib_Perfdata_478.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 94546 c:\windows\system32\perfc009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 94546 c:\windows\system32\perfc009.dat
- 2004-08-26 16:12 . 2011-03-15 21:41 522756 c:\windows\system32\perfh009.dat
+ 2004-08-26 16:12 . 2011-03-24 10:33 522756 c:\windows\system32\perfh009.dat
+ 2010-10-24 21:25 . 2010-10-24 21:25 165264 c:\windows\system32\drivers\MpFilter.sys
+ 2011-03-22 09:49 . 2011-03-22 09:49 786432 c:\windows\Installer\13c130.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 479744 c:\windows\Installer\13c129.msi
+ 2011-03-22 09:49 . 2011-03-22 09:49 301056 c:\windows\Installer\13c123.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 14:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVD0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVD0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-03-19 273544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-27 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"vsmon"=2 (0x2)
"RasMan"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 MpKsl8eaa9fed;MpKsl8eaa9fed;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38230690-6B1C-40A5-8586-F4A39566C7CF}\MpKsl8eaa9fed.sys [26/03/2011 10:18 28752]
R2 TurboWeb;Uniblue TurboWeb Toolbar;c:\program files\Uniblue\TurboWeb\turboweb.exe [27/12/2010 02:52 326144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 20:16 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [20/11/2010 20:05 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [23/08/2010 21:26 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 20:16 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL8EAA9FED
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-20 20:05]
.
2011-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 12:26]
.
2011-03-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
2011-03-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2621957544-2164483009-3147468501-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 14:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Free YouTube to MP3 Converter - c:\documents and settings\Robert Cooper\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-26 10:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(676)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-03-26 10:37:19
ComboFix-quarantined-files.txt 2011-03-26 10:37
ComboFix2.txt 2011-03-25 14:08
ComboFix3.txt 2011-03-24 14:53
ComboFix4.txt 2011-03-23 15:19
ComboFix5.txt 2011-03-26 10:12
.
Pre-Run: 56,298,045,440 bytes free
Post-Run: 56,320,163,840 bytes free
.
- - End Of File - - 493ABAE5B8ACD0FCDE84545FD89E32C9

Re: your request from my OTL scan26th March 2011, 9:22 pm

That worked. Smile...

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: your request from my OTL scan27th March 2011, 1:01 pm

well i did the scan, don't what happened but it did not save anything

it found 8 infections do with something called registry booster??.

sorry never thought about saving those results, as i thought it would save to C:\Program Files\esetonlinescanner\log.txt. & i do not know where to find that file if it did save automatically

Re: your request from my OTL scan28th March 2011, 3:32 pm

How is the machine running now?

your request from my OTL scan

descriptionyour request from my OTL scan21st March 2011, 10:01 am

descriptionRe: your request from my OTL scan21st March 2011, 10:04 am

descriptionRe: your request from my OTL scan21st March 2011, 10:05 am

descriptionRe: your request from my OTL scan21st March 2011, 10:28 pm

descriptionRe: your request from my OTL scan22nd March 2011, 9:59 am

descriptionRe: your request from my OTL scan23rd March 2011, 1:24 pm

descriptionRe: your request from my OTL scan23rd March 2011, 3:26 pm

descriptionRe: your request from my OTL scan23rd March 2011, 10:12 pm

descriptionRe: your request from my OTL scan24th March 2011, 3:03 pm

descriptionRe: your request from my OTL scan24th March 2011, 9:03 pm

descriptionRe: your request from my OTL scan25th March 2011, 2:13 pm

descriptionRe: your request from my OTL scan25th March 2011, 8:24 pm

descriptionRe: your request from my OTL scan26th March 2011, 10:40 am

descriptionRe: your request from my OTL scan26th March 2011, 9:22 pm

descriptionRe: your request from my OTL scan27th March 2011, 1:01 pm

descriptionRe: your request from my OTL scan28th March 2011, 3:32 pm

descriptionRe: your request from my OTL scan