alureon-g@mbr

alureon-g@mbr10th June 2011, 11:27 pm

test

Re: alureon-g@mbr10th June 2011, 11:30 pm

sorry my pc is blocking the send function.

OTL logfile created on: 6/10/2011 7:09:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\pc fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.54% Memory free
3.45 Gb Paging File | 3.07 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 1.48 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive E: | 232.57 Gb Total Space | 73.62 Gb Free Space | 31.65% Space Free | Partition Type: HFSJ

Computer Name: STATION | User Name: chebon littlefield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 18:50:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\pc fix\OTL.com
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/06/16 02:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2010/06/10 13:42:44 | 002,621,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\Brother\BrStMonW.exe
PRC - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Browny02\BrYNSvc.exe
PRC - [2009/05/27 13:55:44 | 000,557,056 | ---- | M] (Yamaha Corporation) -- C:\Program Files\Yamaha\FWDriver\yfwcm.exe
PRC - [2008/10/31 08:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008/10/31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008/10/31 08:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/06 19:22:28 | 000,110,592 | ---- | M] (Yamaha Corporation) -- C:\Program Files\Yamaha\FWDriver\yfwtray.exe
PRC - [2007/10/08 15:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 15:13:36 | 001,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/10/08 15:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2005/04/15 16:54:20 | 000,106,496 | R--- | M] (Mediafour Corporation) -- C:\Program Files\Mediafour\MacDrive\MDDiskProtect.exe
PRC - [2002/12/17 16:43:00 | 000,061,440 | R--- | M] (Mediafour Corporation) -- C:\Program Files\Common Files\Mediafour\MACVNTFY.EXE

========== Modules (SafeList) ==========

MOD - [2011/06/10 18:50:37 | 000,580,096 | ---- | M] (OldTimer Tools) -- E:\pc fix\OTL.com
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2008/04/13 20:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2005/12/14 21:38:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2005/12/14 21:38:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/16 02:11:32 | 000,077,824 | ---- | M] (Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/16 01:34:20 | 000,159,744 | ---- | M] (Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2008/10/31 08:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008/10/31 08:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2007/10/08 15:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)

========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/27 03:11:20 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/06/22 18:18:18 | 000,129,040 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgmbx2.sys -- (DGUSBAP) Service for Digidesign Mbox2 (WDM)
DRV - [2010/06/22 18:18:14 | 000,115,472 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dg003.sys -- (DG003) Service for Digidesign 003 Driver (WDM)
DRV - [2010/04/23 16:43:40 | 000,049,712 | ---- | M] (MOTU, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MotuUsb.sys -- (MotuUsb)
DRV - [2010/04/23 16:43:38 | 000,036,912 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motumidi.sys -- (MotuMidi)
DRV - [2010/02/21 18:32:54 | 000,023,600 | ---- | M] (Mark of the Unicorn) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\motubus.sys -- (motubus)
DRV - [2010/01/12 10:19:22 | 000,136,704 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yfwbus.sys -- (YFWBUS)
DRV - [2010/01/12 10:19:22 | 000,035,968 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yfwaudio.sys -- (YFWAUDIO)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/12/18 23:39:56 | 000,021,904 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2009/12/18 23:39:52 | 000,021,648 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2009/12/18 23:39:48 | 000,016,400 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2009/12/18 23:39:34 | 000,085,008 | ---- | M] (Avid, Inc. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2009/10/15 01:12:00 | 000,022,232 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2009/08/28 20:42:44 | 000,017,408 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2009/06/26 15:36:26 | 000,023,696 | ---- | M] (Steinberg Media Technologies GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\synasusb.sys -- (SynasUSB)
DRV - [2008/10/31 08:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008/06/21 05:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008/06/21 05:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2007/09/26 07:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 12:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 01:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 20:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/06/16 12:53:57 | 000,212,864 | R--- | M] (Mediafour Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2006/04/30 10:57:06 | 000,016,640 | R--- | M] (Mediafour Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2005/08/12 18:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 12:02:12 | 001,035,008 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 12:01:08 | 000,201,600 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 12:01:00 | 000,717,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/04 21:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/04 21:52:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/03/15 19:54:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/14 00:16:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/14 00:16:36 | 000,000,000 | ---D | M]

[2010/02/24 16:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chebon littlefield\Application Data\Mozilla\Extensions
[2011/03/29 22:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\chebon littlefield\Application Data\Mozilla\Firefox\Profiles\34q5lxgr.default\extensions
[2010/03/17 14:51:17 | 000,000,000 | ---D | M] (Illimitux) -- C:\Documents and Settings\chebon littlefield\Application Data\Mozilla\Firefox\Profiles\34q5lxgr.default\extensions\illimitux@illimitux.net
[2011/03/29 22:13:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/21 14:24:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/03/15 19:54:56 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/02/04 21:52:42 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011/02/04 21:52:42 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/06/21 14:24:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/21 14:24:03 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5

Re: alureon-g@mbr10th June 2011, 11:30 pm

OTL Extras logfile created on: 6/10/2011 7:09:43 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = E:\pc fix
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.54% Memory free
3.45 Gb Paging File | 3.07 Gb Available in Paging File | 88.88% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 91.75 Gb Total Space | 1.48 Gb Free Space | 1.62% Space Free | Partition Type: NTFS
Drive E: | 232.57 Gb Total Space | 73.62 Gb Free Space | 31.65% Space Free | Partition Type: HFSJ

Computer Name: STATION | User Name: chebon littlefield | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
"4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
"4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\cacaoweb\cacaoweb.exe" = C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb
"C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09D17FD1-1CD5-464e-BF19-BE8A9F4E7A4E}" = Native Instruments Rig Kontrol 2 Driver
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15759443-9C97-4425-87E8-702C877B1227}" = Waves L3-LL Multimaximizer
"{158D7308-FE8B-41F5-91FA-4513692F0CD6}" = Digidesign HFS+ Disk Support
"{16DF894D-FC3F-4B87-908D-671E201CD7A8}" = Melodyne singletrack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2E337869-756A-4E46-A936-0E67FE043A5E}" = Melodyne 3.2
"{2EA9CCC3-E84A-4F7F-BCA6-14AEC2702AF3}" = Waves ProTools 7 update1
"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x86)
"{30B765B4-A814-4830-BFF0-656E0F3E74F5}" = Waves Renaissance Axx 5.0.1
"{317F1DBE-F345-44C3-B657-89C14EF2A9E8}" = iLok Client Helper
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A30DFDF-238C-4DE4-B8D8-D764AF468AA5}" = KORG USB-MIDI Driver Tools for Windows
"{3BB2CF34-1FC8-46E2-9D64-4A8D1D577549}" = Avid Pro Tools Creative Collection 8.0.4
"{3CA12A20-67E8-43F4-B692-ED04E92E42EC}" = MOTU USB MIDI Installer
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FFBBFC4-FC05-4F2E-8BB5-F0ABBA0E6487}" = Digidesign ElevenRack Driver 1.0.8 (x86)
"{409A13BD-5F3E-442B-BA7B-A1E32B2D8927}" = Avid Pro Tools LE 8.0.4
"{4679DEDD-9D82-4425-BF9E-F37B41224AC2}" = Melodyne Runtime 4.0 (x86)
"{491DF203-7B61-4F0E-BDCB-A1218C4DAFE9}" = Native Instruments Massive
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{5D19AD85-8FFF-4206-BB0D-469A35F8CED0}" = BlackBerry USB and Modem Drivers 6.0.1
"{5E09FA7C-4B4A-46FB-A554-B7A88E8D7B62}" = Melodyne 3.2
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60C7FC32-585C-40FD-9DDF-E4D37DDC0140}" = Yamaha Steinberg FW Driver
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6992FB67-A4CF-4B1D-A20B-32879FB7D9EF}" = Waves Diamond 5.0
"{69C60DF0-0B08-4630-A375-6032310F29B6}" = Waves IRx 5.2
"{6BED4DFE-C527-463E-B93A-6F6848B74DD0}" = Native Instruments Battery 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A600039-FED6-4C81-AA6E-F151F7FA7EE7}_is1" = Sonalksis Plug-in Manager 1.04
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8E2C4FC2-37A2-42DA-AAC6-491205F3DFB0}" = PACE
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{924BEE9B-A86E-41F5-868E-DFDEC4CB5482}" = Steinberg MR Extension
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.2
"{A24C2C43-4312-493E-96B3-5D1DCE24DEBF}" = Free DigiRack Plug-Ins 8.0.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B2552FA6-86E3-410D-84AD-265C2242D410}" = Native Instruments FM8
"{B355B1A3-5D95-49F1-8180-D0790CB9F69C}" = Melodyne editor
"{B80954EE-5CA9-4202-BB8C-0DC3E332F47F}" = Native Instruments Kontakt 3
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567441-4E1F-4390-B1B5-66CE2566042A}" = Steinberg MR Extension
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DBEA2A6D-4BD7-4037-86B7-B52E5B625F55}" = Waves Vocal 1.1
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2A97415-BD97-4867-B906-05E39E9EE51F}" = HL-2240
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF2F3EF2-A1CC-4ACD-BCAE-92CAC8D5613A}" = Digidesign Pro Tools LE 7.3
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1BB61D2-EBDD-4DE3-8AA9-93B13BEB60FF}" = Steinberg MR Editor
"{F240A601-75F9-444A-BD43-AF418E23A61E}" = Waves
"{F4193EB7-267E-4A14-90A2-65D8191C2D3C}" = Waves L3 1.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"BlackBerry_{5D19AD85-8FFF-4206-BB0D-469A35F8CED0}" = BlackBerry USB and Modem Drivers 6.0.1
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
"bx_cleansweep V2 All_is1" = bx_cleansweep V2 All 2.0
"bx_solo_is1" = bx_solo 1.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DivX Setup.divx.com" = DivX Setup
"DMGAudio EQuality_is1" = DMGAudio EQuality 1.06
"eLicenser Control" = eLicenser Control
"Elysia mpressor VST RTAS_is1" = Elysia mpressor VST RTAS v1.0.2
"elysia niveau filter Native_is1" = elysia niveau filter Native 1.0
"EphPod" = EphPod
"InstallShield_{317F1DBE-F345-44C3-B657-89C14EF2A9E8}" = iLok Client Helper
"InstallShield_{60C7FC32-585C-40FD-9DDF-E4D37DDC0140}" = Yamaha Steinberg FW Driver
"InstallShield_{F1BB61D2-EBDD-4DE3-8AA9-93B13BEB60FF}" = Steinberg MR Editor
"iZotope Ozone 4_is1" = iZotope Ozone 4
"Live 8.1.1" = Live 8.1.1
"Live 8.1.3" = Live 8.1.3
"Mellowmuse ATA_is1" = Mellowmuse ATA 1.6
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Native Instruments Absynth 4" = Native Instruments Absynth 4
"Native Instruments Akoustik Piano" = Native Instruments Akoustik Piano
"Native Instruments B4 II" = Native Instruments B4 II
"Native Instruments Battery 3" = Native Instruments Battery 3
"Native Instruments Elektrik Piano 1.5" = Native Instruments Elektrik Piano 1.5
"Native Instruments FM8" = Native Instruments FM8
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Komplete 5" = Native Instruments Komplete 5
"Native Instruments Kontakt 3" = Native Instruments Kontakt 3
"Native Instruments Massive" = Native Instruments Massive
"Native Instruments Reaktor 5" = Native Instruments Reaktor 5
"Native Instruments Rig Kontrol 2 Driver" = Native Instruments Rig Kontrol 2 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"Simpo PDF Converter Ultimate_is1" = Simpo PDF Converter Ultimate 1.1.5.0
"Simpo PDF to Text_is1" = Simpo PDF to Text 2.1.5.0
"Softube Trident A-Range VST RTAS_is1" = Softube Trident A-Range VST RTAS v1.0.2
"Sonnox Restoration Tools for Wavelab VST v1.0.0 (32-bit)_is1" = Sonnox Restoration Tools for Wavelab VST v1.0.0 (32-bit)
"SoundToys Native Effects VST RTAS_is1" = SoundToys Native Effects VST RTAS v4.0.2
"SPL Analog Code Passeq_is1" = SPL Analog Code Passeq VST RTAS v1.0
"SPL Analog Code Transient Designer VST RTAS_is1" = SPL Analog Code Transient Designer VST RTAS v1.1
"SPL Analog Code TwinTube Processor VST RTAS_is1" = SPL Analog Code TwinTube Processor VST RTAS v1.1
"SPL Analog Code Vitalizer MK2-T VST RTAS_is1" = SPL Analog Code Vitalizer MK2-T VST RTAS v1.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TT Dynamic Range Meter_is1" = TT Dynamic Range Meter 1.0
"VLC media player" = VLC media player 1.1.4
"Vst To Rtas Adapter V2.11" = Vst To Rtas Adapter V2.11
"Wave Arts Power Suite" = Wave Arts Power Suite
"Wave Arts Tube Saturator" = Wave Arts Tube Saturator
"WaveLabPro7" = WaveLab 7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2011 7:25:06 PM | Computer Name = STATION | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 5/8/2011 7:25:06 PM | Computer Name = STATION | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/9/2011 4:52:48 PM | Computer Name = STATION | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 5/9/2011 4:52:48 PM | Computer Name = STATION | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/9/2011 8:03:46 PM | Computer Name = STATION | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 5/9/2011 8:03:46 PM | Computer Name = STATION | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/10/2011 6:33:03 PM | Computer Name = STATION | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 5/10/2011 6:33:03 PM | Computer Name = STATION | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 5/15/2011 6:42:08 PM | Computer Name = STATION | Source = LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. BaseIndex value from Performance
registry
is the first DWORD in Data section, LastCounter value is the second DWORD in Data
section, and LastHelp value is the third DWORD in Data section.

Error - 5/15/2011 6:42:08 PM | Computer Name = STATION | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

[ System Events ]
Error - 6/10/2011 1:24:05 AM | Computer Name = STATION | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/10/2011 1:24:05 AM | Computer Name = STATION | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/10/2011 1:24:08 AM | Computer Name = STATION | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/10/2011 1:24:08 AM | Computer Name = STATION | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/10/2011 1:24:10 AM | Computer Name = STATION | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.nist.gov,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 6/10/2011 1:24:10 AM | Computer Name = STATION | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/10/2011 1:30:56 AM | Computer Name = STATION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DigiFilter

Error - 6/10/2011 1:34:02 AM | Computer Name = STATION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DigiFilter

Error - 6/10/2011 5:59:06 PM | Computer Name = STATION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DigiFilter

Error - 6/10/2011 6:50:32 PM | Computer Name = STATION | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
DigiFilter

< End of report >

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-06-10 19:16:15
-----------------------------
19:16:15.453 OS Version: Windows 5.1.2600 Service Pack 3
19:16:15.453 Number of processors: 2 586 0xE08
19:16:15.453 ComputerName: STATION UserName:
19:16:16.218 Initialize success
19:16:20.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
19:16:20.640 Disk 0 Vendor: TOSHIBA_MK1032GSX AS022D Size: 93958MB BusType: 3
19:16:20.640 Device \Driver\atapi -> DriverStartIo 842bf31b
19:16:22.703 Disk 0 MBR read successfully
19:16:22.703 Disk 0 MBR scan
19:16:22.703 Disk 0 TDL4@MBR code has been found
19:16:22.703 Disk 0 Windows XP default MBR code found via API
19:16:22.703 Disk 0 MBR hidden
19:16:22.718 Disk 0 MBR [TDL4] **ROOTKIT**
19:16:22.718 Disk 0 trace - called modules:
19:16:22.718 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x842bf4d0]<<
19:16:22.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84358ab8]
19:16:22.718 3 CLASSPNP.SYS[ba908fd7] -> nt!IofCallDriver -> \Device\00000079[0x84375478]
19:16:22.734 5 ACPI.sys[ba85f620] -> nt!IofCallDriver -> [0x842f5940]
19:16:22.734 \Driver\atapi[0x8435d930] -> IRP_MJ_CREATE -> 0x842bf4d0
19:16:22.734 Scan finished successfully
19:16:59.000 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\chebon littlefield\Desktop\MBR.dat"
19:16:59.015 The log file has been saved successfully to "C:\Documents and Settings\chebon littlefield\Desktop\aswMBR.txt"

Re: alureon-g@mbr10th June 2011, 11:41 pm

Results of screen317's Security Check version 0.99.13
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
Sunbelt Personal Firewall
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 20
Out of date Java installed!
Flash Player Out of Date!
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.15) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Sunbelt Software Personal Firewall SbPFLnch.exe
Sunbelt Software Personal Firewall SbPFSvc.exe
Sunbelt Software Personal Firewall SbPFCl.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 avastUI.exe
``````````End of Log````````````

Re: alureon-g@mbr11th June 2011, 3:12 pm

Hello.

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply

Note:It will also create a log in the C:\ directory.

Re: alureon-g@mbr11th June 2011, 5:39 pm

2011/06/11 13:36:35.0781 2956 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 13:36:35.0812 2956 ================================================================================
2011/06/11 13:36:35.0812 2956 SystemInfo:
2011/06/11 13:36:35.0812 2956
2011/06/11 13:36:35.0812 2956 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/11 13:36:35.0812 2956 Product type: Workstation
2011/06/11 13:36:35.0812 2956 ComputerName: STATION
2011/06/11 13:36:35.0812 2956 UserName: chebon littlefield
2011/06/11 13:36:35.0812 2956 Windows directory: C:\WINDOWS
2011/06/11 13:36:35.0812 2956 System windows directory: C:\WINDOWS
2011/06/11 13:36:35.0812 2956 Processor architecture: Intel x86
2011/06/11 13:36:35.0812 2956 Number of processors: 2
2011/06/11 13:36:35.0812 2956 Page size: 0x1000
2011/06/11 13:36:35.0812 2956 Boot type: Normal boot
2011/06/11 13:36:35.0812 2956 ================================================================================
2011/06/11 13:36:37.0984 2956 Initialize success
2011/06/11 13:37:36.0296 3476 ================================================================================
2011/06/11 13:37:36.0296 3476 Scan started
2011/06/11 13:37:36.0312 3476 Mode: Manual;
2011/06/11 13:37:36.0312 3476 ================================================================================
2011/06/11 13:37:36.0500 3476 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/06/11 13:37:36.0593 3476 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/11 13:37:36.0656 3476 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/11 13:37:36.0703 3476 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/11 13:37:36.0765 3476 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/11 13:37:36.0812 3476 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/06/11 13:37:37.0828 3476 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
2011/06/11 13:37:37.0890 3476 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/11 13:37:38.0000 3476 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/06/11 13:37:38.0062 3476 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/06/11 13:37:38.0093 3476 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/06/11 13:37:38.0156 3476 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/06/11 13:37:38.0187 3476 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/06/11 13:37:38.0218 3476 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/06/11 13:37:38.0250 3476 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/11 13:37:38.0312 3476 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/11 13:37:38.0343 3476 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/11 13:37:38.0390 3476 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/11 13:37:38.0468 3476 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/06/11 13:37:38.0515 3476 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/11 13:37:38.0578 3476 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/11 13:37:38.0625 3476 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/11 13:37:38.0734 3476 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/11 13:37:38.0781 3476 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/11 13:37:38.0828 3476 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/11 13:37:38.0859 3476 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/11 13:37:38.0968 3476 dalwdmservice (014810830a80659b7962655b697e3af1) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/06/11 13:37:39.0031 3476 DG003 (cbfeb0e9ef406176007bd742c1cc767c) C:\WINDOWS\system32\DRIVERS\dg003.sys
2011/06/11 13:37:39.0078 3476 DGUSBAP (2509d71674d7b92b033b2badd23c03d4) C:\WINDOWS\system32\DRIVERS\dgmbx2.sys
2011/06/11 13:37:39.0140 3476 DigiNet (f0ae709958ccfe5d30afe1083cdb0bf1) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/06/11 13:37:39.0156 3476 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/11 13:37:39.0234 3476 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/11 13:37:39.0281 3476 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/11 13:37:39.0296 3476 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/11 13:37:39.0328 3476 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/11 13:37:39.0390 3476 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/11 13:37:39.0453 3476 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/11 13:37:39.0500 3476 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/11 13:37:39.0531 3476 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/11 13:37:39.0546 3476 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/11 13:37:39.0609 3476 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/11 13:37:39.0656 3476 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/11 13:37:39.0671 3476 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/11 13:37:39.0703 3476 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/11 13:37:39.0812 3476 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/11 13:37:39.0843 3476 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/11 13:37:39.0906 3476 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/11 13:37:39.0984 3476 HSFHWAZL (1c8caa80e91fb71864e9426f9eed048d) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/11 13:37:40.0046 3476 HSF_DPV (698204d9c2832e53633e53a30a53fc3d) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/11 13:37:40.0125 3476 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/11 13:37:40.0218 3476 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/11 13:37:40.0296 3476 iLokDrvr (e6a446d82c5c3d7c2f4e4ab02ea1409b) C:\WINDOWS\system32\DRIVERS\iLokDrvr.sys
2011/06/11 13:37:40.0312 3476 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/11 13:37:40.0375 3476 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/11 13:37:40.0421 3476 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/11 13:37:40.0453 3476 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/11 13:37:40.0484 3476 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/11 13:37:40.0531 3476 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/11 13:37:40.0562 3476 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/11 13:37:40.0593 3476 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/11 13:37:40.0640 3476 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/11 13:37:40.0703 3476 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/11 13:37:40.0734 3476 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/11 13:37:40.0781 3476 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/11 13:37:40.0843 3476 KORGUMDS (f127edafefe416643bb9c183fbe8c1f8) C:\WINDOWS\system32\Drivers\KORGUMDS.SYS
2011/06/11 13:37:40.0921 3476 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/11 13:37:41.0000 3476 MBX2DFU (14352f8ee8373cb7b4600a6e6ac9cab6) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
2011/06/11 13:37:41.0031 3476 MBX2MIDK (67417504dd1fd31b70b293f2f112b868) C:\WINDOWS\system32\drivers\mbx2midk.sys
2011/06/11 13:37:41.0093 3476 MDFSYSNT (29b70df45163e25f353a3721e00794c3) C:\WINDOWS\system32\drivers\MDFSYSNT.sys
2011/06/11 13:37:41.0156 3476 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/11 13:37:41.0187 3476 MDPMGRNT (54d441f64ce6da15820ef49cd705376f) C:\WINDOWS\system32\drivers\MDPMGRNT.sys
2011/06/11 13:37:41.0250 3476 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/11 13:37:41.0312 3476 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/11 13:37:41.0421 3476 motubus (f6414aad75ed005af5634be28f78c69b) C:\WINDOWS\system32\drivers\MotuBus.sys
2011/06/11 13:37:41.0468 3476 MotuMidi (009dd91d2c1980653fb07c92f4bf6f4b) C:\WINDOWS\system32\drivers\MotuMidi.sys
2011/06/11 13:37:41.0515 3476 MotuUsb (fc47df19c9bd8f591e3643006a502add) C:\WINDOWS\system32\Drivers\MotuUsb.sys
2011/06/11 13:37:41.0546 3476 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/11 13:37:41.0562 3476 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/11 13:37:41.0578 3476 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/11 13:37:41.0640 3476 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/11 13:37:41.0718 3476 MRxSmb (421f7b922cec5a5f340e7574a98f7b7c) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/11 13:37:41.0828 3476 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/11 13:37:41.0890 3476 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/11 13:37:41.0921 3476 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/11 13:37:41.0937 3476 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/11 13:37:42.0000 3476 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/11 13:37:42.0015 3476 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/11 13:37:42.0046 3476 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/11 13:37:42.0062 3476 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/11 13:37:42.0093 3476 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/11 13:37:42.0125 3476 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/11 13:37:42.0140 3476 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/11 13:37:42.0187 3476 Netaapl (29c45722e20572b6440b57e3359e73ee) C:\WINDOWS\system32\DRIVERS\netaapl.sys
2011/06/11 13:37:42.0218 3476 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/11 13:37:42.0281 3476 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/11 13:37:42.0468 3476 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/06/11 13:37:42.0593 3476 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/11 13:37:42.0640 3476 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/11 13:37:42.0703 3476 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/11 13:37:42.0765 3476 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/11 13:37:42.0953 3476 nv (ccc2b6a4fc04949cbd37e40f7dc25a46) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/06/11 13:37:43.0078 3476 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/11 13:37:43.0093 3476 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/11 13:37:43.0125 3476 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/11 13:37:43.0171 3476 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/11 13:37:43.0203 3476 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/11 13:37:43.0343 3476 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/11 13:37:43.0390 3476 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/11 13:37:43.0437 3476 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/11 13:37:43.0484 3476 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/11 13:37:43.0640 3476 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/11 13:37:43.0671 3476 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/11 13:37:43.0687 3476 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/11 13:37:43.0734 3476 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/11 13:37:43.0828 3476 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/11 13:37:43.0843 3476 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/11 13:37:43.0875 3476 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/11 13:37:43.0906 3476 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/11 13:37:43.0937 3476 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/11 13:37:43.0953 3476 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/11 13:37:44.0000 3476 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/11 13:37:44.0031 3476 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/11 13:37:44.0078 3476 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
2011/06/11 13:37:44.0109 3476 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\WINDOWS\system32\DRIVERS\rimsptsk.sys
2011/06/11 13:37:44.0171 3476 RimUsb (92d33f76769a028ddc54a863eb7de4a2) C:\WINDOWS\system32\Drivers\RimUsb.sys
2011/06/11 13:37:44.0218 3476 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
2011/06/11 13:37:44.0234 3476 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\WINDOWS\system32\DRIVERS\rixdptsk.sys
2011/06/11 13:37:44.0265 3476 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/11 13:37:44.0328 3476 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/11 13:37:44.0390 3476 SbFw (419883201ca9ad697ccfb8fc46dd6f78) C:\WINDOWS\system32\drivers\SbFw.sys
2011/06/11 13:37:44.0437 3476 SBFWIMCL (f01b8409a11c319e3c5b9dd418676d2c) C:\WINDOWS\system32\DRIVERS\sbfwim.sys
2011/06/11 13:37:44.0546 3476 sbhips (31ca701f26ea66468ad3c3c6498755ce) C:\WINDOWS\system32\drivers\sbhips.sys
2011/06/11 13:37:44.0578 3476 sbp2port (b244960e5a1db8e9d5d17086de37c1e4) C:\WINDOWS\system32\DRIVERS\sbp2port.sys
2011/06/11 13:37:44.0625 3476 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/06/11 13:37:44.0671 3476 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/11 13:37:44.0703 3476 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/11 13:37:44.0750 3476 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/06/11 13:37:44.0765 3476 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/06/11 13:37:44.0781 3476 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/11 13:37:44.0843 3476 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/11 13:37:44.0875 3476 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/11 13:37:44.0937 3476 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/11 13:37:45.0062 3476 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/06/11 13:37:45.0093 3476 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/11 13:37:45.0125 3476 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/11 13:37:45.0234 3476 SynasUSB (af9a16163545685856ffd8b17aaa5e0b) C:\WINDOWS\system32\drivers\SynasUSB.sys
2011/06/11 13:37:45.0296 3476 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/11 13:37:45.0328 3476 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/11 13:37:45.0406 3476 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/11 13:37:45.0500 3476 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/11 13:37:45.0546 3476 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/11 13:37:45.0578 3476 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/11 13:37:45.0640 3476 TPkd (409a577fd5781c717e55a28717514c58) C:\WINDOWS\system32\drivers\TPkd.sys
2011/06/11 13:37:45.0687 3476 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/11 13:37:45.0734 3476 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/11 13:37:45.0812 3476 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/06/11 13:37:45.0843 3476 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/11 13:37:45.0875 3476 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/11 13:37:45.0906 3476 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/11 13:37:45.0937 3476 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/11 13:37:45.0984 3476 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/11 13:37:46.0031 3476 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/11 13:37:46.0062 3476 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/11 13:37:46.0109 3476 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/11 13:37:46.0140 3476 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/11 13:37:46.0187 3476 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/11 13:37:46.0250 3476 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/11 13:37:46.0343 3476 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/06/11 13:37:46.0500 3476 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/11 13:37:46.0578 3476 winachsf (74cf3f2e4e40c4a2e18d39d6300a5c24) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/11 13:37:46.0640 3476 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/11 13:37:46.0687 3476 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/06/11 13:37:46.0750 3476 YFWAUDIO (72c1f994928926cdb55332e0bdc2a1e1) C:\WINDOWS\system32\drivers\yfwaudio.sys
2011/06/11 13:37:46.0796 3476 YFWBUS (54709f2d0c695e5d151e0a4d82391043) C:\WINDOWS\system32\Drivers\yfwbus.sys
2011/06/11 13:37:46.0828 3476 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/06/11 13:37:46.0843 3476 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/06/11 13:37:46.0859 3476 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
2011/06/11 13:37:46.0875 3476 ================================================================================
2011/06/11 13:37:46.0875 3476 Scan finished
2011/06/11 13:37:46.0875 3476 ================================================================================
2011/06/11 13:37:46.0875 3472 Detected object count: 1
2011/06/11 13:37:46.0875 3472 Actual detected object count: 1
2011/06/11 13:38:13.0296 3472 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/06/11 13:38:13.0296 3472 \Device\Harddisk0\DR0 - ok
2011/06/11 13:38:13.0296 3472 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

Re: alureon-g@mbr11th June 2011, 6:36 pm

Hello.

Download combofix from here
Link 1

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV.
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: alureon-g@mbr11th June 2011, 10:36 pm

ComboFix 11-06-11.01 - chebon littlefield 06/11/2011 16:40:34.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1699 [GMT -4:00]
Running from: c:\documents and settings\chebon littlefield\Desktop\Combo-Fix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Sunbelt Personal Firewall *Disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\chebon littlefield\Application Data\cacaoweb
c:\documents and settings\chebon littlefield\Application Data\cacaoweb\adstorage.db
c:\documents and settings\chebon littlefield\Application Data\cacaoweb\storage.db
c:\documents and settings\chebon littlefield\Application Data\Local
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\5.ddi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\6.ddi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\8.ddi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\9.ddi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\big.love.s05e04.hdtv.xvid-fqm_ns.avi(2).ddr
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\big.love.s05e04.hdtv.xvid-fqm_ns.avi.ddr
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\californication.s04e05.hdtv.xvid-asap_ns.avi.ddr
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_NEW.divx.ddr
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.1080i_ns.avi(2).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.1080i_ns.avi.ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(2).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(3).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(4).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(5).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(6).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(7).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(8).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi(9).ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\big.love.s05e04.hdtv.xvid-fqm_ns.avi.ddp
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\californication.s04e05.hdtv.xvid-asap_ns.avi
c:\documents and settings\chebon littlefield\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_NEW.divx
C:\install.exe
c:\windows\system32\drivers\1028_DELL_XPS_MP061 .MRK
c:\windows\system32\drivers\DELL_XPS_MP061 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))
.
.
2011-06-11 20:11 . 2011-06-11 20:13 -------- d-----w- C:\Combo-Fix
2011-05-25 23:36 . 2008-11-07 22:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-15 7118848]
"nwiz"="nwiz.exe" [2005-12-15 1519616]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"MDDiskProtect.exe"="c:\program files\Mediafour\MacDrive\MDDiskProtect.exe" [2005-04-15 106496]
"Mediafour Mac Volume Notifications"="c:\program files\Common Files\Mediafour\MACVNTFY.EXE" [2002-12-17 61440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"yfwtray"="c:\program files\Yamaha\FWDriver\yfwtray.exe" [2008-03-06 110592]
"yfwcm"="c:\program files\Yamaha\FWDriver\yfwcm.exe" [2009-05-27 557056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi8"=KORGUMDD.DRV
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-05-14 19:23 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-01-10 23:25 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-01 15:05 136176 ----atw- c:\documents and settings\chebon littlefield\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 23:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"wuauserv"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
.
R0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.SYS [4/30/2006 10:57 AM 16640]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [3/15/2011 7:54 PM 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/24/2010 11:26 PM 301528]
R1 MDFSYSNT;MDFSYSNT;c:\windows\system32\drivers\MDFSYSNT.SYS [6/16/2006 12:53 PM 212864]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2/24/2010 11:32 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/24/2010 11:26 PM 19544]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [6/20/2010 7:02 PM 16400]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [3/29/2011 10:26 PM 245760]
R3 motubus;MOTU Audio MIDI Extension;c:\windows\system32\drivers\motubus.sys [2/21/2010 6:32 PM 23600]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2/24/2010 11:32 PM 65576]
R3 YFWBUS;Yamaha Steinberg FW Bus;c:\windows\system32\drivers\yfwbus.sys [1/12/2010 10:19 AM 136704]
S0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys --> c:\windows\system32\drivers\DigiFilt.sys [?]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\CHEBON~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\CHEBON~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [6/20/2010 7:02 PM 85008]
S3 DG003;Service for Digidesign 003 Driver (WDM);c:\windows\system32\drivers\dg003.sys [8/27/2010 3:12 AM 115472]
S3 DGUSBAP;Service for Digidesign Mbox2 (WDM);c:\windows\system32\drivers\dgmbx2.sys [8/27/2010 3:12 AM 129040]
S3 iLokDrvr;Usb Driver;c:\windows\system32\drivers\iLokDrvr.sys [12/23/2009 11:36 AM 54328]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows;c:\windows\system32\drivers\KORGUMDS.SYS [10/15/2009 1:12 AM 22232]
S3 MBX2DFU;Digidesign Mbox 2 Firmware Updater;c:\windows\system32\drivers\mbx2dfu.sys [6/21/2010 3:23 PM 21648]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [6/21/2010 3:23 PM 21904]
S3 MotuMidi;MOTU MIDI Device;c:\windows\system32\drivers\motumidi.sys [4/23/2010 4:43 PM 36912]
S3 MotuUsb;MotuUsb;c:\windows\system32\drivers\MotuUsb.sys [4/23/2010 4:43 PM 49712]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [3/1/2010 2:38 AM 17408]
S3 SynasUSB;eLicenser;c:\windows\system32\drivers\synasusb.sys [10/12/2010 9:53 PM 23696]
S3 YFWAUDIO;Yamaha Steinberg FW WDM Audio;c:\windows\system32\drivers\yfwaudio.sys [1/12/2010 10:19 AM 35968]
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-308236825-725345543-1004Core.job
- c:\documents and settings\chebon littlefield\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 15:05]
.
2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-776561741-308236825-725345543-1004UA.job
- c:\documents and settings\chebon littlefield\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-01 15:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\chebon littlefield\Application Data\Mozilla\Firefox\Profiles\34q5lxgr.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-Mediafour Mac Volume Icons - (no file)
HKCU-Run-cacaoweb - c:\program files\cacaoweb\cacaoweb.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-11 16:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
cacaoweb = "c:\program files\cacaoweb\cacaoweb.exe" -noplayer?abled:cacaoweb?es??????????????????N?????????????l?N???N???????????N???N? ??|`??|????????????????( ??????Service Pack 3?????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\netprovcredman.dll
.
Completion time: 2011-06-11 16:57:15
ComboFix-quarantined-files.txt 2011-06-11 20:57
.
Pre-Run: 1,395,892,224 bytes free
Post-Run: 4,618,805,248 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect/NoExecute=AlwaysOff
.
- - End Of File - - 6BA9E5605DEF5387BFF802B537784B80

Re: alureon-g@mbr13th June 2011, 4:47 pm

Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

Check (tick) this box: YES, I accept the Terms of Use.
Click on the Start button next to it.
When prompted to run ActiveX. click Yes.
You will be asked to install an ActiveX. Click Install.
Once installed, the scanner will be initialized.
After the scanner is initialized, click Start.
Check (tick) Remove found threats box.
Check (tick) Scan unwanted applications.
Click on Scan.
It will start scanning. Please be patient.
Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

Re: alureon-g@mbr13th June 2011, 8:05 pm

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=e9288da2ae169442a548b8c275d74b7f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-13 07:57:52
# local_time=2011-06-13 03:57:52 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 39999696 39999696 0 0
# compatibility_mode=768 16777215 100 0 40000094 40000094 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=110176
# found=2
# cleaned=2
# scan_time=5016
C:\Documents and Settings\chebon littlefield\Desktop\Keygen.exe probably a variant of Win32/Agent.GUYUUZJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A4C58162-6A47-4FF7-98B4-CFB685ACBFFE}\RP413\A0084961.exe probably a variant of Win32/Agent.GUYUUZJ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Re: alureon-g@mbr14th June 2011, 3:48 pm

Hello.

Please download CKScanner by askey127 from here
Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify that the file is saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Re: alureon-g@mbr14th June 2011, 5:04 pm

CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\chebon littlefield\desktop\updates\fake\atlassian.confluence.v3.3.incl.keygen.and.patch-invisible.rar
c:\documents and settings\chebon littlefield\my documents\ableton\library\presets\audio effects\vinyl distortion\crack.adv
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\snare\emphasize crack.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack 2.tfx
c:\program files\common files\digidesign\dae\plug-in settings\eq 3.0\_1 band eq\snare\emphasize crack.tfx
c:\program files\common files\digidesign\dae\plug-in settings\funk logic mastererizer\mc dj yuppie cracker.tfx
c:\program files\common files\native instruments\kontakt 3\presets\effects\convolution\02 drum reverbs\0_4s_firecrackersnare_orven.nkp
c:\program files\common files\native instruments\shared content\sounds\absynth 3\crackling water bottles.ksd
c:\program files\common files\native instruments\shared content\sounds\absynth 4\absynth 3 factory\crackling water bottles.ksd
c:\program files\common files\native instruments\shared content\sounds\fm7\beam cracker bass.ksd
c:\program files\common files\native instruments\shared content\sounds\fm7\cracklephone.ksd
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\beam cracker bass.ksd
c:\program files\common files\native instruments\shared content\sounds\fm8\fm7 factory\cracklephone.ksd
c:\program files\common files\native instruments\shared content\sounds\massive\crackle carl.ksd
c:\program files\common files\native instruments\shared content\sounds\massive\digitoy crackle.ksd
c:\program files\native instruments\battery 3\presets\effects\convolution\small rooms\firecracker snare.b3p
c:\program files\native instruments\battery 3\presets\effects\strip-cell-ifx\snare cracker.b3p
c:\program files\native instruments\kontakt 2\presets\effects\convolution\02 drum reverbs\0_4s_firecrackersnare_orven.nkp
c:\program files\steinberg\cubase 5\track presets\audio\nutcracker synth brass.trackpreset
c:\program files\steinberg\cubase 5\vst3 presets\steinberg media technologies\grungelizer\vinyl crackles.vstpreset
c:\program files\steinberg\cubase 5\vst3 presets\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\steinberg\wavelab 7\factory presets\plugins\steinberg media technologies\studiochorus\chipmunks on crack.vstpreset
c:\program files\waves\plug-ins\xcrackle.dll
c:\program files\waves\plug-ins\xcrackle.dll.rsr
c:\program files\waves\plug-ins\plug-in settings\x-crackle settings.xps
scanner sequence 3.ZZ.11
----- EOF -----

Re: alureon-g@mbr14th June 2011, 5:33 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Next,

Please run OTL.exe.

Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:files
c:\documents and settings\chebon littlefield\desktop\updates\fake\atlassian.confluence.v3.3.incl.keygen.and.patch-invisible.rar

:commands
[clearallrestorepoints]
[createrestorepoint]
Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
Click the red Run Fix button.
A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Re: alureon-g@mbr14th June 2011, 7:21 pm

========== FILES ==========
c:\documents and settings\chebon littlefield\desktop\updates\fake\Atlassian.Confluence.v3.3.Incl.Keygen.and.Patch-iNViSiBLE.rar moved successfully.
========== COMMANDS ==========
Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.24.0 log created on 06142011_151821

Re: alureon-g@mbr15th June 2011, 6:21 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

Updating Java:

Download the latest version of Java SE Runtime Environment (JRE) 6 Update 26.
Click the "Download JRE" button to the right.
In the Window that opens, select your platform, check the "agree" box, and click Continue.
Click on the link to download Windows Offline Installation and save to your desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u26-windows-i586.exe that you downloaded to install the newest version.

I see you have Firefox and VLC player installed. Both of these you are running are old versions and need updating.

Please download Firefox 4.0.1 and install it. It will install over version 3.6.13 you currently have installed, so you won't lose any bookmarked websites.

Download and install VLC Player 1.1.10
When installing, it will ask if you want to uninstall the old version first before it can install the new version, so please select yes and allow it to install.

Then download and install Adobe Reader X

How is the machine running now?

alureon-g@mbr

descriptionalureon-g@mbr10th June 2011, 11:27 pm

descriptionRe: alureon-g@mbr10th June 2011, 11:30 pm

descriptionRe: alureon-g@mbr10th June 2011, 11:30 pm

descriptionRe: alureon-g@mbr10th June 2011, 11:41 pm

descriptionRe: alureon-g@mbr11th June 2011, 3:12 pm

descriptionRe: alureon-g@mbr11th June 2011, 5:39 pm

descriptionRe: alureon-g@mbr11th June 2011, 6:36 pm

descriptionRe: alureon-g@mbr11th June 2011, 10:36 pm

descriptionRe: alureon-g@mbr13th June 2011, 4:47 pm

descriptionRe: alureon-g@mbr13th June 2011, 8:05 pm

descriptionRe: alureon-g@mbr14th June 2011, 3:48 pm

descriptionRe: alureon-g@mbr14th June 2011, 5:04 pm

descriptionRe: alureon-g@mbr14th June 2011, 5:33 pm

descriptionRe: alureon-g@mbr14th June 2011, 7:21 pm

descriptionRe: alureon-g@mbr15th June 2011, 6:21 pm

descriptionRe: alureon-g@mbr

alureon-g@mbr10th June 2011, 11:27 pm

Re: alureon-g@mbr10th June 2011, 11:30 pm

Re: alureon-g@mbr10th June 2011, 11:30 pm

Re: alureon-g@mbr10th June 2011, 11:41 pm

Re: alureon-g@mbr11th June 2011, 3:12 pm

Re: alureon-g@mbr11th June 2011, 5:39 pm

Re: alureon-g@mbr11th June 2011, 6:36 pm

Re: alureon-g@mbr11th June 2011, 10:36 pm

Re: alureon-g@mbr13th June 2011, 4:47 pm

Re: alureon-g@mbr13th June 2011, 8:05 pm

Re: alureon-g@mbr14th June 2011, 3:48 pm

Re: alureon-g@mbr14th June 2011, 5:04 pm

Re: alureon-g@mbr14th June 2011, 5:33 pm

Re: alureon-g@mbr14th June 2011, 7:21 pm

Re: alureon-g@mbr15th June 2011, 6:21 pm

Re: alureon-g@mbr