Free Malware Removal Forum

by **Pvy** » December 30th, 2010, 5:24 am

Description: A while ago i downloaded a fail torrent with a bad keygen and ended up running the .exe, hence the malware. The malware would Pop up this picture

after a while I would lose my internet connection for 2-3 seconds, and later on my sound drivers would end up disabled. I've ran Combofix a couple of times, and just ran Malware bytes in safe mode with no infections. The reason i'm posting this is, about a week ago i was playing minecraft using Java, and i just tried to play it again but i'd get this: Error: could not find Java Se runtime Environment

Here are my logs from Hijack this, I also have a Malwarebyte removal log if needed.

Code: Select all

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:14:05 AM, on 12/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mouse Driver\KMWDSrv.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mouse Driver\KMProcess.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.videotron.com/services/en/votre_compte/7_2_4.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll (file missing)
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (file missing)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [DivX Download Manager] "C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe" start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [IE8] rundll32 advpack.dll,LaunchINFSection IE8.INF,FirstUserStart (User 'Default user')
O4 - Startup: Refresh Icon Cache.lnk = C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Mouse Driver\KMWDSrv.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

--
End of file - 9821 bytes

Code: Select all

µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.4.1
Agere Systems PCI Soft Modem
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
Bonjour
Catalyst Control Center - Branding
Counter-Strike: Source
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
Download Updater (AOL LLC)
FL Studio 8
Full Tilt Poker
Garena 2010
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IL Download Manager
iTunes
Java(TM) 6 Update 23
K-Lite Codec Pack 5.5.1 (Basic)
League of Legends
Malwarebytes' Anti-Malware
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Windows Journal Viewer
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Opera 11.00
PDF Settings CS5
PowerISO
QuickTime
Rainmeter (remove only)
RCT3 Soaked
RocketDock 1.3.5
RollerCoaster Tycoon® 3
Security Update for 2007 Microsoft Office System (KB2277947)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB980376)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2251419)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Sereby's Updatepack - IE8 Addon Version 1.0.7
Spybot - Search & Destroy
StarCraft II
Steam
System Requirements Lab
System Requirements Lab CYRI
The Lord of the Rings FREE Trial 
The Sims™ 3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (KB2466076)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 9.0
Ventrilo Client
VIA Rhine-Family Fast Ethernet Adapter
Windows 7 Upgrade Advisor
Windows Easy Transfer for Windows 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinRAR archiver
Zombie Panic Source

by **deltalima** » December 30th, 2010, 3:58 pm

Checking your log - back soon.

by **deltalima** » December 30th, 2010, 4:16 pm

Hi Pvy,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

A while ago i downloaded a fail torrent with a bad keygen

It is a condition of receiving help on this forum that you remove any P2P programs (including µTorrent) and any cracked / keygen programs.

If you wish to continue then please remove the items mentioned above and then run the following scan.

CKScanner

Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
Double-click on CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved
Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.

Please download this tool from Microsoft.
Double click on MGADiag.exe to run it.
Click Continue.
The program will run. It takes a while to finish the diagnosis, please be patient.
Once done, click on Copy.
Open Notepad and paste the contents in the window.
Save this file and copy/paste it in your next reply.

by **Pvy** » January 1st, 2011, 8:19 am

Yeah i'll get on that soon, i haven't had much free time.

CK Scanner
CKScanner - Additional Security Risks - These are not necessarily bad
c:\applications\warcraft\tbr2keygen.exe
c:\applications\warcraft\tbr2keygen.laststate
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\program files\steam\steamapps\wil869\counter-strike source\cstrike\maps\cs_crackhouse.bsp
c:\program files\steam\steamapps\wil869\counter-strike source\cstrike\maps\cs_crackhouse.nav
c:\program files\steam\steamapps\wil869\counter-strike source\cstrike\maps\soundcache\cs_crackhouse.cache
c:\program files\steam\steamapps\wil869\counter-strike source\cstrike\materials\concrete\prodwllecracked.vmt
scanner sequence 3.GL.11
----- EOF -----

MGA Diag
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Cryptographic Errors Detected
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-RKPMH-M2WFT-P4WQJ
Windows Product Key Hash: RQOITWLBzl1A5FKfiK7Q4hst0n8=
Windows Product ID: 76487-640-1457236-23965
Windows Product ID Type: 1
Windows License Type: Volume
Windows OS version: 5.1.2600.2.00010100.3.0.pro
ID: {336EA1B4-2B4A-4625-BC89-078895FB85F4}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.40.0
Signed By: N/A, hr = 0x80004005
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-b063_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80004005
File Exists: Yes
Version: 1.9.40.0
WgaTray.exe Signed By: N/A, hr = 0x80004005
WgaLogon.dll Signed By: N/A, hr = 0x80004005

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{336EA1B4-2B4A-4625-BC89-078895FB85F4}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-P4WQJ</PKey><PID>76487-640-1457236-23965</PID><PIDType>1</PIDType><SID>S-1-5-21-1409082233-362288127-1417001333</SID><SYSTEM><Manufacturer>HP Pavilion 061</Manufacturer><Model>PC028A-ABA A620N</Model></SYSTEM><BIOS><Manufacturer>Phoenix Technologies, LTD</Manufacturer><Version> 3.10</Version><SMBIOSVersion major="2" minor="3"/><Date>20040726000000.000000+000</Date></BIOS><HWID>394B338F0184207F</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5956D4A4F7F5D86</Val><Hash>ljmzbOewGcZ06xkwLENahOtL/Rs=</Hash><Pid>89388-707-8192895-65195</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 106DD:Compaq Computer Corporation|106DD:Compaq Computer Corporation|106DD:Hewlett-Packard Company|10859:Hewlett-Packard Company
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A

by **deltalima** » January 1st, 2011, 12:49 pm

Hi Pvy,

You still have cracked / illegal software on your computer. Please remove all such software and run a new scan with CKscanner and post the log.

Scan with WVCheck:

Please download WVCheck and save it to the desktop.

Double click on WVCheck.exe and follow the prompts.
The scan may take some time depending on the Hard-Drive size.
Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.

by **Pvy** » January 3rd, 2011, 12:23 pm

Windows Validation Check
Version: 1.9.11.4
Log Created On: 1116_03-01-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows XP Service Pack 3
Windows Mode: Normal
Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2010-12-21 18:26:25
Last Success Time for Update Download: 2010-12-28 07:24:44
Last Success Time for Update Installation: 2010-12-28 10:39:56

WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------

WVCheck's File Dump
-----------------------
WVCheck found no known bad files.

WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.

WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 1123_03-01-2011 --------

by **deltalima** » January 3rd, 2011, 12:25 pm

Please run a new scan with CKscanner and post the log.

by **Pvy** » January 3rd, 2011, 12:28 pm

Came up with nothing.
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

by **deltalima** » January 3rd, 2011, 12:34 pm

Hi Pvy,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.

Double click on OTL.exe to run it.
Under Output, ensure that Minimal Output is selected.
Under Extra Registry section, select Use SafeList.
Click the Scan All Users checkbox.
Click on Run Scan at the top left hand corner.
When done, two Notepad files will open.
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized
Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Run Gmer again and click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

by **Pvy** » January 3rd, 2011, 1:20 pm

OTL logfile created on: 1/3/2011 11:42:58 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 70.82 Gb Free Space | 47.52% Space Free | Partition Type: NTFS

Computer Name: MATT-25F0F5C910 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Ventrilo\Ventrilo.exe (Flagship Industries, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Mouse Driver\StartAutorun.exe (UASSOFT.COM)
PRC - C:\Program Files\Mouse Driver\KMCONFIG.exe (UASSOFT.COM)
PRC - C:\Program Files\Mouse Driver\KMProcess.exe (UASSOFT.COM)
PRC - C:\Program Files\Mouse Driver\KMWDSrv.exe (UASSOFT.COM)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\RocketDock\RocketDock.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\RocketDock\RocketDock.dll ()

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (KMWDSERVICE) -- C:\Program Files\Mouse Driver\KMWDSrv.exe (UASSOFT.COM)

========== Driver Services (SafeList) ==========

DRV - (ManyCam) -- C:\WINDOWS\System32\DRIVERS\ManyCam.sys File not found
DRV - (GGSAFERDriver) -- C:\Program Files\Garena\plugins\UI\safedrv.sys File not found
DRV - (GarenaPEngine) -- C:\DOCUME~1\Matt\LOCALS~1\Temp\IHX1B86.tmp File not found
DRV - (fywxmtwk) -- C:\WINDOWS\System32\drivers\njdkn.sys File not found
DRV - (dump_wmimmc) -- C:\ijji\ENGLISH\Gunz\GameGuard\dump_wmimmc.sys File not found
DRV - (catchme) -- C:\DOCUME~1\Matt\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (xusb21) -- C:\WINDOWS\system32\drivers\xusb21.sys (Microsoft Corporation)
DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (NPPTNT2) -- C:\WINDOWS\system32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll File not found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.videotron.com/services/en/vo ... /7_2_4.jsp
IE - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.ca
IE - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "NinjaVideo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6102
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.2.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/10 22:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/10 22:05:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 09:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/02 10:24:50 | 000,000,000 | ---D | M]

[2009/12/03 22:13:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Extensions
[2011/01/03 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions
[2010/12/17 23:34:37 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/04/27 14:53:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/11 22:40:14 | 000,000,000 | ---D | M] ("AIM Toolbar") -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/12/17 23:34:37 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions\anttoolbar@ant.com
[2010/10/11 22:40:09 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\extensions\personas@christopher.beard
[2010/04/08 14:34:13 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\searchplugins\aim-search.xml
[2010/12/30 08:17:33 | 000,001,945 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Mozilla\Firefox\Profiles\3abw7i0x.default\searchplugins\ninjavideo.xml
[2011/01/03 10:45:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/06 12:23:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/02 19:26:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/12 23:08:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/30 04:31:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/10 22:05:08 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010/12/10 22:05:08 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2010/12/30 04:31:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/30 04:31:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/12/28 07:03:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe File not found
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Refresh Icon Cache.lnk = C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/Messenger ... E_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Matt\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/03 22:01:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 11:42:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/01/01 09:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/12/30 16:48:26 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Matt\Desktop\MGADiag.exe
[2010/12/30 04:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/12/30 04:31:43 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/30 04:31:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/30 04:31:43 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/30 04:26:01 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/12/30 04:11:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Start Menu\Programs\HiJackThis
[2010/12/30 04:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/12/30 03:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/12/30 02:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/12/30 02:52:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\.minecraft
[2010/12/28 07:15:24 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/12/28 04:56:30 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/28 04:52:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/28 04:52:22 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/28 04:52:22 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/28 04:52:22 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/28 04:51:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/28 01:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\Malwarebytes
[2010/12/28 01:19:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/28 01:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/28 01:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/28 01:19:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/28 01:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/26 03:00:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2010/12/26 03:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/12/26 03:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/12/24 17:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Application Data\InfraRecorder
[2010/12/24 16:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/12/23 15:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2010/12/23 15:39:33 | 000,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/12/23 15:39:33 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/23 15:39:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/12/23 15:39:32 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/12/23 15:39:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/12/23 15:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/12/23 15:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/12/23 01:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/12/23 01:38:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2010/12/23 01:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/12/22 19:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/12/22 17:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/12/15 06:49:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2010/12/15 06:48:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/15 06:48:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2010/12/15 06:48:37 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/12/15 06:48:31 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/10 22:03:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2010/12/10 21:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/12/09 00:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\cache
[2010/12/09 00:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Matt\Local Settings\Application Data\FullTiltPoker
[2010/12/09 00:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Full Tilt Poker
[2010/12/09 00:15:38 | 000,000,000 | ---D | C] -- C:\Program Files\Full Tilt Poker
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/03 11:43:14 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\fg8ov6fe.exe
[2011/01/03 11:42:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Matt\Desktop\OTL.exe
[2011/01/03 11:16:29 | 003,514,235 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\WVCheck.exe
[2011/01/03 09:33:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/02 19:48:19 | 000,636,217 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\1294011807694.jpg
[2011/01/02 19:48:16 | 000,100,949 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\1294011872782.jpg
[2011/01/02 19:48:12 | 000,194,325 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\1294012548382.jpg
[2011/01/02 06:11:07 | 000,000,471 | ---- | M] () -- C:\WINDOWS\kaillera.ini
[2011/01/02 02:02:27 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MATT-25F0F5C910-Matt.job
[2011/01/01 09:43:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/30 16:48:27 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Matt\Desktop\MGADiag.exe
[2010/12/30 16:48:05 | 000,453,632 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\CKScanner.exe
[2010/12/30 04:40:30 | 000,000,072 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\minecraft.bat
[2010/12/30 04:31:24 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/12/30 04:31:24 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/12/30 04:31:24 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/30 04:31:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/12/30 04:13:29 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Matt\Desktop\HiJackThis.lnk
[2010/12/28 07:03:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/28 04:56:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/28 04:48:38 | 003,998,686 | R--- | M] () -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2010/12/28 02:29:39 | 000,000,490 | RHS- | M] () -- C:\Documents and Settings\Matt\ntuser.pol
[2010/12/24 17:09:43 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/24 16:07:41 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/23 16:55:57 | 003,761,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/23 16:52:21 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/23 16:40:41 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/23 16:40:41 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/23 16:15:00 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/12/22 02:33:11 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Adobe PNG Format CS5 Prefs
[2010/12/20 23:12:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/18 14:05:32 | 000,000,613 | ---- | M] () -- C:\Documents and Settings\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/12/10 21:55:40 | 733,900,800 | ---- | M] () -- C:\Documents and Settings\Matt\My Documents\Let.Me.In.2010.TRUEFRENCH.TS.MD.XviD-SERENiTY-wWw.Extreme-Down.Com.avi
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/03 11:43:14 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\fg8ov6fe.exe
[2011/01/03 11:16:24 | 003,514,235 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\WVCheck.exe
[2011/01/02 19:48:19 | 000,636,217 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\1294011807694.jpg
[2011/01/02 19:48:16 | 000,100,949 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\1294011872782.jpg
[2011/01/02 19:48:12 | 000,194,325 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\1294012548382.jpg
[2010/12/30 16:48:05 | 000,453,632 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\CKScanner.exe
[2010/12/30 04:45:09 | 000,000,072 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\minecraft.bat
[2010/12/30 04:11:41 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Matt\Desktop\HiJackThis.lnk
[2010/12/28 04:56:32 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/28 04:52:22 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/28 04:52:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/28 04:52:22 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/28 04:52:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/28 04:52:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/28 04:48:35 | 003,998,686 | R--- | C] () -- C:\Documents and Settings\Matt\Desktop\ComboFix.exe
[2010/12/10 21:56:23 | 733,900,800 | ---- | C] () -- C:\Documents and Settings\Matt\My Documents\Let.Me.In.2010.TRUEFRENCH.TS.MD.XviD-SERENiTY-wWw.Extreme-Down.Com.avi
[2010/11/29 15:02:39 | 000,202,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/24 10:22:27 | 000,000,187 | ---- | C] () -- C:\WINDOWS\stci.ini
[2010/07/28 22:04:35 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/01 18:57:35 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Matt\Application Data\Adobe PNG Format CS5 Prefs
[2010/04/02 14:20:15 | 000,000,471 | ---- | C] () -- C:\WINDOWS\kaillera.ini
[2010/03/11 22:47:18 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/03/11 22:45:36 | 000,197,120 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2010/02/11 17:32:32 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010/02/11 17:32:32 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010/02/11 17:32:32 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009/12/24 22:11:04 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/12/17 17:57:48 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/04 07:54:14 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\Matt\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/03 16:50:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/09/15 19:14:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86

< End of report >

OTL Extras logfile created on: 1/3/2011 11:42:58 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\Matt\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 70.82 Gb Free Space | 47.52% Space Free | Partition Type: NTFS

Computer Name: MATT-25F0F5C910 | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1409082233-362288127-1417001333-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"8378:TCP" = 8378:TCP:*:Enabled:League of Legends Launcher
"8378:UDP" = 8378:UDP:*:Enabled:League of Legends Launcher
"8379:TCP" = 8379:TCP:*:Enabled:League of Legends Launcher
"8379:UDP" = 8379:UDP:*:Enabled:League of Legends Launcher
"8380:TCP" = 8380:TCP:*:Enabled:League of Legends Launcher
"8380:UDP" = 8380:UDP:*:Enabled:League of Legends Launcher
"8370:TCP" = 8370:TCP:*:Enabled:League of Legends Launcher
"8370:UDP" = 8370:UDP:*:Enabled:League of Legends Launcher
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"8381:TCP" = 8381:TCP:*:Enabled:League of Legends Launcher
"8381:UDP" = 8381:UDP:*:Enabled:League of Legends Launcher
"6933:TCP" = 6933:TCP:*:Enabled:League of Legends Launcher
"6933:UDP" = 6933:UDP:*:Enabled:League of Legends Launcher

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\CCP\EVE\bin\ExeFile.exe" = C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe" = C:\Program Files\LucasArts\Star Wars Jedi Knight Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- File not found
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- File not found
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- File not found
"C:\Program Files\StarCraft II Beta\Versions\Base14133\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base14133\SC2.exe:*:Enabled:StarCraft II -- File not found
"C:\Program Files\ijji\ijji REACTOR\REACTOR.exe" = C:\Program Files\ijji\ijji REACTOR\REACTOR.exe:*:Enabled:Reactor Application -- File not found
"C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe" = C:\WINDOWS\Downloaded Program Files\ijjiOptimizer.exe:*:Enabled:ijjiOptimizer.exe -- ()
"C:\ijji\ENGLISH\Gunz\Gunz.exe" = C:\ijji\ENGLISH\Gunz\Gunz.exe:*:Enabled:Gunz -- File not found
"C:\Documents and Settings\Matt\Desktop\mameppk_bin_gcc-0.117-20070713\kaillerasrv.exe" = C:\Documents and Settings\Matt\Desktop\mameppk_bin_gcc-0.117-20070713\kaillerasrv.exe:*:Enabled:kaillerasrv -- File not found
"C:\Documents and Settings\Matt\Desktop\mameppk_bin_gcc-0.117-20070713\kaillera\kaillerasrv.exe" = C:\Documents and Settings\Matt\Desktop\mameppk_bin_gcc-0.117-20070713\kaillera\kaillerasrv.exe:*:Enabled:kaillerasrv -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found
"C:\Documents and Settings\Matt\Desktop\Diablo\redvex\redvx.exe" = C:\Documents and Settings\Matt\Desktop\Diablo\redvex\redvx.exe:*:Enabled:redvx -- File not found
"C:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\Program Files\DotAlicious Gaming Client\client.exe" = C:\Program Files\DotAlicious Gaming Client\client.exe:*:Enabled:client -- File not found
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe" = C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- File not found
"C:\Riot Games\League of Legends\air\LolClient.exe" = C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"C:\Riot Games\League of Legends\game\League of Legends.exe" = C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Program Files\Riot Games\League of Legends\air\LolClient.exe" = C:\Program Files\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby -- (Adobe Systems Inc.)
"C:\Program Files\Riot Games\League of Legends\game\League of Legends.exe" = C:\Program Files\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client -- ()
"C:\Documents and Settings\Matt\Desktop\StandAlone_09_10_2010\Air\LolClient.exe" = C:\Documents and Settings\Matt\Desktop\StandAlone_09_10_2010\Air\LolClient.exe:*:Enabled:League of Legends Lobby -- File not found
"C:\Documents and Settings\Matt\Desktop\StandAlone_09_10_2010\Game\League of Legends.exe" = C:\Documents and Settings\Matt\Desktop\StandAlone_09_10_2010\Game\League of Legends.exe:*:Enabled:League of Legends Game Client -- File not found
"C:\Documents and Settings\Matt\Local Settings\Temp\Blizzard Installer Bootstrap - 0090c825\Installer.exe" = C:\Documents and Settings\Matt\Local Settings\Temp\Blizzard Installer Bootstrap - 0090c825\Installer.exe:*:Enabled:Blizzard Installer -- File not found
"C:\Program Files\Steam\steamapps\wil869\counter-strike source\hl2.exe" = C:\Program Files\Steam\steamapps\wil869\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Documents and Settings\Matt\Local Settings\Temp\Blizzard Installer Bootstrap - 039fdcd6\Installer.exe" = C:\Documents and Settings\Matt\Local Settings\Temp\Blizzard Installer Bootstrap - 039fdcd6\Installer.exe:*:Enabled:Blizzard Downloader -- File not found
"C:\Program Files\Steam\steamapps\wil869\zombie panic! source\hl2.exe" = C:\Program Files\Steam\steamapps\wil869\zombie panic! source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe" = C:\Program Files\StarCraft II\Versions\Base16939\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0930F613-9331-972C-F07F-3E795214E65F}" = CCC Help Korean
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1B372CF9-7C2E-003C-3D90-37ACC8E41DA9}" = ccc-core-static
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC05942-BA18-BF55-DDF1-2978CEA4F009}" = CCC Help Finnish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2F7A7614-FB96-A328-8974-D234FA12B7A1}" = CCC Help Russian
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{334713BA-B8E7-4A60-988C-4110753A191E}" = ArcSoft Magic-i Visual Effects 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40444C12-5D96-90CF-03B8-068BD23BFF1A}" = CCC Help Swedish
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45E2473A-E45E-77AE-5049-8F55DF241E1C}" = CCC Help Czech
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA0E562-0E5B-DA6C-BC7B-37727786037B}" = CCC Help Dutch
"{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0
"{59FBD7A0-A5C8-22DC-A0FF-23236A5B0E1F}" = CCC Help Japanese
"{5D6E0656-C386-C2D2-3A8A-B2E0B74E8749}" = CCC Help Italian
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{770CE596-F3A5-D2F4-630A-6F4C0FBDACC2}" = CCC Help Chinese Traditional
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A0A5F8C-0526-F9EA-DA9C-ED2D41D5901E}" = CCC Help Hungarian
"{7A1EAF98-AF57-2766-0B12-8105A3514B06}" = Catalyst Control Center Core Implementation
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C29753D-CC92-17A7-EAA4-75529E5DBFBF}" = CCC Help Norwegian
"{7EC3589A-E496-ABC4-1E48-5EB0502D95DE}" = ccc-core-preinstall
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{999966B1-86A7-8A36-2242-8E0EAFC57C8B}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8B2F6F7-F6D3-24D6-1A55-050152EA8D29}" = CCC Help Turkish
"{A961C6FD-C583-45F6-A0A4-5E4376C29E41}" = Catalyst Control Center - Branding
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{ABD242CD-998F-4145-DF05-AFEB9FBD5CCD}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AD1EE65D-00BC-94F4-327F-91204818FC51}" = CCC Help German
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B426AB74-536F-2AC2-5447-42D9F9374674}" = ccc-utility
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8B63367-FCA7-C7A1-CB00-A1449CD80D0F}" = CCC Help French
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1BADED6-3D01-F0FF-D671-8D75D3FE2FD7}" = Catalyst Control Center Localization All
"{C2274248-9536-B9E2-0886-84BF1F292219}" = ATI Catalyst Install Manager
"{C230687B-745A-34FB-C501-543686AFD42B}" = CCC Help Greek
"{CBFEF652-FFC7-21AF-4984-50BA980DA73E}" = CCC Help Spanish
"{CD780B1C-23B1-1BA8-6F9B-CDCCFB88AFF9}" = Catalyst Control Center Graphics Full New
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0517921-0CC8-5EBE-4F44-F3AD4DA41CF6}" = CCC Help Danish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D81CEF26-01DA-4D23-4616-BC5A0E08DE05}" = CCC Help English
"{D8A21278-116D-DA21-1556-74EDAD5C48B2}" = Skins
"{D8EB271A-5063-2939-8411-B11404A7FB00}" = CCC Help Chinese Standard
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8843212-F0FC-4C3B-BFF3-D51829CB4F19}" = iTunes
"{EA7D8FBB-74EA-97D4-AF61-E8BEFC27E3A8}" = CCC Help Polish
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F79480EA-CD65-50BF-951F-95A39399857C}" = CCC Help Thai
"{F7F275A8-3B77-5723-DCBD-D4D1785D0CF7}" = CCC Help Portuguese
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FL Studio 8" = FL Studio 8
"Garena" = Garena 2010
"IE8" = Sereby's Updatepack - IE8 Addon Version 1.0.7
"IL Download Manager" = IL Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.5.1 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter (remove only)
"RocketDock_is1" = RocketDock 1.3.5
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StarCraft II" = StarCraft II
"Steam App 17500" = Zombie Panic Source
"Steam App 240" = Counter-Strike: Source
"uTorrent" = µTorrent
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WET7Cable" = Windows Easy Transfer for Windows 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2010 1:35:13 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/2/2010 1:35:13 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/2/2010 5:34:49 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/2/2010 5:34:49 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/2/2010 5:34:49 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 264: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/2/2010 5:34:49 PM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/4/2010 4:33:43 AM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/4/2010 4:33:43 AM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/4/2010 4:33:43 AM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 10/4/2010 4:33:43 AM | Computer Name = MATT-25F0F5C910 | Source = Bonjour Service | ID = 100
Description = 384: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 1/2/2011 8:01:24 AM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/2/2011 11:25:05 AM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/2/2011 11:26:20 AM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/2/2011 11:26:42 AM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/2/2011 1:53:19 PM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/2/2011 7:47:55 PM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2011 12:33:11 AM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2011 9:57:35 AM | Computer Name = MATT-25F0F5C910 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/3/2011 12:25:53 PM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 1/3/2011 12:26:59 PM | Computer Name = MATT-25F0F5C910 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-03 12:19:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 ST3160021A rev.3.08
Running: fg8ov6fe.exe; Driver: C:\DOCUME~1\Matt\LOCALS~1\Temp\kwwcypoc.sys

---- System - GMER 1.0.15 ----

SSDT AC435B16 ZwCreateKey
SSDT AC435B0C ZwCreateThread
SSDT AC435B1B ZwDeleteKey
SSDT AC435B25 ZwDeleteValueKey
SSDT AC435B2A ZwLoadKey
SSDT AC435AF8 ZwOpenProcess
SSDT AC435AFD ZwOpenThread
SSDT AC435B34 ZwReplaceKey
SSDT AC435B2F ZwRestoreKey
SSDT AC435B20 ZwSetValueKey
SSDT AC435B07 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB8F7B000, 0x22AD47, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\Explorer.EXE[188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\Explorer.EXE[188] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!LoadResource 7C80A055 7 Bytes JMP 2806C8A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!FindResourceExW 7C80AD28 7 Bytes JMP 2806C700 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!FindResourceW 7C80BC6E 7 Bytes JMP 2806C680 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!SizeofResource 7C80BD09 7 Bytes JMP 2806C950 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!FindResourceA 7C80BF29 7 Bytes JMP 2806C780 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!LockResource 7C80CD37 5 Bytes JMP 2806C9C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!CreateEventA 7C8308B5 5 Bytes JMP 2806C2E0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!FindResourceExA 7C835FA8 2 Bytes JMP 2806C810 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] kernel32.dll!FindResourceExA + 3 7C835FAB 4 Bytes [83, AB, CC, CC]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] ADVAPI32.dll!CryptDeriveKey 77DE9FFD 7 Bytes JMP 2806BDF0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 2806BE50 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!GetWindowLongW 7E4188A6 7 Bytes JMP 28070850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!PeekMessageW 7E41929B 2 Bytes JMP 2806E850 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!PeekMessageW + 3 7E41929E 2 Bytes [C5, A9]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!SetWindowPlacement 7E41DE46 5 Bytes JMP 2806FDC0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 2806FF10 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!LoadImageW 7E427B97 5 Bytes JMP 280705A0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 2806DDE0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!SetWindowRgn 7E42E528 7 Bytes JMP 2806FE60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!LoadIconW 7E42E8BC 5 Bytes JMP 28070720 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 28070140 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 2806EED0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 28074C60 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WS2_32.dll!send 71AB4C27 5 Bytes JMP 28074920 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 28074770 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WS2_32.dll!recv 71AB676F 5 Bytes JMP 28074640 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 28074A90 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] SHELL32.dll!Shell_NotifyIconW 7CA2A587 5 Bytes JMP 2806D550 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 2806CFA0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] ole32.dll!CoInitializeEx 77501473 5 Bytes JMP 2806CC20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] ole32.dll!CoRegisterClassObject 775179C0 5 Bytes JMP 2806CD20 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WININET.dll!InternetReadFile 3D94658B 5 Bytes JMP 280738C0 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WININET.dll!InternetCloseHandle 3D9490CA 5 Bytes JMP 28073A00 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WININET.dll!HttpOpenRequestA 3D94D558 5 Bytes JMP 28073760 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[1588] WININET.dll!HttpSendRequestA 3D95EED9 5 Bytes JMP 28073960 C:\Program Files\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Yuna Software)
.text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[2544] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[2544] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0088000A
.text C:\WINDOWS\System32\svchost.exe[2544] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00D8000A

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8983139B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8983139B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8983139B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8983139B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T1L0-10 8983139B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-8 8983139B
Device \Device\Ide\IdeDeviceP2T0L0-1b -> \??\IDE#DiskST3160021A______________________________3.08____#4a333353364a4b5a202020202020202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Threads - GMER 1.0.15 ----

Thread System [4:2456] 9B1721F0
Thread System [4:3004] 9B1721F0

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@RequireSignedAppInit_DLLs 1

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 13: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 33: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 34: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\LocalService\Cookies\system@spotxchange[3].txt 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\profile[2].json 223 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\profile[3].json 223 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\profile[4].json 223 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\profile[9].json 223 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\prWriteCode[1].js 42 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\adsCAGKAHTN 1347 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\adsCAY0VF20 647 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\json[4] 28 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LGN2YZ33\json[5] 28 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\100_sprite[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\border[1].swf 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\messina_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\me__59__normal[1].jpg 1026 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\65428_649238034762_15101498_35730197_944607_n_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\6cd42fb7-4e16-463b-ac26-3393c50671d3_normal[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\default_profile_5_normal[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\img_Ideacorner[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\snowflake_a[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\rb_cornertable1[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\TiaRawls_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\top_banner.png[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\27325916_jpeg_preview_medium[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\27428965_jpeg_preview_medium[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\ve_urwtypewritertmed[1].swf 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\rb_cornertable2[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\rm_linetable1[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\IMG_01446_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\img_home_arrow[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\img_home_header[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\img_hom_right[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\161263_100000869768677_7752635_q[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\161663_1237968740_4100625_q[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\161669_500113412_5189015_q[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\lotte_met_makeup_op_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\lt_cornertable1[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\ideabullet[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\Krawatte_3c_klein_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\footer.png[1].png 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\N1NJQEUO\DSC00600_normal[1].jpg 0 bytes
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\XW6T3Q23\snowflake_b[1].png 0 bytes

---- EOF - GMER 1.0.15 ----

by **deltalima** » January 3rd, 2011, 2:47 pm

Hi Pvy,

Run OTL Script

Double-click OTL.exe to start the program.

Copy and Paste the following code into the

textbox. Do not include the word Code

Code: Select all

:otl
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O3 - HKLM\..\Toolbar: (StylerToolBar) - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\WINDOWS\7SP_Files\Styler\TB\StylerTB.dll File not found
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-362288127-1417001333-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll File not found
O4 - HKLM..\Run: [DrvIcon] C:\WINDOWS\7SP_Files\Drive Icon\DrvIcon.exe File not found
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Matt\Start Menu\Programs\Startup\Refresh Icon Cache.lnk = C:\WINDOWS\7SP_Files\Refresh Icon Cache\Refresh Icon Cache.exe File not found
:commands
[EMPTYTEMP]
[REBOOT]

Then click the Run Fix button at the top.
Click .
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

ESET online scannner

Please go Here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology

Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

by **Cypher** » January 6th, 2011, 3:38 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.

Free Malware Removal Forum

Malware that disables my drivers.

Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Re: Malware that disables my drivers.

Who is online