celldorado popup

sohappy

Hi, I have a popup that I dont know how to get rid of (celldorado.com) I have xp with avg/spybot s&d /ad-aware/ccleaner. I have found instructions on how to get rid of this manually but I think its beyond me! can anyone recommend a free programme that might kill this popup?

sohappy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:21, on 18/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
\Advanced WindowsCare V2\MemCleaner.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - \Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [SmartRAM] \Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] \Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - \Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - \Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0478B855-86DA-4CDB-BF2D-D811DBDC9B95}: NameServer = 172.31.140.69 172.30.140.69
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - \aawservice.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 7968 bytes

ActorSeeksJob

hi

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

sohappy

Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3
32_bits - x86 Family 6 Model 28 Stepping 2, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:3 Go - Free:0 Go )
\ [Fixed-NTFS] .. ( Total:7 Go - Free:6 Go )
E:\ [CD_Rom]
¨
Scan : 10:04.02
Path : C:\Documents and Settings\E\Desktop\Rooter.exe
User : E ( Administrator -> YES )
¨

---

\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (420)
______ \??\C:\WINDOWS\system32\csrss.exe (476)
______ \??\C:\WINDOWS\system32\winlogon.exe (520)
______ C:\WINDOWS\system32\services.exe (564)
______ C:\WINDOWS\system32\lsass.exe (576)
______ C:\WINDOWS\system32\svchost.exe (768)
______ C:\WINDOWS\system32\svchost.exe (832)
______ C:\WINDOWS\System32\svchost.exe (872)
______ C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (912)
______ C:\WINDOWS\system32\svchost.exe (1028)
______ C:\WINDOWS\system32\svchost.exe (1068)
______ \aawservice.exe (1200)
______ C:\WINDOWS\Explorer.EXE (1208)
______ C:\WINDOWS\RTHDCPL.EXE (1304)
______ C:\WINDOWS\SOUNDMAN.EXE (1312)
______ C:\WINDOWS\system32\igfxtray.exe (1336)
______ C:\WINDOWS\system32\hkcmd.exe (1344)
______ C:\Program Files\EeePC\ACPI\AsTray.exe (1364)
______ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (1376)
______ C:\Program Files\EeePC\ACPI\AsEPCMon.exe (1384)
______ \Advanced WindowsCare V2\MemCleaner.exe (1396)
______ C:\WINDOWS\system32\igfxext.exe (1456)
______ C:\WINDOWS\system32\igfxsrvc.exe (1464)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1492)
______ C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (1532)
______ C:\WINDOWS\system32\ctfmon.exe (1556)
______ C:\Program Files\Windows Live\Messenger\msnmsgr.exe (1572)
______ \Spybot - Search & Destroy\TeaTimer.exe (1600)
______ C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (1624)
______ C:\WINDOWS\system32\spoolsv.exe (1792)
______ C:\Program Files\Avira\AntiVir Desktop\sched.exe (1840)
______ C:\WINDOWS\system32\svchost.exe (1880)
______ C:\Program Files\Avira\AntiVir Desktop\avguard.exe (1936)
______ C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (1976)
______ C:\Program Files\Java\jre6\bin\jqs.exe (2016)
______ C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (140)
______ C:\WINDOWS\system32\svchost.exe (640)
______ C:\WINDOWS\system32\wdfmgr.exe (788)
______ C:\WINDOWS\System32\alg.exe (2260)
______ C:\Program Files\Windows Live\Contacts\wlcomm.exe (2540)
______ C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe (2844)
______ C:\Program Files\Internet Explorer\iexplore.exe (3316)
______ C:\Program Files\Windows Live\Toolbar\wltuser.exe (3416)
______ C:\Documents and Settings\E\Desktop\Rooter.exe (2512)
¨

---

\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:3996615168)
\Device\Harddisk0\Partition2 (Start_Offset:3996647424 | Length:33030144)
¨

---

\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
¨

---

\\ Registry
¨
¨

---

\\ Files & Folders
¨

---

\\ Scan completed at 10:04.04
¨
C:\Rooter$\Rooter_4.txt - (19/06/2009 | 10:04.04)

ActorSeeksJob

hi

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Check the boxes beside LOP Check and Purity Check.
• Under Custom Scan paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %systemroot%\System32\antiwpa.dll
  %systemroot%\SYSTEM32\wpa.dll
  %systemroot%\setup\scripts\biestart.exe
  %systemroot%\system32\drivers\royal.sys
  %systemroot%\system32\oobe\AntiWPA_Crypt.dll
  %TEMP%\antiwpa_crypt.dll
  %TEMP%\antiwpa.dll /s
  %PROGRAMFILES%\antiwpa.dll /s
  %systemroot%\system32\crypt.dll
  %TEMP%\crypt.dll
  %SYSTEMDRIVE%\*.
  %SYSTEMDRIVE%\*.*
  %PROGRAMFILES%\*.
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

sohappy

OTL logfile created on: 19/06/2009 12:02:00 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\EAMON\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 59.79% Memory free
918.54 Mb Paging File | 612.36 Mb Available in Paging File | 66.67% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 3.72 Gb Total Space | 0.74 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive | 7.51 Gb Total Space | 6.94 Gb Free Space | 92.40% Space Free | Partition Type: NTFS
Drive E: | 9.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-DUHBWXPLON
Current User Name: EAMON
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
PRC - \aawservice.exe (Lavasoft)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)
PRC - \Advanced WindowsCare V2\MemCleaner.exe (IObit)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe (Huawei Technologies)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\EAMON\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- \aawservice.exe (Lavasoft)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (btwdins [Auto | Running]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (SeaPort [Auto | Running]) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (vvdsvc [Auto | Stopped]) -- C:\WINDOWS\system32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

========== Driver Services (SafeList) ==========

DRV - (AsusACPI [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys (ASUSTeK Computer Inc.)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (btaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTDriver [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWDNDIS [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
DRV - (fssfltr [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (hwdatacard [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys (Intel Corporation)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (RT80x86 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RT2860.sys (Ralink Technology, Corp.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (Ser2pl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ser2pl.sys (Prolific Technology Inc.)
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys (Avira GmbH)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.google.co.uk/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/ig?hl=en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/02/25 19:16:11 | 00,000,000 | ---D | M]


O1 HOSTS File: (307738 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10593 more lines...
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - \Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartRAM] \Advanced WindowsCare V2\MemCleaner.exe /m (IObit)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] \Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\Asus\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - \Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 06:09:03 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/03/12 18:22:30 | 00,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell - "" = AutoRun
O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell - "" = AutoRun
O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell - "" = AutoRun
O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell - "" = AutoRun
O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell - "" = AutoRun
O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell - "" = AutoRun
O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell - "" = AutoRun
O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell - "" = AutoRun
O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/19 11:55:39 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
NetSvcs: 6to4 -
NetSvcs: AppMgmt - File not found
NetSvcs: AudioSrv - C:\WINDOWS\System32\audiosrv.dll (Microsoft Corporation)
NetSvcs: Browser - C:\WINDOWS\System32\browser.dll (Microsoft Corporation)
NetSvcs: CryptSvc - C:\WINDOWS\System32\cryptsvc.dll (Microsoft Corporation)
NetSvcs: DMServer - C:\WINDOWS\System32\dmserver.dll (Microsoft Corp.)
NetSvcs: DHCP - C:\WINDOWS\System32\dhcpcsvc.dll (Microsoft Corporation)
NetSvcs: ERSvc - C:\WINDOWS\System32\ersvc.dll (Microsoft Corporation)
NetSvcs: EventSystem - C:\WINDOWS\system32\es.dll (Microsoft Corporation)
NetSvcs: FastUserSwitchingCompatibility - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll (Microsoft Corporation)
NetSvcs: Ias -
NetSvcs: Iprip -
NetSvcs: Irmon -
NetSvcs: LanmanServer - C:\WINDOWS\System32\srvsvc.dll (Microsoft Corporation)
NetSvcs: LanmanWorkstation - C:\WINDOWS\System32\wkssvc.dll (Microsoft Corporation)
NetSvcs: Messenger - C:\WINDOWS\System32\msgsvc.dll (Microsoft Corporation)
NetSvcs: Netman - C:\WINDOWS\System32\netman.dll (Microsoft Corporation)
NetSvcs: Nla - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
NetSvcs: Ntmssvc - C:\WINDOWS\system32\ntmssvc.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation -
NetSvcs: Nwsapagent -
NetSvcs: Rasauto - C:\WINDOWS\System32\rasauto.dll (Microsoft Corporation)
NetSvcs: Rasman - C:\WINDOWS\System32\rasmans.dll (Microsoft Corporation)
NetSvcs: Remoteaccess - C:\WINDOWS\System32\mprdim.dll (Microsoft Corporation)
NetSvcs: Schedule - C:\WINDOWS\system32\schedsvc.dll (Microsoft Corporation)
NetSvcs: Seclogon - C:\WINDOWS\System32\seclogon.dll (Microsoft Corporation)
NetSvcs: SENS - C:\WINDOWS\system32\sens.dll (Microsoft Corporation)
NetSvcs: Sharedaccess - C:\WINDOWS\System32\ipnathlp.dll (Microsoft Corporation)
NetSvcs: SRService - C:\WINDOWS\system32\srsvc.dll (Microsoft Corporation)
NetSvcs: Tapisrv - C:\WINDOWS\System32\tapisrv.dll (Microsoft Corporation)
NetSvcs: Themes - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: TrkWks - C:\WINDOWS\system32\trkwks.dll (Microsoft Corporation)
NetSvcs: W32Time - C:\WINDOWS\system32\w32time.dll (Microsoft Corporation)
NetSvcs: WZCSVC - C:\WINDOWS\System32\wzcsvc.dll (Microsoft Corporation)
NetSvcs: Wmi -
NetSvcs: WmdmPmSp -
NetSvcs: winmgmt - C:\WINDOWS\system32\wbem\WMIsvc.dll (Microsoft Corporation)
NetSvcs: wscsvc - C:\WINDOWS\system32\wscsvc.dll (Microsoft Corporation)
NetSvcs: xmlprov - C:\WINDOWS\System32\xmlprov.dll (Microsoft Corporation)
NetSvcs: napagent - C:\WINDOWS\System32\qagentrt.dll (Microsoft Corporation)
NetSvcs: hkmsvc - C:\WINDOWS\System32\kmsvc.dll (Microsoft Corporation)
NetSvcs: BITS - C:\WINDOWS\system32\qmgr.dll (Microsoft Corporation)
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)
NetSvcs: ShellHWDetection - C:\WINDOWS\System32\shsvcs.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
NetSvcs: WmdmPmSN - C:\WINDOWS\system32\MsPMSNSv.dll (Microsoft Corporation)
SafeBootMin: aawservice - (Lavasoft)
SafeBootMin: AppMgmt - (Microsoft Corporation)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CryptSvc - (Microsoft Corporation)
SafeBootMin: DcomLaunch - (Microsoft Corporation)
SafeBootMin: dmadmin - (Microsoft Corp., Veritas Software)
SafeBootMin: dmboot.sys - (Microsoft Corp., Veritas Software)
SafeBootMin: dmio.sys - (Microsoft Corp., Veritas Software)
SafeBootMin: dmload.sys - (Microsoft Corp., Veritas Software.)
SafeBootMin: dmserver - (Microsoft Corp.)
SafeBootMin: EventLog - (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - (Microsoft Corporation)
SafeBootMin: Netlogon - (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PlugPlay - (Microsoft Corporation)
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcSs - (Microsoft Corporation)
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sdauxservice - Reg Error: Value error.
SafeBootMin: sdcoreservice - Reg Error: Value error.
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sr.sys - (Microsoft Corporation)
SafeBootMin: SRService - (Microsoft Corporation)
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: vgasave.sys - (Microsoft Corporation)
SafeBootMin: WinMgmt - (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: aawservice - (Lavasoft)
SafeBootNet: AFD - (Microsoft Corporation)
SafeBootNet: AppMgmt - (Microsoft Corporation)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Browser - (Microsoft Corporation)
SafeBootNet: CryptSvc - (Microsoft Corporation)
SafeBootNet: DcomLaunch - (Microsoft Corporation)
SafeBootNet: Dhcp - (Microsoft Corporation)
SafeBootNet: dmadmin - (Microsoft Corp., Veritas Software)
SafeBootNet: dmboot.sys - (Microsoft Corp., Veritas Software)
SafeBootNet: dmio.sys - (Microsoft Corp., Veritas Software)
SafeBootNet: dmload.sys - (Microsoft Corp., Veritas Software.)
SafeBootNet: dmserver - (Microsoft Corp.)
SafeBootNet: DnsCache - (Microsoft Corporation)
SafeBootNet: EventLog - (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - (Microsoft Corporation)
SafeBootNet: ip6fw.sys - (Microsoft Corporation)
SafeBootNet: ipnat.sys - (Microsoft Corporation)
SafeBootNet: LanmanServer - (Microsoft Corporation)
SafeBootNet: LanmanWorkstation - (Microsoft Corporation)
SafeBootNet: LmHosts - (Microsoft Corporation)
SafeBootNet: Messenger - (Microsoft Corporation)
SafeBootNet: NDIS - (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: Ndisuio - (Microsoft Corporation)
SafeBootNet: NetBIOS - (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetBT - (Microsoft Corporation)
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Netlogon - (Microsoft Corporation)
SafeBootNet: NetMan - (Microsoft Corporation)
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NtLmSsp - (Microsoft Corporation)
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PlugPlay - (Microsoft Corporation)
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdpcdd.sys - (Microsoft Corporation)
SafeBootNet: rdpdd.sys - (Microsoft Corporation)
SafeBootNet: rdpwd.sys - (Microsoft Corporation)
SafeBootNet: rdsessmgr - (Microsoft Corporation)
SafeBootNet: RpcSs - (Microsoft Corporation)
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sdauxservice - Reg Error: Value error.
SafeBootNet: sdcoreservice - Reg Error: Value error.
SafeBootNet: sermouse.sys - Driver
SafeBootNet: SharedAccess - (Microsoft Corporation)
SafeBootNet: sr.sys - (Microsoft Corporation)
SafeBootNet: SRService - (Microsoft Corporation)
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: Tcpip - (Microsoft Corporation)
SafeBootNet: TDI - Driver Group
SafeBootNet: tdpipe.sys - (Microsoft Corporation)
SafeBootNet: tdtcp.sys - (Microsoft Corporation)
SafeBootNet: termservice - (Microsoft Corporation)
SafeBootNet: vga.sys - Driver
SafeBootNet: vgasave.sys - (Microsoft Corporation)
SafeBootNet: WinMgmt - (Microsoft Corporation)
SafeBootNet: WZCSVC - (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: aux - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\system32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\system32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\system32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\system32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\system32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\system32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\system32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\system32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\system32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\system32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\system32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\system32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\system32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\system32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\system32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\system32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\system32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\system32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\system32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.X264 - C:\WINDOWS\system32\x264vfw.dll ()
Drivers32: VIDC.YUY2 - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\system32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\system32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\system32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\system32\msacm32.drv (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2009/06/19 11:55:39 | 00,000,282 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie (2).url
[2009/06/19 11:54:29 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\EAMON\Desktop\OTL.exe
[2009/06/19 10:03:47 | 00,170,711 | ---- | C] (Eric_71) -- C:\Documents and Settings\EAMON\Desktop\Rooter.exe
[2009/06/19 09:58:29 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/18 21:31:35 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\HijackThis.lnk
[2009/06/18 21:31:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/06/18 19:10:39 | 00,000,304 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie.url
[2009/06/18 11:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2009/06/18 10:53:16 | 00,000,450 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/06/18 10:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/06/18 10:42:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Application Data\Winamp
[2009/06/18 10:40:03 | 00,593,938 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/06/18 10:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\x264
[2009/06/18 10:38:55 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/06/18 10:38:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Desktop\TVASS
[2009/06/17 14:05:27 | 00,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/17 14:04:30 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/06/17 14:04:30 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009/06/17 14:04:30 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/06/17 14:04:30 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/06/17 14:04:30 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/06/17 14:04:05 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/06/17 14:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/16 23:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\SpyZooka
[2009/06/16 23:08:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Desktop\Downloads
[2009/06/16 23:08:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Application Data\GetRightToGo
[2009/06/16 00:38:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/15 13:02:42 | 00,000,208 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Startup.ie - The First Stop Shop for Business.url
[2009/06/15 12:53:47 | 00,000,212 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Welcome to Sustainable Ireland.url
[2009/06/13 21:20:03 | 00,000,371 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/06/13 21:20:03 | 00,000,371 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/13 21:15:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/06/13 20:19:26 | 00,000,198 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Multiple windows open unexpectedly.url
[2009/06/07 20:02:26 | 00,000,220 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Watch Live Online TV Channels - FoxSports.url
[2009/06/07 15:08:54 | 00,000,240 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\How do i free up RAM space on my computer - Yahoo! Answers.url
[2009/06/07 14:01:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Application Data\TVU networks
[2009/06/06 19:41:08 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/06/06 19:40:39 | 00,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/06/06 19:40:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\EAMON\Application Data\Foxit
[2009/06/06 17:01:50 | 00,000,535 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Revo Uninstaller.lnk
[2009/06/06 10:45:53 | 00,000,693 | ---- | C] () -- C:\Documents and Settings\EAMON\Desktop\Spybot - Search & Destroy.lnk
[2009/06/01 17:11:37 | 00,410,051 | ---- | C] () -- \My Documents\556.mht
[2009/05/29 10:07:57 | 00,225,835 | ---- | C] () -- \My Documents\Dial-Up Numbers - eircom net Technical Support.mht
[2009/05/27 15:11:38 | 00,672,289 | ---- | C] () -- \My Documents\Ticketmaster Confirmation.mht
[2009/05/21 19:18:15 | 00,048,640 | ---- | C] (Prolific Technology Inc.) -- C:\WINDOWS\System32\drivers\ser2pl.sys
[2008/05/23 06:15:02 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/23 04:05:21 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/23 04:05:21 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/23 04:05:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/23 04:05:21 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/23 04:05:21 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/23 04:05:21 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/23 03:09:38 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008/04/25 06:08:42 | 00,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/25 06:06:46 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/25 06:06:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/03/17 08:54:36 | 00,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2008/03/04 19:52:34 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\libcurl.dll
[2008/01/29 08:05:48 | 02,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/10/31 10:39:54 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007/05/17 14:58:10 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\libexpatw.dll
[2005/02/17 04:41:32 | 00,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 04:41:30 | 00,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 05:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Files - Modified Within 30 Days ==========

[2009/06/19 11:55:39 | 00,000,282 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie (2).url
[2009/06/19 11:54:35 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\EAMON\Desktop\OTL.exe
[2009/06/19 11:42:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/19 11:41:33 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\EAMON\Local Settings\desktop.ini
[2009/06/19 11:41:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/19 10:03:47 | 00,170,711 | ---- | M] (Eric_71) -- C:\Documents and Settings\EAMON\Desktop\Rooter.exe
[2009/06/18 23:51:12 | 00,000,510 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\CCleaner.lnk
[2009/06/18 21:31:35 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\HijackThis.lnk
[2009/06/18 19:10:39 | 00,000,304 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie.url
[2009/06/18 10:53:16 | 00,000,450 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2009/06/18 10:49:55 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/18 10:40:03 | 00,593,938 | ---- | M] () -- C:\WINDOWS\System32\x264vfw.dll
[2009/06/17 14:47:12 | 00,307,738 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/06/17 14:11:25 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/06/17 14:05:27 | 00,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/15 13:02:42 | 00,000,208 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Startup.ie - The First Stop Shop for Business.url
[2009/06/15 12:53:47 | 00,000,212 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Welcome to Sustainable Ireland.url
[2009/06/13 21:20:03 | 00,000,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2009/06/13 21:20:03 | 00,000,371 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/13 20:19:26 | 00,000,198 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Multiple windows open unexpectedly.url
[2009/06/11 12:27:00 | 00,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2009/06/11 11:27:57 | 00,185,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/09 19:05:16 | 00,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/09 19:05:16 | 00,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/09 19:05:16 | 00,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/07 20:02:26 | 00,000,220 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Watch Live Online TV Channels - FoxSports.url
[2009/06/07 15:08:54 | 00,000,240 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\How do i free up RAM space on my computer - Yahoo! Answers.url
[2009/06/06 19:41:08 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.url
[2009/06/06 19:40:39 | 00,000,502 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[2009/06/06 17:01:50 | 00,000,535 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Revo Uninstaller.lnk
[2009/06/06 11:10:39 | 00,307,709 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090617-144712.backup
[2009/06/06 10:45:53 | 00,000,693 | ---- | M] () -- C:\Documents and Settings\EAMON\Desktop\Spybot - Search & Destroy.lnk
[2009/06/04 11:10:23 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/01 17:51:12 | 23,635,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/01 17:11:40 | 00,410,051 | ---- | M] () -- \My Documents\556.mht
[2009/05/29 10:07:57 | 00,225,835 | ---- | M] () -- \My Documents\Dial-Up Numbers - eircom net Technical Support.mht
[2009/05/27 15:11:52 | 00,672,289 | ---- | M] () -- \My Documents\Ticketmaster Confirmation.mht

========== LOP Check ==========

[2009/06/18 11:05:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/06/06 18:11:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/06/17 14:04:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/07/31 14:48:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/02/22 00:43:44 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/03/02 12:50:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009/06/18 23:00:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/16 09:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/04/25 19:05:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TVU Networks
[2008/10/22 22:56:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/21 16:42:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/06/18 10:42:52 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\EAMON\Application Data
[2009/01/11 14:49:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\.purple
[2008/07/30 14:35:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Adobe
[2009/06/06 19:40:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Foxit
[2009/06/16 23:10:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\GetRightToGo
[2009/02/26 11:17:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Google
[2008/07/28 21:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Help
[2008/07/28 21:56:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Identities
[2008/05/23 03:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\InstallShield
[2008/08/24 19:08:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\InterVideo
[2008/11/05 12:05:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\InterVoip
[2008/11/21 16:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\IObit
[2008/07/24 21:31:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Macromedia
[2009/06/17 13:46:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\EAMON\Application Data\Microsoft
[2008/07/30 20:15:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Opera
[2008/08/29 12:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Real
[2009/06/11 12:33:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Skype
[2009/06/11 12:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\skypePM
[2008/07/30 00:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\StarOffice8
[2009/02/28 16:11:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\StumbleUpon
[2008/05/23 04:11:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Sun
[2008/07/25 05:12:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Template
[2009/06/07 14:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\TVU networks
[2008/11/03 15:42:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\VoipCheapCom
[2009/06/18 11:00:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\EAMON\Application Data\Winamp
[2006/03/01 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/19 11:42:48 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Custom Scans ==========


< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/06/19 11:55:39 | 00,000,000 | ---D | M] -- C:
[2009/06/17 14:01:31 | 00,000,000 | -HSD | M] -- C:\Config.Msi
[2008/07/26 20:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2008/07/29 17:41:48 | 00,000,000 | ---D | M] -- C:\Driver
[2008/05/23 03:08:27 | 00,000,000 | ---D | M] -- C:\Intel
[2009/06/18 21:31:35 | 00,000,000 | ---D | M] -- C:\Program Files
[2008/07/24 18:27:23 | 00,000,000 | -HSD | M] -- C:\RECYCLER
[2009/06/19 10:04:04 | 00,000,000 | ---D | M] -- C:\Rooter$
[2008/08/27 21:11:36 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2009/06/19 11:59:28 | 00,000,000 | ---D | M] -- C:\WINDOWS

< %SYSTEMDRIVE%\*.* >
[2008/12/19 15:38:24 | 00,524,288 | -H-- | M] () -- C:\901.ROM
[2008/04/25 06:09:03 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/07/25 05:08:11 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/04/25 06:09:03 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/04/25 06:09:03 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/04/25 06:09:03 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 06:13:04 | 00,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 08:01:44 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/24 17:37:51 | 00,001,373 | ---- | M] () -- C:\output.log
[2008/11/17 21:46:46 | 10,485,7600 | -HS- | M] () -- C:\pagefile.sys
[2008/12/17 11:58:09 | 00,000,232 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/12/17 11:58:09 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %PROGRAMFILES%\*. >
[2009/06/18 21:31:35 | 00,000,000 | ---D | M] -- C:\Program Files
[2008/11/12 15:17:03 | 00,000,000 | ---D | M] -- C:\Program Files\ASUS
[2008/07/24 18:20:45 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2009/06/17 14:04:05 | 00,000,000 | ---D | M] -- C:\Program Files\Avira
[2009/06/18 11:00:26 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/04/25 06:03:19 | 00,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2008/05/23 03:11:00 | 00,000,000 | ---D | M] -- C:\Program Files\EeePC
[2009/06/12 14:00:10 | 00,000,000 | ---D | M] -- C:\Program Files\FootyOnline.tv
[2008/07/25 05:14:13 | 00,000,000 | ---D | M] -- C:\Program Files\Huawei technologies
[2009/05/21 19:18:10 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/05/23 03:08:35 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/06/11 11:18:53 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/05/13 10:24:35 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2008/08/14 10:58:42 | 00,000,000 | ---D | M] -- C:\Program Files\Messenger
[2009/01/11 15:21:18 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2008/04/25 06:09:24 | 00,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2009/02/26 12:52:48 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/05/23 03:22:36 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2009/02/22 00:44:06 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Sync Framework
[2008/04/25 06:04:37 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/02/23 16:55:20 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/04/25 06:01:12 | 00,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/04/25 06:04:48 | 00,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2008/04/25 06:05:18 | 00,000,000 | ---D | M] -- C:\Program Files\Online Services
[2008/04/25 06:04:45 | 00,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2009/02/12 00:07:27 | 00,000,000 | ---D | M] -- C:\Program Files\RALINK
[2008/05/23 03:07:29 | 00,000,000 | ---D | M] -- C:\Program Files\Realtek
[2009/02/23 16:53:54 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/02 12:51:05 | 00,000,000 | R--D | M] -- C:\Program Files\Skype
[2009/06/16 23:18:37 | 00,000,000 | ---D | M] -- C:\Program Files\SpyZooka
[2009/06/18 21:31:35 | 00,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/04/25 19:05:31 | 00,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2008/05/23 03:06:02 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/03/29 17:05:57 | 00,000,000 | ---D | M] -- C:\Program Files\Vidalia Bundle
[2008/05/23 03:11:51 | 00,000,000 | ---D | M] -- C:\Program Files\WIDCOMM
[2009/06/18 10:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2009/02/22 00:58:45 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/01/11 15:20:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live SkyDrive
[2009/06/18 10:50:57 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2008/07/31 00:07:36 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/04/25 06:05:36 | 00,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2009/06/18 10:38:55 | 00,000,000 | ---D | M] -- C:\Program Files\x264
[2008/04/25 06:09:24 | 00,000,000 | ---D | M] -- C:\Program Files\xerox

========== Alternate Data Streams ==========

@Alternate Data Stream - 4286 bytes -> C:\Documents and Settings\EAMON\Desktop\How to trim and install Windows XP without a CD-ROM drive.url:favicon
@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\EAMON\Desktop\ROJADIRECTA, ver partidos de fútbol gratis en directo por Internet, recién finalizados y video resúmenes. SopCast TVants Veetle Justin Mogulus Ustream....url:favicon
@Alternate Data Stream - 3638 bytes -> C:\Documents and Settings\EAMON\Desktop\Ireland - Tipp FM live streaming.url:favicon
@Alternate Data Stream - 22486 bytes -> C:\Documents and Settings\EAMON\Desktop\Zattoo - watch online TV.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie.url:favicon
@Alternate Data Stream - 1150 bytes -> C:\Documents and Settings\EAMON\Desktop\celldorado popup - boards.ie (2).url:favicon
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

sohappy

OTL Extras logfile created on: 19/06/2009 12:02:00 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\EAMON\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1015.17 Mb Total Physical Memory | 607.00 Mb Available Physical Memory | 59.79% Memory free
918.54 Mb Paging File | 612.36 Mb Available in Paging File | 66.67% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 3.72 Gb Total Space | 0.74 Gb Free Space | 20.01% Space Free | Partition Type: NTFS
Drive | 7.51 Gb Total Space | 6.94 Gb Free Space | 92.40% Space Free | Partition Type: NTFS
Drive E: | 9.07 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YOUR-DUHBWXPLON
Current User Name: EAMON
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 DataModem HSDPA.exe:*:Enabled:3 DDataModem HSDPA (Huawei Technologies)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync (Microsoft Corporation)
C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component (TVU networks)
\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox File not found
\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts (Zhejiang University)
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype (Skype Technologies S.A.)
C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb File not found
C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray File not found
C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 13
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84E2AA5A-8BA3-4F08-9F6F-C14E4C679FF0}" = Asus OS Cleaner
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"3 DataModem HSDPA" = 3 DataModem HSDPA
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"FLFooty TV" = FLFooty TV
"FootyOnline.tv" = FootyOnline.tv
"Foxit Reader" = Foxit Reader
"GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NewProduct 1.00" = NewProduct 1.00
"Revo Uninstaller" = Revo Uninstaller 1.83
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.5.1
"VJOcx1.8" = VJOcx1.8
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"x264 Revision 564 x264.nl" = x264 Revision 564 x264.nl (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13/05/2009 05:16:36 | Computer Name = YOUR-DUHBWXPLON | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb958481,
P2 1033, P3 1603, P4 msi, P5 f, P6 9.0.31211.0, P7 install, P8 x86, P9 xp, P10
1307.

Error - 15/05/2009 16:37:21 | Computer Name = YOUR-DUHBWXPLON | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 18/05/2009 10:39:28 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.206, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 04/06/2009 08:03:22 | Computer Name = YOUR-DUHBWXPLON | Source = SecurityCenter | ID = 1802
Description = The Windows Security Center Service was unable to establish event
queries with WMI to monitor third party AntiVirus and Firewall.

Error - 04/06/2009 14:01:56 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.0.0.206, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 16/06/2009 04:11:55 | Computer Name = YOUR-DUHBWXPLON | Source = pctsSvc.exe | ID = 0
Description =

Error - 17/06/2009 08:54:09 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 18/06/2009 05:51:02 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 18/06/2009 05:55:28 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
orbnsvsourcefilter.ax, version 2.2007.626.1430, fault address 0x00006e70.

Error - 18/06/2009 05:57:15 | Computer Name = YOUR-DUHBWXPLON | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
orbnsvsourcefilter.ax, version 2.2007.626.1430, fault address 0x00006e70.

[ System Events ]
Error - 20/05/2009 11:37:57 | Computer Name = YOUR-DUHBWXPLON | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'avgresf.dll' on the volume 'HarddiskVolume1'. It has
stopped monitoring the volume.

Error - 22/05/2009 04:43:55 | Computer Name = YOUR-DUHBWXPLON | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0015AFB7CF06. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 22/05/2009 14:40:58 | Computer Name = YOUR-DUHBWXPLON | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 22/05/2009 14:40:58 | Computer Name = YOUR-DUHBWXPLON | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 27/05/2009 05:53:43 | Computer Name = YOUR-DUHBWXPLON | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 04/06/2009 08:03:22 | Computer Name = YOUR-DUHBWXPLON | Source = DCOM | ID = 10010
Description = The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register
with DCOM within the required timeout.

Error - 06/06/2009 10:42:50 | Computer Name = YOUR-DUHBWXPLON | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.7 for the Network Card with network
address 0015AFB7CF06 has been denied by the DHCP server 192.168.5.254 (The DHCP
Server sent a DHCPNACK message).

Error - 11/06/2009 06:26:02 | Computer Name = YOUR-DUHBWXPLON | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.

Error - 12/06/2009 07:51:10 | Computer Name = YOUR-DUHBWXPLON | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'avgcfgx.dll.old' on the volume 'HarddiskVolume1'. It
has stopped monitoring the volume.

Error - 15/06/2009 08:03:51 | Computer Name = YOUR-DUHBWXPLON | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 0015AFB7CF06. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

ActorSeeksJob

hi

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  PRC - D:\aawservice.exe (Lavasoft)
  O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Key error. File not found
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
  O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell - "" = AutoRun
  O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{3c9d18ad-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell - "" = AutoRun
  O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{3c9d18b1-748b-11dd-9f17-f84e9b816c76}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell - "" = AutoRun
  O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{420eab9e-6f62-11dd-9ef5-904a65af438a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell - "" = AutoRun
  O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{82cbe554-6240-11dd-9eab-b2e42d0d0b3e}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
  O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell - "" = AutoRun
  O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{9738e056-1176-11de-8507-0015aff65263}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell - "" = AutoRun
  O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{9738e057-1176-11de-8507-0015aff65263}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell - "" = AutoRun
  O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{a93f9293-59ff-11dd-9e6d-0022152d0609}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell - "" = AutoRun
  O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{b99d9be4-81b8-11dd-9f4d-bd96c57e8c3d}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell - "" = AutoRun
  O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell\AutoRun - "" = Auto&Play
  O33 - MountPoints2\{eaf4e434-5a7d-11dd-9e75-a168f1b9b042}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2007/03/03 19:19:40 | 00,077,824 | R--- | M] (Huawei Technologies Co., Ltd.)
  
  :Services
  
  :Reg
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done

Download TFC to your desktop

• Open the file and close any other windows.
• It will close all programs itself when run, make sure to let it run uninterrupted.
• Click the Start button to begin the process. The program should not take long to finish its job
• Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

1. Read through the requirements and privacy statement and click on Accept button.
2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
3. When the downloads have finished, click on Settings.
4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
   Spyware, Adware, Dialers, and other potentially dangerous programs
   Archives
   Mail databases

[*]Click on My Computer under Scan.
[*]Once the scan is complete, it will display the results. Click on View Scan Report.
[*]You will see a list of infected items there. Click on Save Report As....
[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

sohappy

Malwarebytes' Anti-Malware 1.38
Database version: 2309
Windows 5.1.2600 Service Pack 3

19/06/2009 21:35:21
mbam-log-2009-06-19 (21-35-21).txt

Scan type: Quick Scan
Objects scanned: 85276
Time elapsed: 3 minute(s), 51 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

sohappy

karpersky came back all clear, I wasn't sure exactly what I was doin but I followed you instructions to the letter,
many thanks for taking the time to help me out:)