PC Infected with malwares ... Please help

Dear Greekplolice Staff,

Problem :
- My PC has an AVG (free version), but it seems not good enough in protecting my PC ... My PC were infected with malwares/spywares/worm....
- I installed Anti_Malwarebytes (Pro version) to scan and remove the infected objects ( but I am not quite sure - my PC is viruses/malwared/ free yet ... since the PC seems not functioning normal as before)
- I tried to uninstal AVG in order to replace it with a better anti_viruses software (I tried Symantec) ... But I can not install and make Symantec working properly (at start up my PC has a blank/black screen) ... I have to start Windows in Safe Mode to uninstall Symantec ...
But since then my PC does not function well anymore .... and I do not know what to do next ?

Please help us and we thank you in advance .

Next post is the log files from OTL ...

OTL logfile created on: 7/18/2010 1:12:46 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Mr\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.55 Gb Total Space | 0.51 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive D: | 85.31 Gb Total Space | 8.72 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 30.29 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAY01
Current User Name: Mr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/18 00:32:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr\Desktop\OTL.exe
PRC - [2010/06/03 07:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/05/22 06:40:07 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010/05/18 15:51:00 | 000,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/11/02 00:42:56 | 000,261,632 | ---- | M] () -- D:\software me\unikey40RC2-1101-win32\UniKeyNT.exe
PRC - [2009/04/30 08:03:38 | 002,799,024 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2008/03/10 00:04:52 | 000,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2008/02/18 20:01:01 | 000,251,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2007/12/11 04:59:40 | 000,307,200 | ---- | M] (Team H2O) -- C:\Program Files\Syncrosoft\POS\H2O\cledx.exe
PRC - [2007/08/31 08:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2007/08/31 08:43:18 | 000,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YServer.exe
PRC - [2007/03/26 17:45:12 | 000,389,120 | ---- | M] () -- C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
PRC - [2005/08/11 16:30:30 | 000,618,496 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
PRC - [2005/08/11 16:30:30 | 000,249,856 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005/08/11 16:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2005/06/02 09:21:38 | 000,048,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/10/29 18:43:16 | 000,167,936 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/07/18 00:32:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr\Desktop\OTL.exe
MOD - [2009/11/02 00:42:54 | 000,245,248 | ---- | M] () -- D:\software me\unikey40RC2-1101-win32\UKHook40.dll
MOD - [2009/03/26 22:35:39 | 000,034,224 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\idmmkb.dll
MOD - [2007/12/01 00:27:12 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.3264_x-ww_d751ffbf\comctl32.dll
MOD - [2007/12/01 00:23:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/08/31 08:43:14 | 000,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2007/08/31 07:17:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - File not found [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/19 12:33:23 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/18 15:51:00 | 000,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/03/10 00:04:52 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2005/06/02 09:21:46 | 000,161,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2005/06/02 09:21:46 | 000,083,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2005/06/02 09:21:40 | 000,185,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2005/04/22 12:03:28 | 000,206,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/03/30 21:48:22 | 000,992,864 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [1998/06/06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio\COMMON\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva279.sys -- (XDva279)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\fvdscsi.sys -- (fvdscsi)
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\fcdabus.sys -- (fcdabus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/07/15 15:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100715.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 15:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100715.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/15 09:30:44 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/15 09:30:41 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/15 09:30:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/06/17 08:36:44 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/08 09:46:11 | 033,569,280 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SysLib0.sys -- (SysLib0)
DRV - [2009/12/08 09:46:11 | 017,241,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SysLib2.sys -- (SysLib2)
DRV - [2009/12/08 09:46:11 | 004,124,160 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SysLib3.sys -- (SysLib3)
DRV - [2009/12/08 09:46:11 | 001,628,160 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SysLib1.sys -- (SysLib1)
DRV - [2009/12/05 13:33:54 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/12/05 13:33:54 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/07 18:14:00 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/07/25 19:09:24 | 000,845,184 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/03/17 07:45:50 | 005,955,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/02/14 13:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/05/24 03:15:00 | 000,547,744 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)
DRV - [2005/05/13 19:50:10 | 000,123,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2005/05/09 20:08:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2005/04/22 12:03:02 | 000,267,192 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2005/04/22 12:03:00 | 000,017,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/03/30 21:48:20 | 000,372,832 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/01/10 11:45:56 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2005/01/08 08:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/09/21 20:46:26 | 000,037,409 | R--- | M] (FarStone) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fsRamDsk.sys -- (fsRamDsk)
DRV - [2004/08/13 17:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2003/09/19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)


========== Standard Registry (SafeList) ==========

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2405280
IE - HKCU\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL File not found
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 69.20.4.229:3128

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "69.20.4.229"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "69.20.4.229"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "69.20.4.229"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "69.20.4.229"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "69.20.4.229"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/17 16:08:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/18 00:47:38 | 000,000,000 | ---D | M]

[2010/07/15 00:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr\Application Data\Mozilla\Extensions
[2009/12/07 17:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr\Application Data\Mozilla\Firefox\extensions
[2010/07/15 00:19:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mr\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/15 00:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mr\Application Data\Mozilla\Firefox\Profiles\lho8rogg.default\extensions
[2010/07/18 00:12:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/17 23:53:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 23:53:00 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/07/16 22:52:19 | 000,000,458 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 download.f-secure.com
O1 - Hosts: 127.0.0.1 download.avg.com
O1 - Hosts: 127.0.0.1 www.grisoft.cz
O1 - Hosts: 127.0.0.1 download.softpedia.com
O1 - Hosts: 127.0.0.1 virusscan.jotti.org
O1 - Hosts: 127.0.0.1 bkav.com.vn
O1 - Hosts: 127.0.0.1 www.bkav.com.vn
O1 - Hosts: 127.0.0.1 download.com.vn
O1 - Hosts: 127.0.0.1 www.download.com.vn
O1 - Hosts: 127.0.0.1 9down.com
O1 - Hosts: 127.0.0.1 www.9down.com
O1 - Hosts: 127.0.0.1 download.eset.com
O1 - Hosts: 127.0.0.1 www.download.com
O1 - Hosts: 127.0.0.1 www.bitdefender.com
O1 - Hosts: 127.0.0.1 www.bitdefender.com.vn
O1 - Hosts: 127.0.0.1 cmcinfosec.com
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O2 - BHO: (Ask Search Assistant BHO) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL File not found
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\3.bin\ASKTBAR.DLL File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe File not found
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NexusServer] C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\\PSDrvCheck.exe ()
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [UniKey] D:\software me\unikey40RC2-1101-win32\UniKeyNT.exe ()
O4 - HKCU..\Run: [Vidalia] C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
O4 - Startup: C:\Documents and Settings\Mr\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 8
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/04 12:42:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/15 12:15:49 | 000,000,120 | -HS- | M] () - D:\AutoRun.inf -- [ NTFS ]
O33 - MountPoints2\{36dd94a4-90a0-11df-9c75-002354504349}\Shell\AutoRun\command - "" = forever.exe
O33 - MountPoints2\{36dd94a4-90a0-11df-9c75-002354504349}\Shell\open\command - "" = forever.exe
O33 - MountPoints2\{cbfc927a-626e-11df-9bcd-002354504349}\Shell\AutoRun\command - "" = forever.exe
O33 - MountPoints2\{cbfc927a-626e-11df-9bcd-002354504349}\Shell\open\command - "" = forever.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {07A276B3-57AA-44E0-9523-4BE2177DE590} - Vector Graphics Rendering (VML)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4C201D04-E0E5-99F1-6BCE-31D8EC0ABD34} - Outlook Express
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B16F74A6-CEE6-E3E3-4B72-C8B2B3C542CA} - Browser Customizations
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {CFEB2F8A-A9B3-48D9-96CC-7CB4D9146D7E} - Outlook Express
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F38B966C-7170-C420-016B-28655D299E6F} - Internet Explorer
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.CDVC - C:\WINDOWS\System32\cdvccodc.dll (Canopus Co., Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MJPG - Pvmjpg30.dll File not found
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010/07/18 00:32:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mr\Desktop\OTL.exe
[2010/07/18 00:27:47 | 042,459,072 | ---- | C] ( ) -- C:\Documents and Settings\Mr\Desktop\AdbeRdr933_en_US.exe
[2010/07/17 23:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/17 23:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/07/17 23:53:05 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 23:53:05 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 23:53:05 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/17 23:53:05 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/17 23:52:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/17 23:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Desktop\JavaRa
[2010/07/16 22:30:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Local Settings\Application Data\Symantec
[2010/07/16 22:29:55 | 000,123,488 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/07/16 22:29:55 | 000,091,856 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/07/16 22:29:41 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/07/16 22:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/07/16 22:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/07/16 13:46:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grass Valley
[2010/07/16 13:42:25 | 000,909,312 | R--- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\pavplal.dll
[2010/07/16 13:42:25 | 000,327,680 | R--- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\pavapi.dll
[2010/07/16 13:42:21 | 000,084,992 | ---- | C] (CANOPUS Co., Ltd.) -- C:\WINDOWS\csejpeg.dll
[2010/07/16 13:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Snell & Wilcox Shared
[2010/07/16 13:42:19 | 000,380,928 | ---- | C] (Rhozet Corporation) -- C:\WINDOWS\System32\palm2.ax
[2010/07/16 13:42:15 | 000,188,482 | R--- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\helixprodctrl.dll
[2010/07/16 13:42:14 | 001,085,520 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\csedvh.dll
[2010/07/16 13:42:14 | 000,864,338 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\csempeg3.dll
[2010/07/16 13:42:14 | 000,385,108 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\csedv.dll
[2010/07/16 13:42:14 | 000,376,832 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\hlCDVC.dll
[2010/07/16 13:42:14 | 000,159,832 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\csccdvc.dll
[2010/07/16 13:42:14 | 000,147,456 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\csccdvcx.dll
[2010/07/16 13:42:14 | 000,032,256 | ---- | C] (Canopus Co., Ltd.) -- C:\WINDOWS\System32\cdvccodc.dll
[2010/07/16 13:42:14 | 000,022,528 | ---- | C] (Canopus Corporation) -- C:\WINDOWS\System32\csthread.dll
[2010/07/16 13:42:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canopus Shared
[2010/07/16 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Grass Valley
[2010/07/16 13:39:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Grass Valley
[2010/07/15 14:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Cakewalk
[2010/07/15 09:30:44 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:30:44 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2010/07/15 09:30:41 | 000,333,192 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 09:30:40 | 000,028,424 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/15 09:30:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/15 09:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/15 00:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Easy
[2010/07/14 23:55:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\URSoft
[2010/07/14 23:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/14 23:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Your Uninstaller 2008
[2010/07/14 07:33:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/07/13 23:12:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/13 23:12:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/13 23:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/13 21:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Malwarebytes
[2010/07/13 21:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/13 14:19:36 | 002,120,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2010/07/13 14:19:36 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2010/07/13 14:19:36 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010/07/13 14:19:36 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010/07/13 14:19:36 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2010/07/13 14:19:36 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2010/07/13 14:19:36 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2010/07/13 14:19:36 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2010/07/13 13:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/07/13 11:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/07/13 11:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/07/13 11:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/07/13 11:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/07/13 10:42:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/07/13 10:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/13 10:41:10 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/13 10:39:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Sun
[2010/07/08 21:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Avnex
[2010/07/08 21:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\AV Video Karaoke Maker
[2010/07/08 10:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Steinberg
[2010/07/08 10:27:42 | 000,087,040 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32sipr.dll
[2010/07/08 10:27:42 | 000,072,704 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3228_8.dll
[2010/07/08 10:27:42 | 000,021,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra32dnet.dll
[2010/07/08 10:27:41 | 000,487,936 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmbe3260.dll
[2010/07/08 10:27:41 | 000,352,768 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pngu3263.dll
[2010/07/08 10:27:41 | 000,131,072 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pneng50.dll
[2010/07/08 10:27:41 | 000,130,560 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pnc3250.dll
[2010/07/08 10:27:41 | 000,085,504 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\encdnet.dll
[2010/07/08 10:27:41 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\ra3214_4.dll
[2010/07/08 10:27:41 | 000,061,952 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\decdnet.dll
[2010/07/08 10:27:18 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/07/08 10:16:01 | 000,033,792 | ---- | C] (Team H2O) -- C:\WINDOWS\System32\drivers\cledx.sys
[2010/07/08 10:15:52 | 000,016,896 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\drivers\synasUSB.sys
[2010/07/08 10:15:51 | 000,045,056 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\Synsopos.exe
[2010/07/08 10:15:50 | 000,708,608 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SYNSOACC.dll
[2010/07/08 10:15:50 | 000,147,456 | ---- | C] (SIA Syncrosoft) -- C:\WINDOWS\System32\SynsoLChk.dll
[2010/07/08 10:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/07/07 11:38:36 | 000,180,224 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/07/07 11:38:36 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2010/07/07 11:38:36 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/07/05 09:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\GoldWave
[2010/07/02 21:40:51 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex Presenter
[2010/07/02 21:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Netscape
[2010/07/02 21:40:22 | 000,000,000 | ---D | C] -- C:\Program Files\Photodex
[2010/07/02 21:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Photodex
[2010/06/26 17:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Local Settings\Application Data\Help
[2010/06/26 17:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\Application Data\Help
[2010/06/23 16:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mr\My Documents\Updater
[2010/06/23 16:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2010/06/23 16:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/18 01:09:29 | 000,164,864 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\Updates to Perform.doc
[2010/07/18 00:49:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003UA.job
[2010/07/18 00:47:38 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/18 00:47:18 | 011,272,192 | -H-- | M] () -- C:\Documents and Settings\Mr\NTUSER.DAT
[2010/07/18 00:32:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mr\Desktop\OTL.exe
[2010/07/18 00:30:33 | 042,459,072 | ---- | M] ( ) -- C:\Documents and Settings\Mr\Desktop\AdbeRdr933_en_US.exe
[2010/07/18 00:09:06 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/18 00:09:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/18 00:08:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Mr\ntuser.ini
[2010/07/17 23:53:00 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll
[2010/07/17 23:53:00 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe
[2010/07/17 23:53:00 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe
[2010/07/17 23:53:00 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe
[2010/07/17 23:53:00 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl
[2010/07/17 23:50:12 | 079,595,288 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\jdk-6u21-windows-i586.exe
[2010/07/17 23:03:22 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\JavaRa.zip
[2010/07/17 20:43:06 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/17 19:49:03 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003Core.job
[2010/07/17 17:18:12 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/17 17:18:12 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/16 23:00:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2010/07/16 22:52:19 | 000,000,458 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/16 22:40:30 | 000,012,990 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\ct1.JPG
[2010/07/16 12:21:23 | 000,000,100 | ---- | M] () -- C:\Documents and Settings\Mr\default.pls
[2010/07/15 21:39:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/15 14:51:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei4
[2010/07/15 14:51:45 | 000,000,471 | ---- | M] () -- C:\WINDOWS\System32\Datei2
[2010/07/15 14:51:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei3
[2010/07/15 14:51:45 | 000,000,470 | ---- | M] () -- C:\WINDOWS\System32\Datei1
[2010/07/15 14:51:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei7
[2010/07/15 14:51:45 | 000,000,469 | ---- | M] () -- C:\WINDOWS\System32\Datei5
[2010/07/15 14:51:45 | 000,000,468 | ---- | M] () -- C:\WINDOWS\System32\Datei0
[2010/07/15 14:51:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei9
[2010/07/15 14:51:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei8
[2010/07/15 14:51:45 | 000,000,467 | ---- | M] () -- C:\WINDOWS\System32\Datei10
[2010/07/15 14:51:45 | 000,000,465 | ---- | M] () -- C:\WINDOWS\System32\Datei6
[2010/07/15 09:36:18 | 061,996,520 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.install_backup
[2010/07/15 09:36:03 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.install_backup
[2010/07/15 09:30:44 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/15 09:30:44 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll.install_backup
[2010/07/15 09:30:41 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 09:30:40 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm.install_backup
[2010/07/15 09:30:40 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/15 09:30:37 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg.install_backup
[2010/07/15 09:30:37 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg.install_backup
[2010/07/15 09:26:41 | 000,168,960 | ---- | M] () -- C:\Documents and Settings\Mr\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/15 00:38:23 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/07/15 00:36:10 | 000,000,024 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/07/15 00:07:55 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/07/15 00:07:24 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\Registry Easy.lnk
[2010/07/15 00:00:17 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Mr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/15 00:00:17 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/14 23:55:04 | 000,000,964 | ---- | M] () -- C:\Documents and Settings\Mr\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Uninstaller! 2008.lnk
[2010/07/14 23:55:04 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\Your Uninstaller! 2008.lnk
[2010/07/14 22:40:22 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2010/07/14 21:22:08 | 000,000,011 | ---- | M] () -- C:\WINDOWS\kdcoms.dll
[2010/07/13 23:12:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 23:11:09 | 056,587,142 | ---- | M] () -- C:\WINDOWS\System32\drivers\SysLib.sys
[2010/07/13 23:10:48 | 008,299,589 | ---- | M] () -- C:\WINDOWS\System32\BkavAuto.vxd
[2010/07/13 23:10:48 | 000,049,189 | ---- | M] () -- C:\WINDOWS\System32\drivers\BkavAuto.sys
[2010/07/13 14:19:49 | 000,001,460 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\DivX Movies.lnk
[2010/07/13 14:19:43 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/13 14:19:33 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/12 12:41:39 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2010/07/11 17:09:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/09 01:46:18 | 000,100,352 | ---- | M] () -- C:\Documents and Settings\Mr\My Documents\AV karaoke.doc
[2010/07/08 21:42:04 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Mr\Desktop\AV Video Karaoke Maker.lnk
[2010/07/08 20:37:45 | 009,005,002 | ---- | M] () -- C:\WINDOWS\xuat.scr
[2010/07/08 18:49:15 | 000,126,912 | ---- | M] () -- C:\Documents and Settings\Mr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/08 18:40:16 | 002,543,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/06 00:32:50 | 003,382,784 | ---- | M] () -- C:\Documents and Settings\Mr\My Documents\Doc1.doc
[2010/07/05 14:49:38 | 000,000,568 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/04 18:56:24 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/06/29 12:21:33 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Mr\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/06/29 07:23:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Mr\Local Settings\Application Data\prvlcl.dat
[2010/06/22 19:32:22 | 007,585,246 | ---- | M] () -- C:\Documents and Settings\Mr\My Documents\Recorded Audio Jun-22-2010 07-31-39 PM.wav
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

========== Files Created - No Company Name ==========

[2010/07/18 01:09:29 | 000,164,864 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\Updates to Perform.doc
[2010/07/18 00:47:38 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/07/17 23:51:25 | 079,595,288 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\jdk-6u21-windows-i586.exe
[2010/07/17 23:03:19 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\JavaRa.zip
[2010/07/17 17:18:12 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/17 17:18:12 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/16 23:00:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/07/16 22:40:30 | 000,012,990 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\ct1.JPG
[2010/07/16 13:39:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\hasp_windows.dll
[2010/07/16 13:39:07 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\pavedius.dll
[2010/07/15 09:30:40 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm.install_backup
[2010/07/15 09:30:37 | 061,996,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm.install_backup
[2010/07/15 09:30:37 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg.install_backup
[2010/07/15 09:30:37 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg.install_backup
[2010/07/15 09:30:36 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg.install_backup
[2010/07/15 00:07:55 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\RegistryEasy.lie
[2010/07/15 00:07:24 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\Registry Easy.lnk
[2010/07/15 00:00:17 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Mr\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/15 00:00:17 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/14 23:55:04 | 000,000,964 | ---- | C] () -- C:\Documents and Settings\Mr\Application Data\Microsoft\Internet Explorer\Quick Launch\Your Uninstaller! 2008.lnk
[2010/07/14 23:55:04 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\Your Uninstaller! 2008.lnk
[2010/07/13 23:12:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/13 14:19:43 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/07/13 14:19:33 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/07/13 13:47:00 | 000,001,460 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\DivX Movies.lnk
[2010/07/12 12:41:39 | 000,000,040 | ---- | C] () -- C:\Auth.prof
[2010/07/08 21:42:04 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Mr\Desktop\AV Video Karaoke Maker.lnk
[2010/07/08 21:17:02 | 000,100,352 | ---- | C] () -- C:\Documents and Settings\Mr\My Documents\AV karaoke.doc
[2010/07/08 20:37:45 | 009,005,002 | ---- | C] () -- C:\WINDOWS\xuat.scr
[2010/07/08 10:33:18 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei4
[2010/07/08 10:33:18 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\Datei2
[2010/07/08 10:33:18 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei3
[2010/07/08 10:33:18 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei7
[2010/07/08 10:33:18 | 000,000,469 | ---- | C] () -- C:\WINDOWS\System32\Datei5
[2010/07/08 10:33:18 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei9
[2010/07/08 10:33:18 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei8
[2010/07/08 10:33:18 | 000,000,467 | ---- | C] () -- C:\WINDOWS\System32\Datei10
[2010/07/08 10:33:18 | 000,000,465 | ---- | C] () -- C:\WINDOWS\System32\Datei6
[2010/07/08 10:33:17 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Datei1
[2010/07/08 10:33:17 | 000,000,468 | ---- | C] () -- C:\WINDOWS\System32\Datei0
[2010/07/08 10:15:54 | 000,147,425 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Aide.chm
[2010/07/08 10:15:54 | 000,120,468 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Hilfe.chm
[2010/07/08 10:15:54 | 000,114,279 | ---- | C] () -- C:\WINDOWS\System32\SYNSOACC-Help.chm
[2010/07/06 00:32:50 | 003,382,784 | ---- | C] () -- C:\Documents and Settings\Mr\My Documents\Doc1.doc
[2010/07/04 18:56:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/07/04 18:53:38 | 000,000,011 | ---- | C] () -- C:\WINDOWS\kdcoms.dll
[2010/06/29 12:21:33 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\Mr\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010/06/22 19:31:39 | 007,585,246 | ---- | C] () -- C:\Documents and Settings\Mr\My Documents\Recorded Audio Jun-22-2010 07-31-39 PM.wav
[2010/05/22 08:44:16 | 007,577,600 | ---- | C] () -- C:\WINDOWS\System32\vaengine.dll
[2010/05/21 10:38:22 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2010/05/21 10:29:02 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\macd32.dll
[2010/05/21 10:29:02 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2010/05/21 10:29:02 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mamc32.dll
[2010/05/21 10:29:02 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\masd32.dll
[2010/05/21 10:29:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2010/05/21 10:16:24 | 000,194,248 | ---- | C] () -- C:\WINDOWS\System32\LTRFD13n.DLL
[2010/05/19 23:07:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2010/05/19 12:34:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/18 23:02:49 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010/05/18 23:02:49 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010/05/18 23:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010/05/18 23:02:49 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010/05/18 23:02:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010/05/18 23:02:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010/05/18 15:43:16 | 000,000,263 | ---- | C] () -- C:\WINDOWS\ui_bitmapviewer.ini
[2010/05/18 15:42:05 | 000,008,164 | ---- | C] () -- C:\WINDOWS\NUGRAF.INI
[2010/05/18 15:41:40 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/12/07 16:21:59 | 004,124,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysLib3.sys
[2009/12/07 16:21:57 | 017,241,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysLib2.sys
[2009/12/07 16:21:57 | 001,628,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysLib1.sys
[2009/12/07 16:21:56 | 033,569,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysLib0.sys
[2009/12/07 13:18:29 | 000,000,022 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2009/12/07 12:17:29 | 000,000,126 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/04 14:47:04 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/04 13:16:15 | 056,587,142 | ---- | C] () -- C:\WINDOWS\System32\drivers\SysLib.sys
[2008/12/04 13:16:15 | 000,049,189 | ---- | C] () -- C:\WINDOWS\System32\drivers\BkavAuto.sys
[2008/12/04 12:55:29 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008/12/04 12:52:58 | 000,019,609 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/04 12:52:57 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/04 12:52:45 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/08/25 15:17:16 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ComRc.dll
[2004/12/20 18:24:03 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2004/08/10 17:23:46 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\mp3dec.dll
[2004/08/04 08:07:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2003/10/17 13:59:12 | 007,577,600 | ---- | C] () -- C:\WINDOWS\System32\vaesaver.dll
[2003/05/30 19:23:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\dcmesbox.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI

========== Custom Scans ==========


< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/12/04 04:34:31 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/12/04 04:34:31 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/12/04 04:34:31 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.sys >
[2004/08/04 08:07:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2004/08/04 08:07:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2004/08/04 08:07:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2004/08/04 08:07:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2004/08/04 08:07:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2005/01/03 13:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\npptNT2.sys
[2004/08/04 08:07:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2004/08/04 08:07:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2004/08/04 08:07:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2004/08/04 08:07:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2004/08/04 08:07:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2004/08/04 08:07:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2004/08/04 08:07:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2004/08/04 08:07:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2004/08/04 08:07:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2004/08/04 08:07:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2007/11/30 17:30:42 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2007/11/30 18:24:08 | 001,843,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2007/12/01 00:25:28 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2007/12/01 00:25:28 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2007/12/01 00:25:28 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2007/12/01 00:25:28 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2007/12/01 00:25:28 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2007/12/01 00:25:28 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2007/12/01 00:25:28 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2007/12/01 00:25:30 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2007/12/01 00:25:30 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2007/12/01 00:25:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2007/12/01 00:25:30 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2007/12/01 00:25:30 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2007/12/01 00:25:30 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2007/12/01 00:25:56 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2007/12/01 00:26:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2009/12/07 13:25:12 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/07/12 12:41:39 | 000,000,040 | ---- | M] () -- C:\Auth.prof
[2008/12/04 12:42:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/04 12:39:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2008/12/04 12:42:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/04 12:42:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/17 23:55:09 | 000,006,595 | ---- | M] () -- C:\JavaRa.log
[2008/12/04 12:42:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:07:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/08 09:27:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/18 00:09:03 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/07/02 21:42:56 | 000,001,367 | ---- | M] () -- C:\photodex-presenter-install.log
[2010/07/18 01:09:59 | 000,019,067 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2010/06/21 20:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\3D-Album-CS
[2009/12/05 13:19:42 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2010/07/18 00:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/05/20 17:07:31 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe Media Player
[2010/05/18 11:27:40 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2009/12/07 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2009/12/07 17:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\AskSearch
[2010/05/19 12:05:03 | 000,000,000 | ---D | M] -- C:\Program Files\AskTBar
[2010/05/18 15:51:05 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2010/07/08 22:44:41 | 000,000,000 | ---D | M] -- C:\Program Files\AV Video Karaoke Maker
[2010/06/29 11:35:57 | 000,000,000 | ---D | M] -- C:\Program Files\Avid
[2010/05/18 15:40:00 | 000,000,000 | ---D | M] -- C:\Program Files\Bionatics
[2010/05/18 16:56:24 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2010/07/07 11:39:14 | 000,000,000 | ---D | M] -- C:\Program Files\Cakewalk
[2010/07/17 23:54:09 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/12/04 12:40:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/06/16 10:37:20 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2010/05/18 11:01:12 | 000,000,000 | ---D | M] -- C:\Program Files\Corel
[2010/05/21 10:08:10 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2010/07/13 14:19:49 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2009/12/07 13:10:02 | 000,000,000 | ---D | M] -- C:\Program Files\FarStone
[2009/12/07 17:21:47 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2010/05/19 16:24:12 | 000,000,000 | ---D | M] -- C:\Program Files\Free FLV Player
[2010/07/15 14:48:48 | 000,000,000 | ---D | M] -- C:\Program Files\GoldWave
[2010/07/16 13:39:07 | 000,000,000 | ---D | M] -- C:\Program Files\Grass Valley
[2010/07/16 13:39:06 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/12/04 12:53:45 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/05/19 09:29:08 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Download Manager
[2010/05/18 14:28:59 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/05/18 23:02:39 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2010/05/27 06:51:48 | 000,000,000 | ---D | M] -- C:\Program Files\iOrgSoft
[2010/07/17 23:52:59 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2010/06/22 19:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\JetAudio
[2010/07/13 23:28:17 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/08 09:33:32 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2008/12/04 14:46:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft ActiveSync
[2010/05/18 10:27:21 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Analysis Services
[2008/12/04 12:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/12/04 14:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2010/05/18 10:26:57 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server
[2009/12/07 12:16:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2008/12/04 14:46:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2010/05/18 15:52:34 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft WSE
[2009/12/08 09:32:49 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/07/17 16:08:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/05/18 14:32:01 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/12/04 12:40:02 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2008/12/04 12:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2010/06/29 20:03:03 | 000,000,000 | ---D | M] -- C:\Program Files\mtd9
[2010/05/19 12:17:33 | 000,000,000 | ---D | M] -- C:\Program Files\Nero
[2009/12/08 09:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2010/05/18 21:35:31 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2010/05/18 15:41:38 | 000,000,000 | ---D | M] -- C:\Program Files\NuGraf
[2008/12/04 12:40:34 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2010/07/15 14:47:59 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2009/12/08 09:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2010/07/02 21:40:22 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex
[2010/07/17 07:53:54 | 000,000,000 | ---D | M] -- C:\Program Files\Photodex Presenter
[2010/06/29 11:36:34 | 000,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2010/07/15 00:30:53 | 000,000,000 | ---D | M] -- C:\Program Files\PopCap Games
[2010/05/18 11:27:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/12/04 12:56:56 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek
[2010/05/18 14:30:06 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/15 00:21:13 | 000,000,000 | ---D | M] -- C:\Program Files\Registry Easy
[2010/05/21 10:26:11 | 000,000,000 | ---D | M] -- C:\Program Files\SmartSound Software
[2010/06/16 10:47:54 | 000,000,000 | ---D | M] -- C:\Program Files\Softonic-Eng7
[2010/07/07 11:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2010/05/18 22:45:22 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2010/07/09 00:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2010/07/17 23:53:11 | 000,000,000 | ---D | M] -- C:\Program Files\Sun
[2010/07/17 00:13:22 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec
[2010/07/17 00:15:03 | 000,000,000 | ---D | M] -- C:\Program Files\Symantec AntiVirus
[2010/07/08 10:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2010/05/18 15:53:03 | 000,000,000 | ---D | M] -- C:\Program Files\Turbo Squid Tentacles
[2010/07/17 07:54:59 | 000,000,000 | ---D | M] -- C:\Program Files\TypingMaster
[2010/07/13 10:58:47 | 000,000,000 | ---D | M] -- C:\Program Files\UltraISO
[2009/12/07 12:42:50 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/12/04 12:56:18 | 000,000,000 | ---D | M] -- C:\Program Files\VIA
[2010/05/22 08:45:52 | 000,000,000 | ---D | M] -- C:\Program Files\visviva
[2010/05/18 22:49:58 | 000,000,000 | ---D | M] -- C:\Program Files\VSTplugins
[2009/12/07 12:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\Web Publish
[2010/05/28 09:24:11 | 000,000,000 | ---D | M] -- C:\Program Files\Winamp
[2010/05/18 11:24:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2010/05/18 11:26:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2009/12/08 09:29:20 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/12/04 12:42:09 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/12/08 09:27:04 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/05/21 16:42:03 | 000,000,000 | ---D | M] -- C:\Program Files\WS_FTP Pro
[2008/12/04 12:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2010/05/18 22:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2008/12/04 14:06:37 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/07/14 23:59:14 | 000,000,000 | ---D | M] -- C:\Program Files\Your Uninstaller 2008

< %appdata%\*.* >
[2008/12/04 04:35:43 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Mr\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2007/11/30 17:31:08 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=A42ABFAEE59A1DC0E47014E7B5D76AD6 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2007/11/30 17:24:44 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=335BB30ED68CF3DC0EE2BDDB438B6A9B -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/04 13:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:07:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2007/11/30 17:25:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=023712144C69E60FCB662CDA2715BF16 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2007/11/30 17:25:02 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=023712144C69E60FCB662CDA2715BF16 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2007/12/01 00:25:36 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=086FFA8479114AE3ECE616D7EB848577 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2007/12/01 00:25:48 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=327309E36308F9DFB8D4699DF384D421 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2007/12/01 00:25:52 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=625D7B39B09AB60A683AF4B95575056E -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:usbstor.sys
[2007/12/01 00:36:18 | 019,995,189 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:usbstor.sys
[2007/11/30 17:31:26 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=E3EEF7AE5105A9F99B1807031EDB4171 -- C:\WINDOWS\ServicePackFiles\i386\usbstor.sys
[2007/11/30 17:31:26 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=E3EEF7AE5105A9F99B1807031EDB4171 -- C:\WINDOWS\system32\dllcache\usbstor.sys
[2007/11/30 17:31:26 | 000,026,368 | ---- | M] (Microsoft Corporation) MD5=E3EEF7AE5105A9F99B1807031EDB4171 -- C:\WINDOWS\system32\drivers\USBSTOR.SYS

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\explorer.exe:SummaryInformation
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B3D74A13
< End of report >

OTL Extras logfile created on: 7/18/2010 1:12:46 AM - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Mr\Desktop
Windows XP Professional Edition Service Pack 3, v.3264 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.3264)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.55 Gb Total Space | 0.51 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive D: | 85.31 Gb Total Space | 8.72 Gb Free Space | 10.23% Space Free | Partition Type: NTFS
Drive E: | 34.18 Gb Total Space | 30.29 Gb Free Space | 88.60% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAY01
Current User Name: Mr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2009 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe" = C:\Program Files\Avid\Avid Liquid 7\Program\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod" = C:\Program Files\Avid\Avid Liquid 7\Program\StudioU.mod:*:Enabled:Liquid -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\AVG\AVG9\avgemc.exe" = C:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max 2009 32-bit
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe Extendscript Toolkit 2
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22AFFED5-F914-41E1-842C-6B51EFEEB66F}" = EASYnatMAX
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max 2009 32-bit ProMaterials™ Library
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max 2009 32-bit Movies
"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}" = EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3938850F-423F-4C13-AC64-655387539156}" = TitleDeko
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4C4D25EB-6513-4702-8355-F4194DE2E1D9}" = Waves 4.0
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{690D1794-6D7C-4A55-8371-17BAC69C66CE}" = DiscAPI (Liquid)
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}" = Sony Sound Forge 8.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A21684A9-64C9-4714-AF1D-15D9C8CE5EBF}" = NuGraf/PolyTrans Demo Installer
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max 2009 32-bit Architectural Materials Library
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC398BC-7E02-4660-B73C-9E62A8A9744D}" = RPC Plug-in for 3ds Max 2009
"{CEF37035-C1BB-4174-8175-1E878435F61A}" = RAPID (Liquid)
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FBCB2E21-9D56-4692-9369-2E1969E6F4B0}" = RPC Content
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Ask Toolbar_is1" = Foxit Toolbar
"AskTBar Uninstall" = Ask Toolbar
"Cakewalk SONAR v3.1 Producer Edition" = Cakewalk SONAR v3.1 Producer Edition
"Cakewalk VST Adapter v4.xx" = Cakewalk VST Adapter v4.xx
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Dynomite Deluxe 2.71" = Dynomite Deluxe 2.71
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{A21684A9-64C9-4714-AF1D-15D9C8CE5EBF}" = NuGraf/PolyTrans Demo Installer
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MsJavaVM" = Microsoft VM for Java
"Registry Easy_is1" = Registry Easy v5.6
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/14/2010 1:38:58 PM | Computer Name = MAY01 | Source = MsiInstaller | ID = 11706
Description = Product: Adobe Premiere Pro 2.0 -- Error 1706.No valid source could
be found for product Adobe Premiere Pro 2.0. The Windows Installer cannot continue.

Error - 7/15/2010 1:14:37 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 7/15/2010 1:14:38 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/15/2010 1:14:38 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/15/2010 1:14:38 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/15/2010 1:14:38 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/15/2010 1:14:38 AM | Computer Name = MAY01 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 7/16/2010 1:08:42 AM | Computer Name = MAY01 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.5721.5145, faulting
module unknown, version 0.0.0.0, fault address 0x04399290.

Error - 7/16/2010 11:52:19 AM | Computer Name = MAY01 | Source = Symantec AntiVirus | ID = 16711726
Description =

Error - 7/16/2010 11:52:19 AM | Computer Name = MAY01 | Source = Symantec AntiVirus | ID = 16711731
Description =

[ System Events ]
Error - 7/17/2010 11:55:00 AM | Computer Name = MAY01 | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 7/17/2010 1:09:17 PM | Computer Name = MAY01 | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 7/17/2010 1:09:17 PM | Computer Name = MAY01 | Source = Service Control Manager | ID = 7000
Description = The AVG Free WatchDog service failed to start due to the following
error: %%3

Error - 7/17/2010 1:09:17 PM | Computer Name = MAY01 | Source = Service Control Manager | ID = 7001
Description = The AVG Free E-mail Scanner service depends on the AVG Free WatchDog
service which failed to start because of the following error: %%3

Error - 7/17/2010 1:09:18 PM | Computer Name = MAY01 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 SAVRT SAVRTPEL

Error - 7/17/2010 1:11:43 PM | Computer Name = MAY01 | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {DCBCA92E-7DBE-4EDA-8B7B-3AAEA4DD412B}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 7/17/2010 1:38:36 PM | Computer Name = MAY01 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.34 for the Network Card with network
address 002354504349 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 7/17/2010 1:49:19 PM | Computer Name = MAY01 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service helpsvc with
arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}

Error - 7/17/2010 2:13:25 PM | Computer Name = MAY01 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/17/2010 2:13:25 PM | Computer Name = MAY01 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2


< End of report >

Hi,

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  
• Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
  
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.
  

Dear Sneakyone,

I am sorry for the slow response, since I had problems with anti_virus program(s) in my PC, operation & turn off/on, conflicting among anti_virus programs ... etc... because of improper uninstalling/installing. Finally, I had to uninstall (all) anti_viruses programs in my PC (as I know how) in order to run ComboFix ...

And I am not sure that I did a proper uninstalling job ... since I look at the ComboFix log (for curiousity only & did not do anything yet), I still see these names: Symantec, BKAV ... etc... there. It is an indication that these anti_virus programs are still in my PC and I did not do a good job in uninstall them .

If it is possible, please help me/ give me instructions ... to wipe/clean all the anti_virus programs too, please
(I will do a fresh installing later & I intend to use Symantec)

Below is the ComboFix log

Regards,
SV
****

ComboFix 10-07-16.02 - Mr 07/21/2010 21:59:55.1.2 - x86
Running from: c:\documents and settings\Mr\desktop\commy.exe
Command switches used :: /stepdel
.
ADS - explorer.exe: deleted 88 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll
c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll
c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files\QuickTime\Plugins\npqtplugin2.dll
c:\program files\QuickTime\Plugins\npqtplugin3.dll
c:\program files\QuickTime\Plugins\npqtplugin4.dll
c:\program files\QuickTime\Plugins\npqtplugin5.dll
c:\program files\QuickTime\Plugins\npqtplugin6.dll
c:\program files\QuickTime\Plugins\npqtplugin7.dll
c:\windows\system32\vb6ko.dll
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\Fonts\Vn.Fon
c:\windows\kdcoms.dll
c:\windows\system\MSWINSCK.OCX
c:\windows\system\VI30AUT.DLL
c:\windows\system32\BkavAuto.vxd
c:\windows\system32\drivers\BkavAuto.sys
c:\windows\system32\drivers\RKHit.sys
c:\windows\system32\drivers\SysLib.sys
c:\windows\system32\drivers\SysLib0.sys
c:\windows\system32\drivers\SysLib2.sys
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BKAVAUTO
-------\Legacy_RKHIT
-------\Legacy_SSHNAS
-------\Legacy_SYSLIB
-------\Legacy_SysLib0
-------\Legacy_SysLib2
-------\Service_SysLib0
-------\Service_SysLib2


((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-20 19:09 . 2010-07-20 19:19 -------- d-----w- C:\commy4612c
2010-07-20 17:04 . 2010-07-20 17:06 -------- d-----w- C:\commy
2010-07-20 10:33 . 2010-07-20 10:33 3738809 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ComboFix_974\ComboFix.exe
2010-07-19 18:09 . 2010-07-19 18:18 -------- d-----w- c:\program files\Perfect Uninstaller
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\VS Revo Group
2010-07-19 06:43 . 2009-12-30 04:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\program files\VS Revo Group
2010-07-17 16:54 . 2010-07-17 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 16:53 . 2010-07-17 16:53 -------- d-----w- c:\program files\Sun
2010-07-17 16:52 . 2010-07-17 16:52 -------- d-----w- c:\program files\Java
2010-07-16 15:30 . 2010-07-20 03:24 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Symantec
2010-07-16 15:29 . 2005-05-13 12:50 91856 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-16 15:29 . 2005-05-13 12:50 123488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-16 06:46 . 2010-07-16 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Common Files\Grass Valley
2010-07-16 06:39 . 2007-08-24 09:09 3072 ----a-w- c:\windows\hasp_windows.dll
2010-07-16 06:39 . 2007-08-24 05:36 2560 ----a-w- c:\windows\system32\pavedius.dll
2010-07-15 07:52 . 2010-07-15 07:52 -------- d-----w- c:\documents and settings\Mr\Application Data\Cakewalk
2010-07-15 05:20 . 2010-07-15 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-15 05:14 . 2010-07-15 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-14 17:07 . 2010-07-14 17:21 -------- d-----w- c:\program files\Registry Easy
2010-07-14 16:55 . 2010-07-14 16:55 -------- d-----w- c:\documents and settings\Mr\Application Data\URSoft
2010-07-14 16:55 . 2010-07-20 15:48 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 16:55 . 2010-07-14 16:59 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-07-13 16:12 . 2010-04-29 08:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-13 16:12 . 2010-07-13 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-13 16:12 . 2010-04-29 08:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 14:57 . 2010-07-13 14:57 -------- d-----w- c:\documents and settings\Mr\Application Data\Malwarebytes
2010-07-13 14:57 . 2010-07-13 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-13 06:46 . 2010-07-13 06:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 04:28 . 2010-07-19 23:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 03:42 . 2010-07-13 03:42 -------- d-----w- c:\windows\Sun
2010-07-13 03:41 . 2010-07-13 03:41 503808 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcp71.dll
2010-07-13 03:41 . 2010-07-13 03:41 499712 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\jmc.dll
2010-07-13 03:41 . 2010-07-13 03:41 348160 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcr71.dll
2010-07-13 03:41 . 2010-07-13 03:41 61440 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-sse.dll
2010-07-13 03:41 . 2010-07-13 03:41 12800 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-d3d.dll
2010-07-13 03:41 . 2010-07-17 16:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 14:53 . 2010-07-08 14:53 -------- d-----w- c:\documents and settings\Mr\Application Data\Avnex
2010-07-08 14:42 . 2010-07-08 15:44 -------- d-----w- c:\program files\AV Video Karaoke Maker
2010-07-08 13:37 . 2010-07-08 13:37 9005002 ----a-w- c:\windows\xuat.scr
2010-07-08 03:33 . 2010-07-08 03:34 -------- d-----w- c:\documents and settings\Mr\Application Data\Steinberg
2010-07-08 03:27 . 2007-12-08 17:32 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2010-07-08 03:27 . 2007-12-08 17:32 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2010-07-08 03:27 . 2007-12-08 17:32 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 85504 ----a-w- c:\windows\system32\encdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2010-07-08 03:27 . 2007-12-08 17:32 61952 ----a-w- c:\windows\system32\decdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2010-07-08 03:27 . 2007-12-08 17:32 352768 ----a-w- c:\windows\system32\pngu3263.dll
2010-07-08 03:27 . 2007-12-08 17:32 131072 ----a-w- c:\windows\system32\pneng50.dll
2010-07-08 03:27 . 2007-12-08 17:32 130560 ----a-w- c:\windows\system32\pnc3250.dll
2010-07-08 03:27 . 2010-07-08 17:43 -------- d-----w- c:\program files\Steinberg
2010-07-08 03:16 . 2005-05-09 13:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2010-07-08 03:15 . 2005-11-03 05:17 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2010-07-08 03:15 . 2005-11-03 10:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-07-08 03:15 . 2010-07-08 03:15 -------- d-----w- c:\program files\Syncrosoft
2010-07-08 03:15 . 2005-11-08 13:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll
2010-07-08 03:15 . 2005-11-08 04:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- C:\Cakewalk Projects
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- c:\program files\Cakewalk
2010-07-07 04:38 . 2003-09-21 18:00 180224 ----a-w- c:\windows\system32\ReWire.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Netscape\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Mozilla\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:40 -------- d-----w- c:\documents and settings\Mr\Application Data\Netscape
2010-07-02 14:37 . 2010-07-02 14:37 -------- d-----w- c:\documents and settings\Mr\Application Data\Photodex
2010-06-26 10:02 . 2010-06-26 10:02 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Help
2010-06-23 09:16 . 2010-06-23 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 15:05 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\DMCache
2010-07-20 10:17 . 2009-12-07 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 00:39 . 2010-05-18 09:56 -------- d-----w- c:\program files\Bonjour
2010-07-19 17:40 . 2010-06-19 12:36 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DFEE94.tmp
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DF8D6F.tmp
2010-07-19 05:38 . 2010-07-19 05:36 1536 ----a-w- c:\windows\~DF816D.tmp
2010-07-19 05:25 . 2010-07-19 05:23 1536 ----a-w- c:\windows\~DFDBA5.tmp
2010-07-17 00:54 . 2010-05-19 16:07 -------- d-----w- c:\program files\TypingMaster
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-07-16 06:39 . 2008-12-04 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 17:36 . 2009-12-06 13:31 24 ----a-w- c:\windows\popcinfo.dat
2010-07-14 17:30 . 2009-12-06 13:33 -------- d-----w- c:\program files\PopCap Games
2010-07-14 17:19 . 2010-05-18 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-14 15:22 . 2010-05-25 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-13 07:20 . 2010-05-25 22:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 05:41 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\IDM
2010-07-08 11:49 . 2008-12-04 05:46 126912 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 04:38 . 2010-05-18 15:48 -------- d-----w- c:\program files\Sony
2010-06-29 04:36 . 2010-05-21 03:08 -------- d-----w- c:\program files\Pinnacle
2010-06-29 00:23 . 2010-05-19 02:02 0 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\prvlcl.dat
2010-06-22 12:32 . 2010-05-28 02:58 -------- d-----w- c:\program files\JetAudio
2010-06-21 13:45 . 2010-06-16 02:06 -------- d-----w- c:\documents and settings\Mr\Application Data\3D-Album
2010-06-16 13:39 . 2008-12-04 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-16 03:47 . 2010-06-16 03:37 -------- d-----w- c:\program files\Softonic-Eng7
2010-06-16 03:37 . 2010-06-16 03:37 -------- d-----w- c:\program files\Conduit
2010-06-15 00:23 . 2010-06-16 13:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-11 07:44 . 2010-05-19 15:58 -------- d-----w- c:\documents and settings\Mr\Application Data\MTD
2010-06-09 23:01 . 2010-07-13 07:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-13 07:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-13 07:19 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-07-13 07:19 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-13 07:19 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-05-18 04:09 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-03 16:23 . 2010-05-18 07:31 765976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-28 03:00 . 2010-05-28 03:00 -------- d-----w- c:\documents and settings\Mr\Application Data\COWON
2010-05-28 02:58 . 2010-05-28 02:58 -------- d-----w- c:\program files\Common Files\COWON
2010-05-28 02:24 . 2010-05-19 02:10 -------- d-----w- c:\program files\Winamp
2010-05-28 02:23 . 2010-05-26 23:45 -------- d-----w- c:\program files\Common Files\Common Share
2010-05-26 23:17 . 2010-05-26 23:17 -------- d-----w- c:\documents and settings\Mr\Application Data\Media Player Classic
2010-05-26 14:23 . 2010-05-21 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-05-26 14:11 . 2010-05-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-25 19:37 . 2010-05-25 19:36 -------- d-----w- c:\documents and settings\Mr\Application Data\DivX
2010-05-21 23:40 . 2004-08-04 01:07 1033728 ----a-w- c:\windows\explorer.exe
2010-05-21 17:17 . 2010-05-21 17:16 598224 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ADBEPHSPCS3_WWE_177\ADBEPHSPCS3_WWE.exe
2010-05-18 14:41 . 2010-05-18 14:40 1652025 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\IE8-WindowsXP-x86-ENU_11\IE8-WindowsXP-x86-ENU.exe
2010-05-18 14:37 . 2010-05-18 14:36 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-18 14:11 . 2010-05-18 14:11 0 ----a-w- c:\windows\nsreg.dat
2010-05-18 11:12 . 2010-05-18 11:12 198064 ----a-w- c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-18 08:52 . 2010-05-18 08:52 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-05-18 08:38 . 2010-05-18 08:38 2238 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{FBCB2E21-9D56-4692-9369-2E1969E6F4B0}\ARPPRODUCTICON.exe
2010-05-18 04:01 . 2010-05-18 03:56 65536 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-05-18 04:01 . 2010-05-18 03:56 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-07-07 04:03 2515552 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"Google Update"="c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-18 136176]
"UniKey"="d:\software me\unikey40RC2-1101-win32\UniKeyNT.exe" [2009-11-01 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-10 307200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

R0 FsUdf;FsUdf; [x]
R0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2009-12-08 1628160]
S1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys [2009-12-08 4124160]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 845184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 06:42]

2010-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003Core.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]

2010-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003UA.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 69.20.4.229:3128
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {930AE6CF-6BCC-4F58-AE0B-00E14CF8BA1D} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Mr\Application Data\Mozilla\Firefox\Profiles\lho8rogg.default\
FF - component: c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Mr\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
Notify-avgrsstarter - avgrsstx.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 22:05
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fd,40,ee,85,86,5b,25,83,20,65,32,da,37,7b,fd,65,14,0a,d1,75,6a,
dd,55,38,c6,37,e4,b7,ec,8a,ad,67,5a,b4,d8,9e,8a,eb,16,fb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c9
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1944)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Internet Download Manager\idmmkb.dll
d:\software me\unikey40RC2-1101-win32\UKHook40.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
c:\program files\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Completion time: 2010-07-21 22:07:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-21 15:07

Pre-Run: 2,396,942,336 bytes free
Post-Run: 4,727,218,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F1C8A8C88EF85320F09BAEA2DA70BA37


Last edited by song vam on 21st July 2010, 5:46 pm; edited 1 time in total (Reason for editing : corect typing)

Hi,

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Dear Sneakyone,

I followed your instruction to install Anti_Malwarebytes .. but my computer gave me this message & I can not run Anti_Malwarebytes. Please see pictures.





Please tell me what to do ...

Regards,
SV

Hi,

I have had that happen before and it worked fine, please continue with the installation and instructions and we will see what happens.

Sneakyone wrote:

Hi,

I have had that happen before and it worked fine, please continue with the installation and instructions and we will see what happens.

Dear Sneakyone,

I did go thru with the installing and when I try to Update or Scan the error (VbAccelerator Sgrid II Control) as showed in attached picture always comes up ... And the program (Anti_malwaresbytes) does not operate (when I press Update or Scan)

I try to uninstall & reinstall => the same thing happens (the program Anti_malwarebytes does not work/operate)

What should I do now ?

Hi,

Could you please run ComboFix again.

Sneakyone wrote:

Hi,

Could you please run ComboFix again.

Dear Sneakyone,

OK, I will run ComboFix again and will be back to report (post the ComboFix.log)

One more, I should report it to you ... Since the anti-malwarebytes does not work, I tried to uninstall & re-install it and this time this error came up (see picture please)



Regards,
SV

Dear Sneakyone,
Below is the rerun ComboFix's log
Regards,
SV
****

ComboFix 10-07-16.02 - Mr 07/23/2010 10:31:20.2.2 - x86
Running from: c:\documents and settings\Mr\desktop\commy.exe
Command switches used :: /stepdel
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\RKHit.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RKHIT


((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-20 19:09 . 2010-07-20 19:19 -------- d-----w- C:\commy4612c
2010-07-20 17:04 . 2010-07-20 17:06 -------- d-----w- C:\commy
2010-07-20 10:33 . 2010-07-20 10:33 3738809 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ComboFix_974\ComboFix.exe
2010-07-19 18:09 . 2010-07-19 18:18 -------- d-----w- c:\program files\Perfect Uninstaller
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\VS Revo Group
2010-07-19 06:43 . 2009-12-30 04:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-07-19 06:43 . 2010-07-19 06:43 -------- d-----w- c:\program files\VS Revo Group
2010-07-17 16:54 . 2010-07-17 16:54 -------- d-----w- c:\program files\Common Files\Java
2010-07-17 16:53 . 2010-07-17 16:53 -------- d-----w- c:\program files\Sun
2010-07-17 16:52 . 2010-07-17 16:52 -------- d-----w- c:\program files\Java
2010-07-16 15:30 . 2010-07-20 03:24 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Symantec
2010-07-16 06:46 . 2010-07-16 06:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Grass Valley
2010-07-16 06:39 . 2010-07-16 06:39 -------- d-----w- c:\program files\Common Files\Grass Valley
2010-07-16 06:39 . 2007-08-24 09:09 3072 ----a-w- c:\windows\hasp_windows.dll
2010-07-16 06:39 . 2007-08-24 05:36 2560 ----a-w- c:\windows\system32\pavedius.dll
2010-07-15 07:52 . 2010-07-15 07:52 -------- d-----w- c:\documents and settings\Mr\Application Data\Cakewalk
2010-07-15 05:20 . 2010-07-15 05:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-07-15 05:14 . 2010-07-15 05:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-14 17:07 . 2010-07-14 17:21 -------- d-----w- c:\program files\Registry Easy
2010-07-14 16:55 . 2010-07-14 16:55 -------- d-----w- c:\documents and settings\Mr\Application Data\URSoft
2010-07-14 16:55 . 2010-07-22 02:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-14 16:55 . 2010-07-14 16:59 -------- d-----w- c:\program files\Your Uninstaller 2008
2010-07-13 14:57 . 2010-07-13 14:57 -------- d-----w- c:\documents and settings\Mr\Application Data\Malwarebytes
2010-07-13 06:46 . 2010-07-13 06:46 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-13 06:46 . 2010-07-13 06:46 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-13 04:28 . 2010-07-23 01:28 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-13 03:42 . 2010-07-13 03:42 -------- d-----w- c:\windows\Sun
2010-07-13 03:41 . 2010-07-13 03:41 503808 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcp71.dll
2010-07-13 03:41 . 2010-07-13 03:41 499712 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\jmc.dll
2010-07-13 03:41 . 2010-07-13 03:41 348160 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6a81bd30-n\msvcr71.dll
2010-07-13 03:41 . 2010-07-13 03:41 61440 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-sse.dll
2010-07-13 03:41 . 2010-07-13 03:41 12800 ----a-w- c:\documents and settings\Mr\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-24e6d022-n\decora-d3d.dll
2010-07-13 03:41 . 2010-07-17 16:53 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-08 14:53 . 2010-07-08 14:53 -------- d-----w- c:\documents and settings\Mr\Application Data\Avnex
2010-07-08 14:42 . 2010-07-08 15:44 -------- d-----w- c:\program files\AV Video Karaoke Maker
2010-07-08 13:37 . 2010-07-08 13:37 9005002 ----a-w- c:\windows\xuat.scr
2010-07-08 03:33 . 2010-07-08 03:34 -------- d-----w- c:\documents and settings\Mr\Application Data\Steinberg
2010-07-08 03:27 . 2007-12-08 17:32 87040 ----a-w- c:\windows\system32\ra32sipr.dll
2010-07-08 03:27 . 2007-12-08 17:32 72704 ----a-w- c:\windows\system32\ra3228_8.dll
2010-07-08 03:27 . 2007-12-08 17:32 21504 ----a-w- c:\windows\system32\ra32dnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 85504 ----a-w- c:\windows\system32\encdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 81920 ----a-w- c:\windows\system32\ra3214_4.dll
2010-07-08 03:27 . 2007-12-08 17:32 61952 ----a-w- c:\windows\system32\decdnet.dll
2010-07-08 03:27 . 2007-12-08 17:32 487936 ----a-w- c:\windows\system32\rmbe3260.dll
2010-07-08 03:27 . 2007-12-08 17:32 352768 ----a-w- c:\windows\system32\pngu3263.dll
2010-07-08 03:27 . 2007-12-08 17:32 131072 ----a-w- c:\windows\system32\pneng50.dll
2010-07-08 03:27 . 2007-12-08 17:32 130560 ----a-w- c:\windows\system32\pnc3250.dll
2010-07-08 03:27 . 2010-07-08 17:43 -------- d-----w- c:\program files\Steinberg
2010-07-08 03:16 . 2005-05-09 13:08 33792 ----a-w- c:\windows\system32\drivers\cledx.sys
2010-07-08 03:15 . 2005-11-03 05:17 16896 ----a-w- c:\windows\system32\drivers\synasUSB.sys
2010-07-08 03:15 . 2005-11-03 10:14 45056 ----a-w- c:\windows\system32\Synsopos.exe
2010-07-08 03:15 . 2010-07-08 03:15 -------- d-----w- c:\program files\Syncrosoft
2010-07-08 03:15 . 2005-11-08 13:02 708608 ----a-w- c:\windows\system32\SYNSOACC.dll
2010-07-08 03:15 . 2005-11-08 04:20 147456 ----a-w- c:\windows\system32\SynsoLChk.dll
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- C:\Cakewalk Projects
2010-07-07 04:38 . 2010-07-07 04:39 -------- d-----w- c:\program files\Cakewalk
2010-07-07 04:38 . 2003-09-21 18:00 180224 ----a-w- c:\windows\system32\ReWire.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Netscape\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:42 131072 ----a-w- c:\documents and settings\Mr\Application Data\Mozilla\Plugins\npPxPlay.dll
2010-07-02 14:40 . 2010-07-02 14:40 -------- d-----w- c:\documents and settings\Mr\Application Data\Netscape
2010-07-02 14:37 . 2010-07-02 14:37 -------- d-----w- c:\documents and settings\Mr\Application Data\Photodex
2010-06-26 10:02 . 2010-06-26 10:02 -------- d-----w- c:\documents and settings\Mr\Local Settings\Application Data\Help
2010-06-23 09:16 . 2010-06-23 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 03:36 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\DMCache
2010-07-22 14:21 . 2008-12-04 05:42 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-21 17:47 . 2010-06-19 12:36 27630760 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\msgup1000_1270_us_u1.exe
2010-07-20 10:17 . 2009-12-07 08:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-20 00:39 . 2010-05-18 09:56 -------- d-----w- c:\program files\Bonjour
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DFEE94.tmp
2010-07-19 05:38 . 2010-07-19 05:38 1536 ----a-w- c:\windows\~DF8D6F.tmp
2010-07-19 05:38 . 2010-07-19 05:36 1536 ----a-w- c:\windows\~DF816D.tmp
2010-07-19 05:25 . 2010-07-19 05:23 1536 ----a-w- c:\windows\~DFDBA5.tmp
2010-07-17 00:54 . 2010-05-19 16:07 -------- d-----w- c:\program files\TypingMaster
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Snell & Wilcox Shared
2010-07-16 06:42 . 2010-07-16 06:42 -------- d-----w- c:\program files\Common Files\Canopus Shared
2010-07-16 06:39 . 2008-12-04 05:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-14 17:36 . 2009-12-06 13:31 24 ----a-w- c:\windows\popcinfo.dat
2010-07-14 17:30 . 2009-12-06 13:33 -------- d-----w- c:\program files\PopCap Games
2010-07-14 17:19 . 2010-05-18 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-07-14 15:22 . 2010-05-25 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-13 07:20 . 2010-05-25 22:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 05:41 . 2010-05-18 11:12 -------- d-----w- c:\documents and settings\Mr\Application Data\IDM
2010-07-08 11:49 . 2008-12-04 05:46 126912 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-07 04:38 . 2010-05-18 15:48 -------- d-----w- c:\program files\Sony
2010-06-29 04:36 . 2010-05-21 03:08 -------- d-----w- c:\program files\Pinnacle
2010-06-29 00:23 . 2010-05-19 02:02 0 ----a-w- c:\documents and settings\Mr\Local Settings\Application Data\prvlcl.dat
2010-06-22 12:32 . 2010-05-28 02:58 -------- d-----w- c:\program files\JetAudio
2010-06-21 13:45 . 2010-06-16 02:06 -------- d-----w- c:\documents and settings\Mr\Application Data\3D-Album
2010-06-16 13:39 . 2008-12-04 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-06-16 03:47 . 2010-06-16 03:37 -------- d-----w- c:\program files\Softonic-Eng7
2010-06-16 03:37 . 2010-06-16 03:37 -------- d-----w- c:\program files\Conduit
2010-06-15 00:23 . 2010-06-16 13:39 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUPDATER\yupdater.exe
2010-06-11 07:44 . 2010-05-19 15:58 -------- d-----w- c:\documents and settings\Mr\Application Data\MTD
2010-06-09 23:01 . 2010-07-13 07:19 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2010-06-09 23:01 . 2010-07-13 07:19 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2010-06-09 23:01 . 2010-07-13 07:19 133616 ------w- c:\windows\system32\pxafs.dll
2010-06-09 23:01 . 2010-07-13 07:19 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-06-09 23:01 . 2010-07-13 07:19 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-06-09 23:01 . 2010-05-18 04:09 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-06-03 16:23 . 2010-05-18 07:31 765976 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-05-28 03:00 . 2010-05-28 03:00 -------- d-----w- c:\documents and settings\Mr\Application Data\COWON
2010-05-28 02:58 . 2010-05-28 02:58 -------- d-----w- c:\program files\Common Files\COWON
2010-05-28 02:24 . 2010-05-19 02:10 -------- d-----w- c:\program files\Winamp
2010-05-28 02:23 . 2010-05-26 23:45 -------- d-----w- c:\program files\Common Files\Common Share
2010-05-26 23:17 . 2010-05-26 23:17 -------- d-----w- c:\documents and settings\Mr\Application Data\Media Player Classic
2010-05-26 14:23 . 2010-05-21 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2010-05-26 14:11 . 2010-05-18 17:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2010-05-25 19:37 . 2010-05-25 19:36 -------- d-----w- c:\documents and settings\Mr\Application Data\DivX
2010-05-21 23:40 . 2004-08-04 01:07 1033728 ----a-w- c:\windows\explorer.exe
2010-05-21 17:17 . 2010-05-21 17:16 598224 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\ADBEPHSPCS3_WWE_177\ADBEPHSPCS3_WWE.exe
2010-05-18 14:41 . 2010-05-18 14:40 1652025 ----a-w- c:\documents and settings\Mr\Application Data\IDM\DwnlData\Mr\IE8-WindowsXP-x86-ENU_11\IE8-WindowsXP-x86-ENU.exe
2010-05-18 14:37 . 2010-05-18 14:36 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-05-18 14:11 . 2010-05-18 14:11 0 ----a-w- c:\windows\nsreg.dat
2010-05-18 11:12 . 2010-05-18 11:12 198064 ----a-w- c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-18 08:52 . 2010-05-18 08:52 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2010-05-18 08:38 . 2010-05-18 08:38 2238 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{FBCB2E21-9D56-4692-9369-2E1969E6F4B0}\ARPPRODUCTICON.exe
2010-05-18 04:01 . 2010-05-18 03:56 65536 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
2010-05-18 04:01 . 2010-05-18 03:56 10134 ----a-r- c:\documents and settings\Mr\Application Data\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-07-21_15.05.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 03:36 . 2010-07-23 03:36 16384 c:\windows\Temp\Perflib_Perfdata_798.dat
+ 2008-12-04 05:42 . 2010-07-22 14:21 2722 c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin
+ 2008-12-04 05:42 . 2010-07-22 14:21 8972 c:\windows\pchealth\helpctr\Config\Cntstore.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-07-07 04:03 2515552 ----a-w- c:\program files\Softonic-Eng7\tbSof1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}"= "c:\program files\Softonic-Eng7\tbSof1.dll" [2010-07-07 2515552]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-04-30 2799024]
"Google Update"="c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-05-18 136176]
"UniKey"="d:\software me\unikey40RC2-1101-win32\UniKeyNT.exe" [2009-11-01 261632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-21 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-21 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-21 137752]
"HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-08-15 30003200]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-28 286720]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"PinnacleDriverCheck"="c:\windows\system32\\PSDrvCheck.exe" [2004-03-10 406016]
"H2O"="c:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-10 307200]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"NexusServer"="c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

R0 FsUdf;FsUdf; [x]
R0 fvdscsi;fvdscsi;c:\windows\system32\DRIVERS\fvdscsi.sys [x]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\DRIVERS\A3AB.sys [2007-05-23 547744]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S1 SysLib1;SysLib1;c:\windows\System32\Drivers\SysLib1.sys [2009-12-08 1628160]
S1 SysLib3;SysLib3;c:\windows\System32\Drivers\SysLib3.sys [2009-12-08 4124160]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-09 65536]
S3 CLEDX;Team H2O CLEDX service;c:\windows\system32\DRIVERS\cledx.sys [2005-05-09 33792]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2008-07-25 845184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 06:42]

2010-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003Core.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-854245398-725345543-1003UA.job
- c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-18 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2405280
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 69.20.4.229:3128
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {930AE6CF-6BCC-4F58-AE0B-00E14CF8BA1D} = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\Mr\Application Data\Mozilla\Firefox\Profiles\lho8rogg.default\
FF - component: c:\documents and settings\Mr\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - plugin: c:\documents and settings\Mr\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\documents and settings\Mr\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-23 10:36
Windows 5.1.2600 Service Pack 3, v.3264 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):fd,40,ee,85,86,5b,25,83,20,65,32,da,37,7b,fd,65,14,0a,d1,75,6a,
dd,55,38,c6,37,e4,b7,ec,8a,ad,67,5a,b4,d8,9e,8a,eb,16,fb,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}]
@Denied: (Full) (Everyone)
"Model"=dword:000000c9
"Therad"=dword:00000009
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2528)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\WS_FTP Pro\nsftpch.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe
.
**************************************************************************
.
Completion time: 2010-07-23 10:38:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 03:38
ComboFix2.txt 2010-07-21 15:07

Pre-Run: 4,435,091,456 bytes free
Post-Run: 4,476,743,680 bytes free

- - End Of File - - E07B983D89D1679372C8D470DFEFD623

Hi,

Could you please try to install Malwarebytes now?

Hi Sneakyone,

I uninstall & reinstall Malwarebytes and see the same errors




Regards,
SV

Hi,

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
  
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
  
• Click OK.
  
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Dear Sneakyone,

I did the GMER Scan and below is the log file.

Regards
SV

*****

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-23 23:18:41
Windows 5.1.2600 Service Pack 3, v.3264
Running: gmer.exe; Driver: C:\DOCUME~1\Mr\LOCALS~1\Temp\pxtdypog.sys


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Fastfat \Fat A65D7D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\ContentTypeSniffers\VideoFilesContentSniffer@RelPattern *.asf?*.avi?*.divx?*.mov?*.mpeg?*.mpg?*.ogm?*.qt?*.rm?*.wmv?*.mkv?*.vob?*.m1v?*.m2v?*.swf?*.fli?*.flc?*.flic?*.dat?*.mp4?*.mpe?*.3gp?*.3g2?*.ts?*.tp?*.trp?*.k3g?*.flv?*.m4v?*.mpg?VIDEO\*.mpg?*.
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}@scansk 0xFD 0x40 0xEE 0x85 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@Model 201
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@Therad 9
Reg HKLM\SOFTWARE\Classes\CLSID\{c84960dc-4a37-4807-aaea-350ee721ddfe}@MData 0x73 0xD5 0xCF 0xB8 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- EOF - GMER 1.0.15 ----

Hi,

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

• Double-click the launch.exe or cureit.exe file and Allow to run the express scan
  
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  
• Once the short scan has finished, just let it cure whatever it finds...
  o Now, go to Settings >> Change Settings
  o Go to Actions tab >> under Objects section, change the settings to below
  Infected objects - Cure
  Incurable objects - Report
  Suspicious objects - Report
  o Don't change any other settings
  
• Start the scan again. This time, choose Complete Scan
  
• Click the green arrow button at the right, and the scan will start.
  
• After the scan finished, click Select all
  
• Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
  
• When the scan has finished, in the menu, click File and choose Save report list
  
• Save the report to your Desktop. The report will be called DrWeb.csv
  
• Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..
  

Dear Sneakyone,

I am sorry for late response ( I was out of town)
I am following your instructions to run Dr. Web Cure It
It found no virus as in the pictures and I can not "generate the report" required because nothing to choose => the buttons (select all , cure ... report ...) do not operate .

Below is the pictures => Please instruct me what to do next

# After the scan finished, click Select all
# Click on Cure and choose Report incurable (means take no actions.. Don't "move", or "rename" or "delete")
# When the scan has finished, in the menu, click File and choose Save report list
# Save the report to your Desktop. The report will be called DrWeb.csv
# Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

Hi.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

Dear Sneakyone,

Since from last instruction

# Post DrWeb.csv in your next reply (Open it as Notepad).. Do NOT reboot the computer yet..

My question
Do I close Dr. Web CureIt or not? (When I run ESET Online Scanner)

Regards,
SV

Yes please close it.

Dear Sneakyone,
I finished scanning my PC with ESET Online Scanner and the log file is below:
Regards,
SV
***

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.3264 (xpsp.071130-1425)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=547413f90892a744bdd0c1ef90c79633
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-27 12:55:36
# local_time=2010-07-27 07:55:36 (+0700, SE Asia Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3, v.3264
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=88973
# found=10
# cleaned=10
# scan_time=1512
C:\Program Files\AskTBar\bar\3.bin\A5POPSWT.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Program Files\Registry Easy\RegEasyCleanerUpdate.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\D\AutoRun.inf.vir Win32/AutoRun.VB.QH worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017291.DLL Win32/Toolbar.AskSBar application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017292.exe a variant of Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D2EC1658-917B-4601-B516-30ED508C78FF}\RP18\A0017293.exe Win32/Adware.RegistryEasy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\ident.txt IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\mirc.ini IRC/Zapchast.P trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\WINDOWS\system32\include\updater.ini IRC/Tedeto.A worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Hi.

Could you please try to install Malwarebytes now?

Sneakyone wrote:

Hi.

Could you please try to install Malwarebytes now?

Dear Sneakyone,

I did (installing Malwarebytes) as you told me to .... but still same error(s) as before



Please instruct me what to do next ..

Regards,
SV

1. Uninstall Malwarebytes' Anti-Malware using Add or Remove programs in the Control Panel.
2. Restart your computer (very important).
3. Download and run this utility.
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version from here.

Dear Sneakyone,

I followed your instruction very closely

1) I uninstalled Anti_Malwarebytes
2) Reboot my PC
3) Downloaded mbam-clean.exe & run it
4) Restarted the PC again, downloaded the latest Anti_Malwarebytes (from your link)

Result: The same error(s) show up as I reported before .

Hi.

Please follow the instructions on Section A Issue 15.

http://forums.malwarebytes.org/index.php?showtopic=10138

Hi Sneakyone,
After installing Microsoft Visual Basic 6.0 Common Controls , it asked for a restart, then I got into this BSOD ... and this message.

STOP: c000021a {Fatal System Error}
The Window Logon Process system process terminated unexpectedly with a status of 0x00000135 (0x00000000 0x00000000).
The system has been shut down."

I tried .. Windows in safe mode => same BSOD => Stuck???

I am on differrent PC to report to you here and do not know what to do next (with the dead PC)???

Any advice would be greatly appreciated .

Regards,
SV

Hi.

Please start up the computer, tap F8, then choose Last Known Good Configuration, then it should boot up.

After that, please system restore back to before you installed the thing that caused the BSOD then we will start from there.

Please tell me how this process goes.

Sneakyone wrote:

Hi.

Please start up the computer, tap F8, then choose Last Known Good Configuration, then it should boot up.

After that, please system restore back to before you installed the thing that caused the BSOD then we will start from there.

Please tell me how this process goes.

Hi Sneakyone,

I tried ..
Last Known Good Configuration
Safe mode
...
All go into BSOD mode

Regards,
SV

Hi.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Step 1: you need to get the appropriate burning software for this task.

Download ISOBurner

• This will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic.
  
• See the instructions page for more info.

Step 2: download the OTLPE REATOGO Windows Recovery Environment.

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Non-Microsoft
    
  • Press Run Scan to start the scan.
    
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    
  • Copy this file to your USB drive if you do not have internet connection on this system
    
  • Please post the contents of the OTL.txt file in your reply.

Dear Sneakyone,

Since I need my PC for working and the BSOD problem totally prevents me to use the PC => I could not wait, I used my pretty old back up (Acronis method) to restore, and of course, I lost some of my data as new application programs, some of my works ...etc.... But my computer seems working ok now...

I really appreciated your guidance (I have learned a lot from you) and your time spending to help me and others.

I wish you all the best.

Best regards,
SV

PS: All the best wishes to the staffs of GeekPolice as well. You guys have done an exellent job in helping others.

Hi.

Thanks for the nice comments, you're welcome, glad to help.