Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

RUNDLL32 problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

RUNDLL32 problem

Unread postby keys365 » July 13th, 2010, 8:12 am

When I start up my computer SuperAntiSpyware tells me it has blocked a threat from running. It decribes it as Trojan.Agent RUNDLL32.EXE. How do I get rid of this. Thanks.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:57:32, on 13.07.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\AVG\AVG9\avgwdsvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
I:\WINDOWS\system32\HDDSvc.exe
I:\Program Files\Java\jre6\bin\jqs.exe
I:\Program Files\Sandboxie\SbieSvc.exe
I:\WINDOWS\system32\svchost.exe
I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
I:\WINDOWS\system32\SearchIndexer.exe
I:\Program Files\AVG\AVG9\avgnsx.exe
I:\Program Files\AVG\AVG9\avgrsx.exe
I:\Program Files\AVG\AVG9\avgchsvx.exe
I:\Program Files\AVG\AVG9\avgcsrvx.exe
I:\WINDOWS\Explorer.EXE
I:\PROGRA~1\AVG\AVG9\avgtray.exe
I:\Program Files\Sandboxie\SbieCtrl.exe
I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
I:\Program Files\Registry Clean Expert\RCHelper.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Belkin\Bluetooth Software\BTTray.exe
I:\Program Files\Windows Desktop Search\WindowsSearch.exe
I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
I:\Program Files\Creative Professional\Digital Audio System\E-MU PatchMix DSP\EmuPatchMixDSP.exe
I:\Program Files\Sandboxie\SandboxieRpcSs.exe
I:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\msiexec.exe
I:\WINDOWS\system32\SearchProtocolHost.exe
I:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [AVG9_TRAY] I:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Adobe ARM] "I:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SandboxieControl] "I:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Sony Ericsson PC Companion] "I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "I:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] I:\WINDOWS\system32\CTFMON.EXE
O4 - Startup: 4323569.lnk = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://I:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0960510546
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - I:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - I:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - I:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - I:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - I:\WINDOWS\system32\HDDSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - I:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - I:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: SessionLauncher - Unknown owner - I:\DOCUME~1\USER\LOCALS~1\Temp\DX9\SessionLauncher.exe (file missing)
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: TomTomHOMEService - TomTom - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 8809 bytes

2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acoustica CD/DVD Label Maker
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Audition 3.0
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Encore CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Reader 9.3.3
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
Advertising Center
Any Video Converter 3.0.5
Apple Software Update
AVG Free 9.0
Belkin Bluetooth Software
CCleaner
ConvertXtoDVD 2.2.3.258
Digital Audio System
DirectXInstallService
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DolbyFiles
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
Easy CD and DVD Cover Creator 4.13
EMC 10 Content
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON SX100 Series Printer Uninstall
FreeRIP v3.30
Hard Drive Inspector Professional 2.70 build # 459
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ImTOO DVD Ripper Ultimate
ImTOO Video Converter Ultimate
Java(TM) 6 Update 17
Media Go
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Monopoly by Parker Brothers
Mozilla Firefox (3.6.6)
MP3MyMP3 3.0
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
Nero ControlCenter
Nero Installer
neroxml
Next Generation Visualisations
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
PDF Settings
PeerGuardian 2.0
Photo! Editor 1.1
PlayStation(R)Network Downloader
PlayStation(R)Store
PowerDVD
QuickTime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Red Eye Remover 2.0
Registry Clean Expert
Replay Media Catcher 3.11
Replay Video Capture
Roxio Activation Module
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio CinePlayer
Roxio CinePlayer Decoder Pack
Roxio Disc Gallery
Roxio File Backup
Roxio MediaShare
Roxio Update Manager
Sandboxie 3.45.07
Scrabble Plus 1.00
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Segoe UI
SmartSound Quicktracks Plugin
Sony Ericsson PC Companion 2.00.142
SoulSeek 157 NS 13e
Steinberg Cubase 5
Steinberg Drum Loop Expansion 01
Steinberg Groove Agent ONE Content
Steinberg HALionOne
Steinberg HALionOne Additional Content Set 01
Steinberg HALionOne Expression Set
Steinberg HALionOne GM Drum Set
Steinberg HALionOne GM Set
Steinberg HALionOne Pro Set
Steinberg HALionOne Studio Drum Set
Steinberg HALionOne Studio Set
Steinberg LoopMash Content
Steinberg REVerence Content 01
SUPERAntiSpyware Professional
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
VLC media player 1.0.1
Vuze
WWTBAM 2nd Edition
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am
Advertisement
Register to Remove

Re: RUNDLL32 problem

Unread postby deltalima » July 16th, 2010, 5:23 am

Hi keys365,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    Vuze


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Next
Scan with WVCheck:

Please download WVCheck and save it to the desktop.

  • Double click on WVCheck.exe and follow the prompts.
  • The scan may take some time depending on the Hard-Drive size.
  • Please post the contents of the notepad file WVCheck_1436_dd-mm-yyyy that can be located on the desktop.

Next

CKScanner

  • Please download CKScanner from here to your Desktop.
Make sure that CKScanner.exe is on the your Desktop before running the application!
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved
  • Double-click on the CKFiles.txt icon on your Desktop and copy/paste the contents in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 16th, 2010, 6:08 am

Hello, thanks for your reply.
I've removed the p2p program.
I downloaded and ran the WVCheck but it says SOMETHING IS WRONG WITH THE REGISTRY CHECK! and then disappears without leaving a notepad file.
I downloaded and ran CKScanner and here is the result

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 16th, 2010, 6:14 am

Hi keys365,


I downloaded and ran the WVCheck but it says SOMETHING IS WRONG WITH THE REGISTRY CHECK


OK, please run this alternative scan.

  • Please download this tool from Microsoft.
  • Double click on MGADiag.exe to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 17th, 2010, 5:43 am

Hello. Thank for your help.
Here is the MCADiag report
Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Validation Code: N/A
Windows Product Key: *****-*****-WHTGG-VD4C6-TJMKQ
Windows Product Key Hash: lmDOySlyDTHpqI1pKmny3AV11lU=
Windows Product ID: 76477-OEM-2174867-86169
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {9D39FD31-FB25-4686-A55A-9DC0C44D3082}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.7.69.2
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A
Version: N/A

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: I:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{9D39FD31-FB25-4686-A55A-9DC0C44D3082}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-TJMKQ</PKey><PID>76477-OEM-2174867-86169</PID><PIDType>3</PIDType><SID>S-1-5-21-682003330-1390067357-1801674531</SID><SYSTEM><Manufacturer>System manufacturer</Manufacturer><Model>System Product Name</Model></SYSTEM><BIOS><Manufacturer>American Megatrends Inc.</Manufacturer><Version>0405 </Version><SMBIOSVersion major="2" minor="3"/><Date>20060911000000.000000+000</Date></BIOS><HWID>479E30870184E07A</HWID><UserLCID>0425</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>GMT Standard Time(GMT+00:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>5D65FE14D58F586</Val><Hash>BAoDbPc0n8rFHidSDI0n88MWyd0=</Hash><Pid>89388-707-0270147-65625</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

Windows Activation Technologies-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 141E0:ASUSTeK Computer Inc|10322:GENUINE C&C INC
Marker string from OEMBIOS.DAT: N/A, hr = 0x80004005

OEM Activation 2.0 Data-->
N/A
When I tried to use the VirusTotal program the file you wanted wasn't found.
Here is the OTL and Extras logs
OTL logfile created on: 16.07.2010 11:28:26 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = I:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
Drive D: | 450,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,75 Gb Total Space | 249,87 Gb Free Space | 53,65% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 462,04 Gb Free Space | 99,20% Space Free | Partition Type: NTFS

Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - I:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - I:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
PRC - I:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
PRC - I:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
PRC - I:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - I:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
PRC - I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (http://www.altrixsoft.com/))
PRC - I:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
PRC - I:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - I:\Documents and Settings\USER\Desktop\OTL.exe (OldTimer Tools)
MOD - I:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SessionLauncher) -- I:\DOCUME~1\USER\LOCALS~1\Temp\DX9\SessionLauncher.exe File not found
SRV - (RoxLiveShare10) -- I:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe File not found
SRV - (HidServ) -- I:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- I:\WINDOWS\System32\appmgmts.dll File not found
SRV - (Sony Ericsson PCCompanion) -- I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe (Avanquest Software)
SRV - (SbieSvc) -- I:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV - (avg9wd) -- I:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service) -- I:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TomTomHOMEService) -- I:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (HDDSvc) -- I:\WINDOWS\system32\HDDSvc.exe (AltrixSoft (http://www.altrixsoft.com/))
SRV - (btwdins) -- I:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)


========== Driver Services (SafeList) ==========

DRV - (AvgTdiX) -- I:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- I:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SbieDrv) -- I:\Program Files\Sandboxie\SbieDrv.sys (tzuk)
DRV - (AvgLdx86) -- I:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (sptd) -- I:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (nv) -- I:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (RTLE8023xp) -- I:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Aspi32) -- I:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (HDAudBus) -- I:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (usbaudio) USB Audio Driver (WDM) -- I:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (CTEXFIFX.SYS) -- I:\WINDOWS\System32\drivers\CTEXFIFX.SYS (Creative Technology Ltd.)
DRV - (CTEXFIFX) -- I:\WINDOWS\system32\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV - (CTEDSPIO.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPIO.SYS (Creative Technology Ltd)
DRV - (CTEDSPIO) -- I:\WINDOWS\system32\drivers\CTEDSPIO.sys (Creative Technology Ltd)
DRV - (CTEDSPSY.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPSY.SYS (Creative Technology Ltd)
DRV - (CTEDSPSY) -- I:\WINDOWS\system32\drivers\CTEDSPSY.sys (Creative Technology Ltd)
DRV - (CTHWIUT.SYS) -- I:\WINDOWS\System32\drivers\CTHWIUT.SYS (Creative Technology Ltd.)
DRV - (CTHWIUT) -- I:\WINDOWS\system32\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV - (CT20XUT.SYS) -- I:\WINDOWS\System32\drivers\CT20XUT.SYS (Creative Technology Ltd.)
DRV - (CT20XUT) -- I:\WINDOWS\system32\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV - (CTERFXFX.SYS) -- I:\WINDOWS\System32\drivers\CTERFXFX.SYS (Creative Technology Ltd)
DRV - (CTERFXFX) -- I:\WINDOWS\system32\drivers\CTERFXFX.sys (Creative Technology Ltd)
DRV - (CTEDSPFX.SYS) -- I:\WINDOWS\System32\drivers\CTEDSPFX.SYS (Creative Technology Ltd)
DRV - (CTEDSPFX) -- I:\WINDOWS\system32\drivers\CTEDSPFX.sys (Creative Technology Ltd)
DRV - (CTEAPSFX.SYS) -- I:\WINDOWS\System32\drivers\CTEAPSFX.SYS (Creative Technology Ltd)
DRV - (CTEAPSFX) -- I:\WINDOWS\system32\drivers\CTEAPSFX.sys (Creative Technology Ltd)
DRV - (CTSBLFX.SYS) -- I:\WINDOWS\System32\drivers\CTSBLFX.SYS (Creative Technology Ltd)
DRV - (CTSBLFX) -- I:\WINDOWS\system32\drivers\CTSBLFX.sys (Creative Technology Ltd)
DRV - (CTAUDFX.SYS) -- I:\WINDOWS\System32\drivers\CTAUDFX.SYS (Creative Technology Ltd)
DRV - (CTAUDFX) -- I:\WINDOWS\system32\drivers\CTAUDFX.sys (Creative Technology Ltd)
DRV - (COMMONFX.SYS) -- I:\WINDOWS\System32\drivers\COMMONFX.SYS (Creative Technology Ltd)
DRV - (COMMONFX) -- I:\WINDOWS\system32\drivers\COMMONFX.sys (Creative Technology Ltd)
DRV - (SASKUTIL) -- I:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ()
DRV - (SASDIFSV) -- I:\Program Files\SUPERAntiSpyware\sasdifsv.sys ()
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- I:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- I:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- I:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- I:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- I:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- I:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- I:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (PfModNT) -- I:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.)
DRV - (ctprxy2k) -- I:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- I:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- I:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- I:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- I:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (emupia) -- I:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- I:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ADIHdAudAddService) -- I:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- I:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (atapi) -- I:\WINDOWS\system32\DRIVERS\atapi.sys ()
DRV - (SASENUM) -- I:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (pgfilter) -- I:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (btaudio) -- I:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- I:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- I:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- I:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- I:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (DM9USB) -- I:\WINDOWS\system32\drivers\dm9usb.sys (DAVICOM Semiconductor, Inc. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D2 31 24 91 95 80 CA 01 [binary data]
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1

FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: I:\Program Files\Real\RealPlayer\browserrecord [2009.12.16 11:08:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010.06.28 09:15:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010.07.03 09:03:45 | 000,000,000 | ---D | M]

[2010.03.17 13:14:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Extensions
[2010.03.17 13:14:57 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010.07.16 09:32:03 | 000,000,000 | ---D | M] -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions
[2010.06.24 12:44:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.12 13:19:15 | 000,000,000 | ---D | M] (Adblock Plus) -- I:\Documents and Settings\USER\Application Data\Mozilla\Firefox\Profiles\j7fwx06y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.12.19 15:10:08 | 000,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010.01.16 01:55:13 | 000,001,538 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010.01.16 01:55:13 | 000,000,947 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010.01.16 01:55:13 | 000,000,769 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010.01.16 01:55:13 | 000,001,135 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010.04.03 12:41:33 | 000,000,773 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 applian.securesites.com
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - I:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] I:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NvCplDaemon] I:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [RegClean Expert Scheduler] I:\Program Files\Registry Clean Expert\RCHelper.exe (iExpert Software)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [SandboxieControl] I:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [Sony Ericsson PC Companion] I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [SUPERAntiSpyware] I:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004..\Run: [TomTomHOME.exe] I:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = I:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = I:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe File not found
O4 - Startup: I:\Documents and Settings\USER\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = I:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - I:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - I:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - I:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - I:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 0960510546 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - I:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - I:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - I:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - I:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll - I:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: I:\WINDOWS\Prairie Wind.bmp
O24 - Desktop BackupWallPaper: I:\WINDOWS\Prairie Wind.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - I:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - I:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - I:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.09.07 20:31:14 | 000,245,854 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.04.23 10:42:26 | 000,000,050 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\AutoRun\command - "" = vlsdgsdgeryherdhsdfhdfhsdrhserjserjdsfjdsfhdsfgweagi\wetopisdgklsjgbklawjrtioubsaetgioubasegiojbasgdia\autorun.exe
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\Explore\Command - "" = vlsdgsdC:\aUtORUN.inf
O33 - MountPoints2\{10b450b5-f3a9-11de-864a-0018f304ce28}\Shell\open\command - "" = vlsdgsdgeryherdhsdfhdfhsdrhserjserjdsfjdsfhdsfgweagi\wetopisdgklsjgbklawjrtioubsaetgioubasegiojbasgdia\autorun.exe
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1aa04929-ea26-11de-9e15-d6a8837cad13}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c6b97b3-4a03-11df-877a-0018f304ce28}\Shell\AutoRun\command - "" = F:\DPFMate.exe -- File not found
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{815260b1-ee1f-11de-862e-0018f304ce28}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{9187d3e9-31b5-11df-8733-0018f304ce28}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c842ef47-ea21-11de-9715-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.now.exe -- [2004.07.29 14:12:50 | 000,101,376 | R--- | M] (Sold Out Software Ltd.)
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell - "" = AutoRun
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e4b9d3d2-8b37-11df-8881-0018f304ce28}\Shell\AutoRun\command - "" = F:\Startme.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.07.16 11:27:08 | 000,574,976 | ---- | C] (OldTimer Tools) -- I:\Documents and Settings\USER\Desktop\OTL.exe
[2010.07.16 11:18:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010.07.16 11:18:02 | 002,031,992 | ---- | C] (Microsoft Corporation) -- I:\Documents and Settings\USER\Desktop\MGADiag.exe
[2010.07.15 16:49:11 | 000,000,000 | RH-D | C] -- I:\Documents and Settings\USER\Recent
[2010.07.15 15:02:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Application Data\Google
[2010.07.15 15:01:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Temp
[2010.07.15 15:01:41 | 000,000,000 | ---D | C] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010.07.15 15:01:32 | 000,000,000 | ---D | C] -- I:\Program Files\Google
[2010.07.15 15:01:32 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Google
[2010.07.15 11:39:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Utilities
[2010.07.15 11:37:43 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Photo
[2010.07.15 11:34:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Epson Printer
[2010.07.15 11:33:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Video - Audio
[2010.07.15 11:31:10 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\DVD - CD
[2010.07.15 11:30:19 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Desktop\Adobe
[2010.07.14 09:20:03 | 000,744,448 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.13 12:56:34 | 000,000,000 | ---D | C] -- I:\Program Files\Trend Micro
[2010.07.13 11:33:56 | 000,000,000 | ---D | C] -- I:\WINDOWS\pss
[2010.07.09 10:15:54 | 000,000,000 | ---D | C] -- I:\Program Files\Common Files\Sony Shared
[2010.07.09 10:13:12 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Sony
[2010.07.09 10:11:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\My Podcasts
[2010.07.09 10:11:21 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\Media Go
[2010.07.09 10:10:53 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Local Settings\Application Data\Downloaded Installations
[2010.07.09 10:10:48 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010.07.09 10:10:48 | 000,000,000 | ---D | C] -- I:\Program Files\Sony
[2010.07.09 10:08:52 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\Application Data\Sony
[2010.07.09 10:01:40 | 000,000,000 | ---D | C] -- I:\Program Files\Sony Ericsson
[2010.07.09 10:01:40 | 000,000,000 | ---D | C] -- I:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2010.06.30 16:26:34 | 000,000,000 | ---D | C] -- I:\Documents and Settings\USER\My Documents\Untitled
[2010.06.30 16:19:47 | 002,531,328 | ---- | C] (Macrovision Europe Ltd.) -- I:\Documents and Settings\USER\My Documents\AdobeLM_libFNP.dll
[2010.06.21 12:19:00 | 000,000,000 | ---D | C] -- I:\Corralejo+Madrid
[2010.06.16 14:41:32 | 000,000,000 | ---D | C] -- I:\WINDOWS\System32\XPSViewer
[2010.06.16 14:41:27 | 000,000,000 | ---D | C] -- I:\Program Files\Reference Assemblies
[2010.06.16 14:41:08 | 001,676,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\xpssvcs.dll
[2010.06.16 14:41:08 | 001,676,288 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010.06.16 14:41:08 | 000,597,504 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010.06.16 14:41:08 | 000,575,488 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010.06.16 14:41:08 | 000,117,760 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\prntvpt.dll
[2010.06.16 14:41:08 | 000,089,088 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2006.08.04 08:34:28 | 000,033,792 | R--- | C] ( ) -- I:\WINDOWS\System32\a3d.dll
[8 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.16 11:29:00 | 000,000,420 | -H-- | M] () -- I:\WINDOWS\tasks\User_Feed_Synchronization-{C64277A3-026B-427C-BF33-D97DB328E707}.job
[2010.07.16 11:27:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\USER\Desktop\OTL.exe
[2010.07.16 11:18:20 | 000,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010.07.16 11:18:02 | 002,031,992 | ---- | M] (Microsoft Corporation) -- I:\Documents and Settings\USER\Desktop\MGADiag.exe
[2010.07.16 11:17:00 | 000,000,238 | -H-- | M] () -- I:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.07.16 11:16:01 | 000,002,521 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\Outlook.lnk
[2010.07.16 11:06:00 | 000,000,928 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.16 10:59:44 | 000,451,584 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\CKScanner.exe
[2010.07.16 10:55:00 | 000,000,274 | -H-- | M] () -- I:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.07.16 10:42:35 | 003,513,237 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\WVCheck.exe
[2010.07.16 10:15:29 | 000,001,915 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2010.07.16 09:17:50 | 062,023,023 | ---- | M] () -- I:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.07.16 09:11:37 | 000,272,291 | ---- | M] () -- I:\WINDOWS\System32\NvApps.xml
[2010.07.16 09:11:20 | 000,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010.07.16 09:11:13 | 000,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010.07.15 19:20:23 | 000,011,564 | ---- | M] () -- I:\WINDOWS\System32\DVCState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,924 | ---- | M] () -- I:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,924 | ---- | M] () -- I:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:23 | 000,000,064 | ---- | M] () -- I:\WINDOWS\System32\BMXState-{00000001-00000000-00000001-00001102-00000008-40041102}.rfx
[2010.07.15 19:20:13 | 006,553,600 | ---- | M] () -- I:\Documents and Settings\USER\NTUSER.DAT
[2010.07.15 19:20:13 | 000,000,178 | -HS- | M] () -- I:\Documents and Settings\USER\ntuser.ini
[2010.07.15 16:00:00 | 000,000,368 | ---- | M] () -- I:\WINDOWS\tasks\At2.job
[2010.07.15 16:00:00 | 000,000,368 | ---- | M] () -- I:\WINDOWS\tasks\At1.job
[2010.07.15 15:06:00 | 000,000,924 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.15 15:02:27 | 000,001,925 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.07.15 12:55:34 | 000,000,069 | ---- | M] () -- I:\WINDOWS\NeroDigital.ini
[2010.07.15 12:55:33 | 000,068,096 | ---- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.14 17:27:48 | 002,117,308 | -H-- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\IconCache.db
[2010.07.14 11:39:15 | 000,167,989 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\The-Princess-And-The-Frog-Poster.jpg
[2010.07.13 12:59:00 | 000,002,445 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.lnk
[2010.07.13 12:54:50 | 001,402,880 | ---- | M] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.msi
[2010.07.13 11:34:25 | 000,000,582 | ---- | M] () -- I:\WINDOWS\win.ini
[2010.07.13 11:34:25 | 000,000,227 | ---- | M] () -- I:\WINDOWS\system.ini
[2010.07.12 20:49:58 | 000,054,156 | -H-- | M] () -- I:\WINDOWS\QTFont.qfn
[2010.07.11 13:38:00 | 000,001,409 | ---- | M] () -- I:\WINDOWS\QTFont.for
[2010.07.09 10:16:06 | 000,001,632 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010.07.08 11:26:56 | 000,010,617 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Bell Hotel letter.docx
[2010.07.07 21:56:30 | 000,156,672 | ---- | M] (Radioactive) -- I:\WINDOWS\System32\rmc_fixasf.exe
[2010.07.07 21:56:29 | 000,237,568 | ---- | M] () -- I:\WINDOWS\System32\rmc_rtspdl.dll
[2010.07.05 16:36:38 | 000,323,130 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Im May No Turn.jpg
[2010.07.05 16:22:20 | 000,043,346 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Im May Love Tattoo.jpg
[2010.07.03 09:03:46 | 000,001,739 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.07.01 16:46:32 | 000,068,717 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury prog.docx
[2010.07.01 16:45:41 | 000,087,587 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site and Campsite.docx
[2010.07.01 16:42:17 | 000,068,188 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury arena.docx
[2010.07.01 15:58:49 | 000,036,229 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Campsite.jpg
[2010.07.01 15:57:58 | 000,040,304 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site.jpg
[2010.07.01 15:57:00 | 000,057,482 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury Arena.jpg
[2010.07.01 14:56:46 | 000,058,017 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cornbury programme.jpg
[2010.07.01 11:24:53 | 000,012,931 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Cardamomo Flamenco.docx
[2010.06.30 16:26:34 | 000,647,857 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Untitled.ncor
[2010.06.30 16:25:16 | 000,000,116 | ---- | M] () -- I:\Documents and Settings\USER\Adobe Encore_AME.pref
[2010.06.28 15:22:10 | 010,978,543 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\Reg Backup File 28 Jun '10.cab
[2010.06.23 17:06:54 | 043,866,600 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.psd
[2010.06.23 17:06:46 | 008,713,903 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers copy.jpg
[2010.06.23 16:32:34 | 006,227,297 | ---- | M] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.jpg
[2010.06.23 11:44:46 | 000,535,006 | ---- | M] () -- I:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 11:44:46 | 000,465,402 | ---- | M] () -- I:\WINDOWS\System32\perfh009.dat
[2010.06.23 11:44:46 | 000,079,162 | ---- | M] () -- I:\WINDOWS\System32\perfc009.dat
[2010.06.16 17:49:43 | 000,069,232 | ---- | M] () -- I:\Documents and Settings\USER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.06.16 17:47:37 | 001,555,664 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[8 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]
[5 I:\WINDOWS\System32\*.tmp files -> I:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.16 10:59:44 | 000,451,584 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\CKScanner.exe
[2010.07.16 10:42:24 | 003,513,237 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\WVCheck.exe
[2010.07.15 15:02:27 | 000,001,925 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2010.07.15 15:01:38 | 000,000,928 | ---- | C] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.15 15:01:37 | 000,000,924 | ---- | C] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.14 11:36:58 | 000,167,989 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\The-Princess-And-The-Frog-Poster.jpg
[2010.07.13 12:56:34 | 000,002,445 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.lnk
[2010.07.13 12:54:49 | 001,402,880 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\HiJackThis.msi
[2010.07.13 10:10:36 | 000,011,853 | ---- | C] () -- I:\Documents and Settings\USER\Desktop\RUNDLL32.EX_
[2010.07.11 13:38:00 | 000,054,156 | -H-- | C] () -- I:\WINDOWS\QTFont.qfn
[2010.07.11 13:38:00 | 000,001,409 | ---- | C] () -- I:\WINDOWS\QTFont.for
[2010.07.09 10:16:06 | 000,001,632 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Media Go.lnk
[2010.07.09 10:01:46 | 000,001,915 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Sony Ericsson PC Companion 2.0.lnk
[2010.07.08 11:26:56 | 000,010,617 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Bell Hotel letter.docx
[2010.07.05 16:23:01 | 000,323,130 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Im May No Turn.jpg
[2010.07.05 16:22:19 | 000,043,346 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Im May Love Tattoo.jpg
[2010.07.01 16:45:41 | 000,087,587 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site and Campsite.docx
[2010.07.01 16:41:48 | 000,068,188 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury arena.docx
[2010.07.01 15:58:49 | 000,036,229 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Campsite.jpg
[2010.07.01 15:57:58 | 000,040,304 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Site.jpg
[2010.07.01 15:57:00 | 000,057,482 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury Arena.jpg
[2010.07.01 14:58:57 | 000,068,717 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury prog.docx
[2010.07.01 14:56:45 | 000,058,017 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cornbury programme.jpg
[2010.07.01 11:24:23 | 000,012,931 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Cardamomo Flamenco.docx
[2010.06.30 16:26:31 | 000,647,857 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Untitled.ncor
[2010.06.30 16:25:16 | 000,000,116 | ---- | C] () -- I:\Documents and Settings\USER\Adobe Encore_AME.pref
[2010.06.28 15:22:10 | 010,978,543 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\Reg Backup File 28 Jun '10.cab
[2010.06.23 17:06:51 | 043,866,600 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.psd
[2010.06.23 17:06:43 | 008,713,903 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers copy.jpg
[2010.06.23 16:32:26 | 006,227,297 | ---- | C] () -- I:\Documents and Settings\USER\My Documents\church-at-auvers.jpg
[2010.04.03 12:44:50 | 000,237,568 | ---- | C] () -- I:\WINDOWS\System32\rmc_rtspdl.dll
[2009.12.28 14:02:51 | 000,000,069 | ---- | C] () -- I:\WINDOWS\NeroDigital.ini
[2009.12.21 10:39:49 | 000,002,438 | ---- | C] () -- I:\WINDOWS\Sandboxie.ini
[2009.12.19 15:37:34 | 000,000,097 | ---- | C] () -- I:\WINDOWS\System32\PICSDK.ini
[2009.12.19 15:35:17 | 000,000,025 | ---- | C] () -- I:\WINDOWS\CDESX100DEFGIPS.ini
[2009.12.19 13:02:11 | 000,001,043 | ---- | C] () -- I:\WINDOWS\cdplayer.ini
[2009.12.16 11:43:17 | 000,073,728 | ---- | C] () -- I:\WINDOWS\System32\RtNicProp32.dll
[2009.12.16 11:41:10 | 000,003,072 | ---- | C] () -- I:\WINDOWS\CTXFIRES.DLL
[2009.08.31 15:00:22 | 000,021,504 | ---- | C] () -- I:\WINDOWS\System32\WBCustomizer.dll
[2009.08.31 15:00:21 | 000,185,344 | ---- | C] () -- I:\WINDOWS\System32\MemWarp.dll
[2008.03.20 17:02:24 | 000,086,446 | R--- | C] () -- I:\WINDOWS\System32\instwdm.ini
[2008.03.20 17:02:24 | 000,000,191 | R--- | C] () -- I:\WINDOWS\System32\ctzapxx.ini
[2008.03.20 16:36:48 | 000,043,520 | ---- | C] () -- I:\WINDOWS\System32\CTBurst.dll
[2007.09.27 11:51:02 | 000,020,698 | ---- | C] () -- I:\WINDOWS\System32\idxcntrs.ini
[2007.09.27 11:48:48 | 000,030,628 | ---- | C] () -- I:\WINDOWS\System32\gsrvctr.ini
[2007.09.27 11:48:28 | 000,031,698 | ---- | C] () -- I:\WINDOWS\System32\gthrctr.ini
[2007.08.21 11:22:58 | 000,000,000 | ---- | C] () -- I:\WINDOWS\System32\px.ini
[2006.10.02 18:25:18 | 000,000,307 | ---- | C] () -- I:\WINDOWS\System32\kill.ini
[2006.02.28 13:00:00 | 000,095,360 | ---- | C] () -- I:\WINDOWS\System32\drivers\atapi.sys
[2005.08.24 14:56:04 | 000,090,112 | ---- | C] () -- I:\WINDOWS\System32\btprn2k.dll
[2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- I:\WINDOWS\System32\ctmmactl.dll
[2004.01.30 16:07:46 | 000,245,408 | ---- | C] () -- I:\WINDOWS\System32\unicows.dll
[2002.05.16 00:29:04 | 000,000,607 | ---- | C] () -- I:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001.11.23 19:18:00 | 000,000,597 | ---- | C] () -- I:\WINDOWS\System32\btcss.dll.manifest
[2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- I:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Freddy and Babs.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\DSC00072.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\DSC00047.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Donna and Sherry.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\Copy of Donna and Sherry.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> I:\Documents and Settings\USER\My Documents\1225091131.jpg:Roxio EMC Stream
< End of report >
OTL Extras logfile created on: 16.07.2010 11:28:26 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = I:\Documents and Settings\USER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000425 | Country: Estonia | Language: ETI | Date Format: d.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): i:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
Drive D: | 450,60 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,75 Gb Total Space | 249,87 Gb Free Space | 53,65% Space Free | Partition Type: NTFS
Drive S: | 465,76 Gb Total Space | 462,04 Gb Free Space | 99,20% Space Free | Partition Type: NTFS

Computer Name: USER-PC
Current User Name: USER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-682003330-1390067357-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "I:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- I:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "I:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = I:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"I:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = I:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"I:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = I:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"I:\Program Files\AVG\AVG9\avgupd.exe" = I:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\AVG\AVG9\avgnsx.exe" = I:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"I:\Program Files\SoulseekNS\slsk.exe" = I:\Program Files\SoulseekNS\slsk.exe:*:Enabled:SoulSeek -- File not found
"I:\Documents and Settings\USER\Local Settings\Temp\taskengc.exe" = I:\Documents and Settings\USER\Local Settings\Temp\taskengc.exe:*:Enabled:49645 -- File not found
"I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe" = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe:*:Enabled:887638 -- File not found
"I:\Program Files\Vuze\Azureus.exe" = I:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23F20D6B-F211-486F-93DA-DA68AF7FE55F}" = WWTBAM 2nd Edition
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}" = Next Generation Visualisations
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = Belkin Bluetooth Software
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D420D94-7B4A-4213-B8D4-AEC3B45B5158}" = Digital Audio System
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7066F2DB-5032-4B6F-A8E7-A6F946043438}" = Adobe Setup
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EC63FE1-D017-460D-90B1-CCC97239AF73}" = Media Go
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.00.146
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"8461-7759-5462-8226" = Vuze
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_85df662426fa6bb25f7d596f4d1b2a2" = Adobe Encore CS3
"Any Video Converter_is1" = Any Video Converter 3.0.5
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
"Easy CD and DVD Cover Creator" = Easy CD and DVD Cover Creator 4.13
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 User’s Guide" = EPSON Stylus SX100_TX100 Manual
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"Hard Drive Inspector" = Hard Drive Inspector Professional 2.70 build # 459
"ie8" = Windows Internet Explorer 8
"ImTOO DVD Ripper Ultimate 5" = ImTOO DVD Ripper Ultimate
"ImTOO Video Converter Ultimate" = ImTOO Video Converter Ultimate
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoToolkit_is1" = Photo! Editor 1.1
"RealPlayer 6.0" = RealPlayer
"Red Eye Remover_is1" = Red Eye Remover 2.0
"Registry Clean Expert_is1" = Registry Clean Expert
"Replay Media Catcher 3.11" = Replay Media Catcher 3.11
"Replay Video Capture3.1B" = Replay Video Capture
"Sandboxie" = Sandboxie 3.45.07
"Scrabble Plus 1.00" = Scrabble Plus 1.00
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VLC media player 1.0.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.07.2010 6:27:50 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 13.07.2010 6:28:48 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 14.07.2010 10:04:35 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 14.07.2010 11:10:56 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 14.07.2010 12:04:21 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 15.07.2010 7:16:08 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 15.07.2010 10:21:04 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 15.07.2010 10:21:07 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 15.07.2010 11:29:50 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

Error - 15.07.2010 11:49:11 | Computer Name = USER-PC | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Application, SystemIndex
Catalog

[ OSession Events ]
Error - 10.01.2010 9:17:44 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.01.2010 15:49:07 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.01.2010 7:46:13 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9.02.2010 8:10:25 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 19.02.2010 7:23:39 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 25.06.2010 5:01:04 | Computer Name = USER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15.07.2010 13:05:26 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 15.07.2010 13:05:29 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 15.07.2010 13:05:46 | Computer Name = USER-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 16.07.2010 4:11:22 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 16.07.2010 4:11:25 | Computer Name = USER-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
sptd

Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 16.07.2010 4:11:43 | Computer Name = USER-PC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
And finally the GMER report
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-16 18:30:30
Windows 5.1.2600 Service Pack 3
Running: lsiq3v3h.exe; Driver: I:\DOCUME~1\USER\LOCALS~1\Temp\kxtdapoc.sys


---- System - GMER 1.0.15 ----

SSDT \??\I:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0xB470C660]

Code B8464C9C ZwRequestPort
Code B8464D3C ZwRequestWaitReplyPort
Code B8464BFC ZwTraceEvent
Code B8464C9B NtRequestPort
Code B8464D3B NtRequestWaitReplyPort
Code B8464BFB NtTraceEvent

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!NtTraceEvent 805499B8 5 Bytes JMP B8464C00
PAGE ntoskrnl.exe!NtRequestWaitReplyPort 8057CD93 5 Bytes JMP B8464D40
PAGE ntoskrnl.exe!NtRequestPort 805E33BE 5 Bytes JMP B8464CA0
.text I:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7668380, 0x5414D5, 0xE8000020]
.text win32k.sys!EngAcquireSemaphore + 20E2 BF808308 5 Bytes JMP B8464480
.text win32k.sys!EngFreeUserMem + 5BD2 BF80EE8F 5 Bytes JMP B84643E0
.text win32k.sys!EngCopyBits + 68D BF838EFF 5 Bytes JMP B84645C0
.text win32k.sys!EngCreateBitmap + 6F4 BF83E122 5 Bytes JMP B8464700
.text win32k.sys!EngMultiByteToWideChar + 2F32 BF8A0D51 5 Bytes JMP B84648E0
.text win32k.sys!EngAlphaBlend + 350F BF8AA40A 5 Bytes JMP B8464A20
.text win32k.sys!EngMulDiv + 90FA BF8B4264 5 Bytes JMP B8464660
.text win32k.sys!XLATEOBJ_iXlate + 3A50 BF8B9E25 5 Bytes JMP B8464520
.text win32k.sys!EngUnicodeToMultiByteN + 1756 BF8C322E 5 Bytes JMP B84647A0
.text win32k.sys!PATHOBJ_bCloseFigure + 19F1 BF8F98FC 5 Bytes JMP B8464980
.text win32k.sys!EngCreateClip + 1994 BF9132F6 5 Bytes JMP B8464AC0
.text win32k.sys!EngCreateClip + 1F24 BF913886 5 Bytes JMP B8464B60
.text win32k.sys!EngCreateClip + 256A BF913ECC 5 Bytes JMP B8464840

---- User code sections - GMER 1.0.15 ----

.text I:\WINDOWS\system32\SearchIndexer.exe[284] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C I:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!DefWindowProcA + 11A 7E42C298 7 Bytes JMP 003AFB50 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!SetWindowRgn + 2BD 7E42E7E5 7 Bytes JMP 003AFA00 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!SetClipboardData + 19D 7E43113B 7 Bytes JMP 003AFB30 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxA + 49 7E450833 7 Bytes JMP 003AFC20 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxExW + 1F 7E450857 7 Bytes JMP 003AFC70 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)
.text I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe[3712] USER32.dll!MessageBoxTimeoutA + CA 7E4664D0 7 Bytes JMP 003AFBA0 I:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll (New UI/Avanquest Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x84 0xF0 0x8F 0xC7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 I:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xB8 0x9C 0x2A 0xFE ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x57 0xC7 0xDA 0x8F ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x05 0x48 0x9E 0x57 ...

---- EOF - GMER 1.0.15 ----
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 17th, 2010, 3:41 pm

Hi keys365,

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 18th, 2010, 5:31 am

Here is the mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4323

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18/07/2010 10:14:12
mbam-log-2010-07-18 (10-14-12).txt

Scan type: Quick scan
Objects scanned: 131930
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\E8WECRKKMV (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\LREC75DND7 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk (Malware.Trace) -> Quarantined and deleted successfully.
I:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 18th, 2010, 9:50 am

Hi keys365,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :otl
    O4 - Startup: I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk = I:\Documents and Settings\USER\Local Settings\Temp\systmn.exe File not found
    :commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Next

  • Click Start, point to Settings, and then click Control Panel.
  • In Control Panel, double-click Add or Remove Programs.
  • In Add or Remove Programs,
    highlight Advertising Center
    click Remove
    highlight PeerGuardian 2.0
    click Remove
  • Close the Add or Remove Programs and the Control Panel windows.

Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply and let me know how your computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 19th, 2010, 7:46 am

Hello
I've done what you said, except I couldn't find Advertising Centre to remove.
The computer is running fine but it aways has except I was getting a report on startup from SuperAntiSpyware saying it was blocking the threatening program from running. That report stopped appearing a couple of days ago.
On advice before I first contacted you I made a change in msconfig - I set the startup to Normal instead of Selective Startup which it was on. Is it ok to put it back how it was as since then startup doesn't load my audio facilities so I have to do that manually after startup in order to get any sound. The ticked items on Selective Startup were
Process SYSTEM.INI File
Process WIN.INI File
Load system services
Load startup items
Here are the OTL and Kaspersky logs
All processes killed
========== OTL ==========
File move failed. I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: USER
->Temp folder emptied: 21709296 bytes
->Temporary Internet Files folder emptied: 48616228 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 91359007 bytes
->Google Chrome cache emptied: 6257454 bytes
->Flash cache emptied: 6498 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4578900 bytes
%systemroot%\System32 .tmp files removed: 3979343 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 709760 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 74538528 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1546 bytes

Total Files Cleaned = 240.00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07192010_091842

Files\Folders moved on Reboot...
File\Folder I:\Documents and Settings\USER\Start Menu\Programs\Startup\4323569.lnk not found!

Registry entries deleted on Reboot...

KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 19, 2010 05:30:35
Records in database: 4230980
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
D:\
E:\
G:\
H:\
I:\
J:\
K:\
S:\

Scan statistics:
Objects scanned: 107224
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 02:21:34


File name / Threat / Threats count
I:\Downloads\mp3mymp3install.exe Infected: not-a-virus:AdWare.Win32.Relevant.p 1
I:\Downloads\mp3mymp3install.exe Infected: not-a-virus:AdWare.Win32.Relevant.q 1

Selected area has been scanned.
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 19th, 2010, 8:04 am

Hi keys365,

Please delete the file

I:\Downloads\mp3mymp3install.exe

Is it ok to put it back how it was


Please do and then let me know if the report on startup from SuperAntiSpyware has stopped.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 19th, 2010, 8:31 am

The report from SuperAntiSpyware has stopped but I have an alert that says I need to reinstall SoundMAX as my audio has been reconfigured.
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 19th, 2010, 8:47 am

Hi keys365,

The report from SuperAntiSpyware has stopped


Good.

but I have an alert that says I need to reinstall SoundMAX


OK, go ahead and do so, then let me know if there are any other problems with the computer.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 19th, 2010, 9:44 am

The audio is fine now as everything else seems to be too. Do you think we have removed the problem completely?
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am

Re: RUNDLL32 problem

Unread postby deltalima » July 19th, 2010, 10:01 am

Hi keys365,

Do you think we have removed the problem completely?


There are no more signs of active malware in the logs.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure

Remove GMER

Delete the GMER icon from your desktop, it will be named lsiq3v3h.exe

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.


Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware


Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: RUNDLL32 problem

Unread postby keys365 » July 19th, 2010, 11:23 am

Thank you for all your help in cleaning up my machine. It's quite a weight off my mind. You're all doing a good job there. Thanks again.
keys365
Active Member
 
Posts: 8
Joined: July 13th, 2010, 8:03 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 488 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware