Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Comodo anti-virus won't initialise, but malwarebytes says it's clean...

  • 26-09-2009 11:48am
    #1
    Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭


    I checking out a friends laptop and it seemed sluggish and Avira antivirus wouldn't update.

    I ran malwarebytes and it reported 1 item cleaned

    C:\WINDOWS\bemark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

    There previously wasn't a firewall on the laptop and I thought to put on the Comodo one, which I notice now comes with a free anti-virus.

    This is installed and the curious thing about it is that even though it's installed, rebooted, it can't update (has never updated) because it says the anti-virus engine is not initialized. A re-install hasn't changed anything, neither has safe mode, nor another scan with malwarebytes.

    I'm a little stuck and wondering if someone could please look over a HJT log and see if says anything. I suspect another infection because the AV won't initialise, but I'm surprised that mwb doesn't find one.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:36:08, on 26/09/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\avgagent.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\lxdxcoms.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sites.google.com/a/suas.ie/suas-internal-webpage/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [lxdxmon.exe] "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe"
    O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: CEBdc - https://www.boi-bol.com/jsp/payments/dcApplet.cab
    O16 - DPF: CEBdep - https://www.boi-bol.com/jsp/payments/dcDependencies.cab
    O16 - DPF: KCrypto for Applets - https://www.ros.ie/applets/kcrypto.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209742671859
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - C:\Program Files\tinyproxy\tinyproxy.exe (file missing)
    O23 - Service: AVG7 Remote Support Service (AvgAgent) (avgagent) - Unknown owner - avgagent.exe (file missing)
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Google Update Service (gupdate1c99b36e1394b5c) (gupdate1c99b36e1394b5c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: lmab_device - Lexmark International, Inc. - C:\WINDOWS\system32\LMabcoms.exe
    O23 - Service: lxdxCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdxserv.exe
    O23 - Service: lxdx_device - - C:\WINDOWS\system32\lxdxcoms.exe
    O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Vince/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg

    --
    End of file - 8189 bytes


Comments

  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    don't put the logs in code

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Thanks very much.

    Here's the log -
    GooredFix by jpshortstuff (24.09.09.1)
    Log created at 13:58 on 26/09/2009 (Vince)
    Firefox version 3.0.14 (en-GB)

    ========== GooredScan ==========


    ========== GooredLog ==========

    C:\Program Files\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [14:08 19/12/2008]
    {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [16:58 06/11/2008]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [16:58 06/11/2008]

    -=E.O.F=-


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi
    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      netsvcs
      msconfig
      safebootminimal
      safebootnetwork
      activex
      drivers32

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Thanks very much.

    Starting with OTL.txt

    OTL logfile created on: 26/09/2009 18:36:13 - Run 1
    OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Vince\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1015.36 Mb Total Physical Memory | 635.22 Mb Available Physical Memory | 62.56% Memory free
    1.40 Gb Paging File | 1.13 Gb Available in Paging File | 80.85% Paging File free
    Paging file location(s): C:\pagefile.sys 512 512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 20.72 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
    Drive D: | 119.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SUASLAPTOP4
    Current User Name: Vince
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    PRC - C:\WINDOWS\avgagent.exe (GRISOFT, s.r.o.)
    PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\WINDOWS\System32\lxdxcoms.exe ( )
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
    PRC - C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
    PRC - C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
    PRC - C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
    PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
    PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    PRC - C:\Documents and Settings\Vince\Desktop\OTL.exe (OldTimer Tools)

    ========== Win32 Services (SafeList) ==========

    SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
    SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
    SRV - (AVG7 Remote Support Service (AvgAgent) (avgagent) [Auto | Stopped]) -- File not found
    SRV - (avgagent [Auto | Running]) -- C:\WINDOWS\avgagent.exe (GRISOFT, s.r.o.)
    SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
    SRV - (btwdins [Disabled | Stopped]) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
    SRV - (cmdAgent [Auto | Running]) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
    SRV - (gupdate1c99b36e1394b5c [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
    SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
    SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
    SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
    SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (lmab_device [On_Demand | Stopped]) -- C:\WINDOWS\System32\LMabcoms.exe (Lexmark International, Inc.)
    SRV - (lxdxCATSCustConnectService [Auto | Stopped]) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdxserv.exe (Lexmark International, Inc.)
    SRV - (lxdx_device [Auto | Running]) -- C:\WINDOWS\System32\lxdxcoms.exe ( )
    SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
    SRV - (RampartSvc [On_Demand | Stopped]) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe (SonicWALL, Inc.)
    SRV - (SoundMAX Agent Service (default) [Auto | Running]) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
    SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

    ========== Driver Services (SafeList) ==========

    DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aeaudio.sys (Andrea Electronics Corporation)
    DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
    DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
    DRV - (b57w2k [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys (Broadcom Corporation)
    DRV - (BANTExt [System | Running]) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
    DRV - (BTKRNL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\btkrnl.sys (Broadcom Corporation.)
    DRV - (BTWUSB [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\btwusb.sys (Broadcom Corporation.)
    DRV - (cmdGuard [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys (COMODO)
    DRV - (cmdHlp [System | Running]) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys (COMODO)
    DRV - (DNE [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dne2000.sys (Deterministic Networks, Inc.)
    DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
    DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
    DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\System32\drivers\EABFiltr.sys (Hewlett-Packard Company)
    DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\eabusb.sys (Hewlett-Packard Company)
    DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV - (GTIPCI21 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gtipci21.sys (Texas Instruments)
    DRV - (hwdatacard [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
    DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
    DRV - (Inspect [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
    DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
    DRV - (RCFOX [System | Running]) -- C:\WINDOWS\System32\Drivers\RCFOX.sys (SonicWALL, Inc.)
    DRV - (rcvpn [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rcvpn.sys (SonicWALL, Inc.)
    DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SMCIRDA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\smcirda.sys (SMSC)
    DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
    DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
    DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
    DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
    DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
    DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
    DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
    DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
    DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
    DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
    DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
    DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
    DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
    DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\tifm21.sys (Texas Instruments)
    DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
    DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
    DRV - (windrvNT [Auto | Running]) -- C:\WINDOWS\System32\windrvNT.sys ()

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:9090

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sites.google.com/a/suas.ie/suas-internal-webpage/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://sites.google.com/a/suas.ie/suas-internal-webpage/&quot;
    FF - prefs.js..extensions.enabledItems: catch_toolbar@catch.fm:1.17
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 9090

    FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2008/11/06 17:58:27 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/18 12:16:54 | 00,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/18 12:16:54 | 00,000,000 | ---D | M]

    [2008/12/22 17:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Extensions
    [2008/12/22 17:57:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
    [2009/09/23 19:14:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Firefox\Profiles\lqkxtkxe.default\extensions
    [2008/11/25 09:52:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\mozilla\Firefox\Profiles\lqkxtkxe.default\extensions\catch_toolbar@catch.fm
    [2009/09/23 19:14:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
    [2009/09/18 12:16:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2008/11/06 17:58:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
    [2009/09/18 12:16:49 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
    [2009/09/18 12:16:49 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
    [2008/11/06 17:58:27 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
    [2009/01/07 18:29:18 | 01,447,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
    [2009/09/18 12:16:50 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
    [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
    [2009/07/23 21:53:03 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
    [2009/07/30 18:08:08 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2009/07/30 18:08:09 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
    [2009/07/30 18:08:09 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2009/07/30 18:08:09 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
    [2009/07/30 18:08:09 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2009/07/30 18:08:09 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2009/07/30 18:08:09 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
    [2009/07/30 18:08:09 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    O1 HOSTS File: (290277 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
    O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
    O1 - Hosts: 9998 more lines...

    [I had a look at the hosts file, and all these extra lines have a line above and below them to say that they were inserted by spybot S&D.]

    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe (Lexmark International Inc.)
    O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    O4 - HKLM..\Run: [lxdxmon.exe] C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe ()
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
    O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_10.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
    O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab (Facebook Photo Uploader Control)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1209742671859 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: CEBdc https://www.boi-bol.com/jsp/payments/dcApplet.cab (Reg Error: Key error.)
    O16 - DPF: CEBdep https://www.boi-bol.com/jsp/payments/dcDependencies.cab (Reg Error: Key error.)
    O16 - DPF: KCrypto for Applets https://www.ros.ie/applets/kcrypto.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ipp - No CLSID value found
    O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Vince/LOCALS~1/Temp/msohtml1/08/clip_image002.jpg
    O24 - Desktop Components:1 (My Current Home Page) - About:Home
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{19f01605-16a5-11dd-a15f-006073e7c56b}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
    O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell - "" = AutoRun
    O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
    O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\open\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
    O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell - "" = AutoRun
    O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell - "" = AutoRun
    O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell - "" = AutoRun
    O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell - "" = AutoRun
    O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell - "" = AutoRun
    O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
    O34 - HKLM BootExecute: (autocheck) - File not found
    O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
    O34 - HKLM BootExecute: (*) - File not found

    NetSvcs: 6to4 - Service key not found. File not found
    NetSvcs: Ias - Service key not found. File not found
    NetSvcs: Iprip - Service key not found. File not found
    NetSvcs: Irmon - C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
    NetSvcs: NWCWorkstation - Service key not found. File not found
    NetSvcs: Nwsapagent - Service key not found. File not found
    NetSvcs: WmdmPmSp - Service key not found. File not found
    NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

    MsConfig - Services: "iPod Service"
    MsConfig - Services: "gusvc"
    MsConfig - Services: "btwdins"
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
    MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk - C:\PROGRA~1\INTERV~1\DVDCHE~1\DVDCheck.exe - File not found
    MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe File not found
    MsConfig - StartUpReg: hpWirelessAssistant - hkey= - key= - C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
    MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
    MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
    MsConfig - StartUpReg: UpdateManager - hkey= - key= - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 2
    MsConfig - State: "startup" - 2

    SafeBootMin: Base - Driver Group
    SafeBootMin: Boot Bus Extender - Driver Group
    SafeBootMin: Boot file system - Driver Group
    SafeBootMin: File system - Driver Group
    SafeBootMin: Filter - Driver Group
    SafeBootMin: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootMin: PCI Configuration - Driver Group
    SafeBootMin: PNP Filter - Driver Group
    SafeBootMin: Primary disk - Driver Group
    SafeBootMin: SCSI Class - Driver Group
    SafeBootMin: sermouse.sys - Driver
    SafeBootMin: System Bus Extender - Driver Group
    SafeBootMin: vds - Service
    SafeBootMin: vga.sys - Driver
    SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
    SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    SafeBootNet: Base - Driver Group
    SafeBootNet: Boot Bus Extender - Driver Group
    SafeBootNet: Boot file system - Driver Group
    SafeBootNet: File system - Driver Group
    SafeBootNet: Filter - Driver Group
    SafeBootNet: HelpSvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
    SafeBootNet: NDIS Wrapper - Driver Group
    SafeBootNet: NetBIOSGroup - Driver Group
    SafeBootNet: NetDDEGroup - Driver Group
    SafeBootNet: Network - Driver Group
    SafeBootNet: NetworkProvider - Driver Group
    SafeBootNet: PCI Configuration - Driver Group
    SafeBootNet: PNP Filter - Driver Group
    SafeBootNet: PNP_TDI - Driver Group
    SafeBootNet: Primary disk - Driver Group
    SafeBootNet: SCSI Class - Driver Group
    SafeBootNet: sermouse.sys - Driver
    SafeBootNet: Streams Drivers - Driver Group
    SafeBootNet: System Bus Extender - Driver Group
    SafeBootNet: TDI - Driver Group
    SafeBootNet: vga.sys - Driver
    SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
    SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
    SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
    SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
    SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
    SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
    SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
    SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
    SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
    SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
    SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
    SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
    SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
    SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
    SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
    SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
    SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

    ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
    ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
    ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
    ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
    ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
    ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
    ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
    ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
    ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
    ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
    ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
    ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
    ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
    ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
    ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
    ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
    ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
    ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
    ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
    ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
    ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
    ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
    ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
    ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
    ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
    ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
    ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
    ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
    ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
    ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
    ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
    ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
    ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
    ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
    ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
    ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
    ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
    ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
    ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
    ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
    ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
    ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

    Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/09/26 18:32:46 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vince\Desktop\OTL.exe
    [2009/09/26 13:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\GooredFix Backups
    [2009/09/26 13:57:00 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe
    [2009/09/26 11:35:42 | 00,001,740 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\HijackThis.lnk
    [2009/09/26 11:35:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/09/24 19:13:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\My Documents\Eoins Website
    [2009/09/24 19:07:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\FileZilla
    [2009/09/22 20:51:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\My Documents\My Skype Content
    [2009/09/22 20:36:33 | 00,061,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/22 20:28:54 | 00,000,814 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2009/09/22 20:27:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
    [2009/09/22 20:27:48 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2009/09/22 20:27:48 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
    [2009/09/22 20:27:48 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2009/09/22 20:27:48 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2009/09/22 20:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2009/09/22 20:18:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\AVG8
    [2009/09/20 20:58:04 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\Camden Markets.doc
    [2009/09/19 14:27:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\Rossa Images
    [2009/09/19 13:32:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\Skype
    [2009/09/19 09:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Application Data\Mp3tag
    [2009/09/19 09:57:57 | 00,000,660 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
    [2009/09/19 09:57:54 | 00,000,000 | ---D | C] -- C:\Program Files\Mp3tag
    [2009/09/14 22:44:44 | 58,394,528 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\autoparty.wav
    [2009/09/14 22:44:40 | 46,274,280 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\one 2.wav
    [2009/09/14 22:44:37 | 46,274,280 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\one.wav
    [2009/09/14 22:44:34 | 52,599,320 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\close your eyes.wav
    [2009/09/10 19:46:21 | 00,000,666 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
    [2009/09/10 19:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Local Settings\Application Data\MediaMonkey
    [2009/09/10 19:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\MediaMonkey
    [2009/09/10 19:45:13 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
    [2009/09/10 19:45:06 | 07,574,760 | ---- | C] (Ventis Media Inc. ) -- C:\Documents and Settings\Vince\Desktop\MediaMonkey_3.1.1.1261.exe
    [2009/09/02 23:12:20 | 00,006,200 | ---- | C] () -- C:\WINDOWS\System32\INT13EXT.VXD
    [2009/09/02 23:12:19 | 00,001,561 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
    [2009/09/02 23:12:19 | 00,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
    [2009/09/02 23:10:48 | 06,113,439 | ---- | C] (InstallShield Software Corporation) -- C:\Documents and Settings\Vince\Desktop\pci_filerecovery.exe
    [2009/08/30 10:28:48 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE - normal file size.doc
    [2009/08/30 10:03:19 | 00,172,032 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE.doc
    [2009/08/29 14:45:12 | 13,942,45120 | ---- | C] () -- C:\Documents and Settings\Vince\Desktop\Gandhi (Collector's Edition) 1982.avi
    [2009/05/25 22:22:57 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdxvs.dll
    [2009/05/25 22:22:56 | 00,360,448 | ---- | C] () -- C:\WINDOWS\System32\lxdxcoin.dll
    [2009/05/25 22:22:23 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdxdrs.dll
    [2009/05/25 22:22:23 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdxcaps.dll
    [2009/05/25 22:22:23 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdxcnv4.dll
    [2009/05/25 22:21:55 | 01,105,920 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxserv.dll
    [2009/05/25 22:21:55 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxusb1.dll
    [2009/05/25 22:21:55 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxpmui.dll
    [2009/05/25 22:21:55 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxlmpm.dll
    [2009/05/25 22:21:55 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDXhcp.dll
    [2009/05/25 22:21:55 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxinpa.dll
    [2009/05/25 22:21:55 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDXinst.dll
    [2009/05/25 22:21:55 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxiesc.dll
    [2009/05/25 22:21:55 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxprox.dll
    [2009/05/25 22:21:54 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomc.dll
    [2009/05/25 22:21:54 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxhbn3.dll
    [2009/05/25 22:21:54 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdxcomm.dll
    [2009/05/25 22:21:54 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdxgrd.dll
    [2009/01/15 11:18:54 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/05/08 11:11:36 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
    [2007/05/03 10:47:05 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\suppdll.dll
    [2007/05/03 10:47:05 | 00,035,363 | ---- | C] () -- C:\WINDOWS\System32\windrvNT.sys
    [2007/03/08 15:02:03 | 00,000,080 | ---- | C] () -- C:\WINDOWS\avgagent.ini
    [2006/09/29 12:42:33 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2006/09/06 11:04:19 | 00,000,479 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/06/10 02:46:23 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/10 01:46:48 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2006/06/09 21:59:09 | 00,001,345 | ---- | C] () -- C:\WINDOWS\LMAAT2DD.ini
    [2005/09/29 11:50:24 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/03/29 15:16:12 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
    [2004/08/07 14:19:16 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/07 14:12:40 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/08/07 14:03:10 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
    [2004/08/07 06:53:36 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
    [2004/06/01 10:39:56 | 00,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
    [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/05/15 22:29:04 | 00,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    [2001/11/23 17:18:00 | 00,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
    [2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

    ========== Files - Modified Within 30 Days ==========

    [1 C:\*.tmp files]
    [5 C:\WINDOWS\System32\*.tmp files]
    [1 C:\WINDOWS\*.tmp files]
    [2009/09/26 18:32:50 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vince\Desktop\OTL.exe
    [2009/09/26 18:26:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
    [2009/09/26 18:04:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2009/09/26 18:04:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2009/09/26 13:57:00 | 00,069,192 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe
    [2009/09/26 11:35:42 | 00,001,740 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\HijackThis.lnk
    [2009/09/25 20:38:40 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/09/25 20:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/09/25 20:37:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/09/25 20:37:44 | 00,061,472 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
    [2009/09/24 22:26:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
    [2009/09/24 18:17:23 | 00,757,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/09/24 18:17:23 | 00,284,986 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/09/24 18:17:23 | 00,002,858 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/09/24 18:11:40 | 01,930,896 | -H-- | M] () -- C:\Documents and Settings\Vince\Local Settings\Application Data\IconCache.db
    [2009/09/23 21:27:10 | 00,016,803 | ---- | M] () -- C:\WINDOWS\avgagent.dmp
    [2009/09/22 20:52:36 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
    [2009/09/22 20:52:35 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
    [2009/09/22 20:52:34 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
    [2009/09/22 20:52:34 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
    [2009/09/22 20:28:54 | 00,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
    [2009/09/20 20:58:05 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\Camden Markets.doc
    [2009/09/19 09:57:57 | 00,000,660 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mp3tag.lnk
    [2009/09/14 20:42:08 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/09/10 19:46:21 | 00,000,666 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
    [2009/09/10 19:45:07 | 07,574,760 | ---- | M] (Ventis Media Inc. ) -- C:\Documents and Settings\Vince\Desktop\MediaMonkey_3.1.1.1261.exe
    [2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/09/04 00:33:12 | 46,274,280 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\one 2.wav
    [2009/09/04 00:21:14 | 46,274,280 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\one.wav
    [2009/09/03 20:31:53 | 00,051,200 | ---- | M] () -- C:\Documents and Settings\Vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/09/02 23:12:19 | 00,001,561 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Inspector File Recovery.lnk
    [2009/09/02 23:11:22 | 06,113,439 | ---- | M] (InstallShield Software Corporation) -- C:\Documents and Settings\Vince\Desktop\pci_filerecovery.exe
    [2009/08/30 10:28:48 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE - normal file size.doc
    [2009/08/30 10:03:20 | 00,172,032 | ---- | M] () -- C:\Documents and Settings\Vince\Desktop\25 10_08_09 SUAS INVOICE.doc
    [2009/08/28 22:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

    ========== LOP Check ==========

    [2009/09/22 20:34:59 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
    [2009/07/23 21:54:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    [2008/12/22 11:54:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
    [2009/03/24 12:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2007/07/25 16:45:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GRETECH
    [2007/05/17 19:40:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
    [2005/09/29 11:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
    [2009/01/22 11:00:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbsPlus
    [2009/09/24 19:07:01 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Vince\Application Data
    [2008/12/22 13:14:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Auslogics
    [2009/03/24 12:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\AVS4YOU
    [2009/09/24 19:35:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\FileZilla
    [2008/05/13 09:37:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\GMoveProject
    [2008/03/05 16:05:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\GRETECH
    [2008/05/08 18:10:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\InterVideo
    [2009/05/27 15:20:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Kingston
    [2008/09/25 16:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\KompoZer
    [2008/03/28 10:44:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Leadertech
    [2009/09/19 10:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\Mp3tag
    [2009/07/18 21:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\TeamViewer
    [2009/01/22 11:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\ThumbsPlus
    [2009/05/27 16:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\U3
    [2008/05/13 17:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Vince\Application Data\VoipCheapCom
    [2004/08/04 09:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
    [2009/09/26 18:04:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    [2009/09/26 18:04:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    [2009/09/24 22:26:00 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
    [2009/09/26 18:26:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
    [2009/09/25 20:37:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

    ========== Purity Check ==========


    < End of report >


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    OTL Extras logfile created on: 26/09/2009 18:36:13 - Run 1
    OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Vince\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1015.36 Mb Total Physical Memory | 635.22 Mb Available Physical Memory | 62.56% Memory free
    1.40 Gb Paging File | 1.13 Gb Available in Paging File | 80.85% Paging File free
    Paging file location(s): C:\pagefile.sys 512 512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 55.89 Gb Total Space | 20.72 Gb Free Space | 37.08% Space Free | Partition Type: NTFS
    Drive D: | 119.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: SUASLAPTOP4
    Current User Name: Vince
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
    .html [@ = FirefoxHTML] --

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    jsfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Lock folder with Folder Lock] -- C:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
    Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
    Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "6150:TCP" = 6150:TCP:*:Enabled:avgagent.exe
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "9090:TCP" = 9090:TCP:*:Enabled:TINYPROXY
    "53:TCP" = 53:TCP:*:Enabled:TINYPROXY

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:McAfee Managed Services Agent -- File not found
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\LMabcoms.exe" = C:\WINDOWS\system32\LMabcoms.exe:*:Enabled:Lexmark Enhanced TCP/IP -- (Lexmark International, Inc.)
    "C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
    "C:\WINDOWS\avgagent.exe" = C:\WINDOWS\avgagent.exe:*:Enabled:avgagent.exe -- (GRISOFT, s.r.o.)
    "C:\Program Files\VoipCheapCom\VoipCheapCom.exe" = C:\Program Files\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
    "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
    "C:\Program Files\tinyproxy\tinyproxy.exe" = C:\Program Files\tinyproxy\tinyproxy.exe:*:Enabled:TINYPROXY -- File not found
    "C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
    "C:\WINDOWS\system32\lxdxcoms.exe" = C:\WINDOWS\system32\lxdxcoms.exe:*:Enabled:3600-4600 Series Server -- ( )
    "C:\WINDOWS\system32\lxdxcfg.exe" = C:\WINDOWS\system32\lxdxcfg.exe:*:Enabled:Printer Communication System -- ( )
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxpswx.exe:*:Enabled:Printer Status Window Interface -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxtime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
    "C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe" = C:\Program Files\Lexmark 3600-4600 Series\lxdxmon.exe:*:Enabled:Printer Device Monitor -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdxjswx.exe:*:Enabled:Job Status Window Interface -- ()
    "C:\Program Files\TeamViewer\Version4\TeamViewer.exe" = C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
    "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\Vince\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
    "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
    "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
    "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 10
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3EAAC5FD-E209-4856-8C49-D4EA40F85032}" = Vodafone 3G Broadband Modem
    "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
    "{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 B2
    "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
    "{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{913B0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
    "{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
    "{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
    "{BBC783B7-8725-3B1C-B49A-BA7F09391251}" = Google Talk Plugin
    "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
    "{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
    "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
    "{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = AusLogics Registry Defrag
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "Audacity_is1" = Audacity 1.2.6
    "AVS Audio Editor_is1" = AVS Audio Editor version 4.2
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "Belarc Advisor 2.0" = Belarc Advisor 7.2
    "CCleaner" = CCleaner (remove only)
    "COMODO Internet Security" = COMODO Internet Security
    "FileZilla Client" = FileZilla Client 3.2.6.1
    "GOM Player" = GOM Player
    "Google Chrome" = Google Chrome
    "HijackThis" = HijackThis 2.0.2
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
    "Lexmark 3600-4600 Series" = Lexmark 3600-4600 Series
    "Lexmark_HostCD" = Lexmark Software Uninstall
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "MediaMonkey_is1" = MediaMonkey 3.1
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
    "Mp3tag" = Mp3tag v2.44
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Picasa 3" = Picasa 3
    "Skype_is1" = Skype 2.5
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TeamViewer 4" = TeamViewer 4
    "ThumbsPlus7" = ThumbsPlus version 7 SP2
    "VoipCheapCom_is1" = VoipCheapCom
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 22/09/2009 15:38:51 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt;
    with error: This network connection does not exist.

    Error - 22/09/2009 15:38:53 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt;
    with error: This network connection does not exist.

    Error - 22/09/2009 15:38:53 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt;
    with error: This network connection does not exist.

    Error - 22/09/2009 15:39:12 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt;
    with error: This operation returned because the timeout period expired.

    Error - 22/09/2009 15:39:18 | Computer Name = SUASLAPTOP4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt&gt;
    with error: The specified server cannot perform the requested operation.

    Error - 23/09/2009 14:35:31 | Computer Name = SUASLAPTOP4 | Source = Application Hang | ID = 1002
    Description = Hanging application WINWORD.EXE, version 11.0.8307.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 23/09/2009 16:32:22 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. BaseIndex value from Performance
    registry
    is the first DWORD in Data section, LastCounter value is the second DWORD in Data
    section, and LastHelp value is the third DWORD in Data section.

    Error - 23/09/2009 16:32:22 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    Error - 24/09/2009 13:17:20 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. BaseIndex value from Performance
    registry
    is the first DWORD in Data section, LastCounter value is the second DWORD in Data
    section, and LastHelp value is the third DWORD in Data section.

    Error - 24/09/2009 13:17:20 | Computer Name = SUASLAPTOP4 | Source = LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The Error code is the first DWORD in Data section.

    [ System Events ]
    Error - 24/09/2009 13:13:24 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ClntMgmt.sys

    Error - 25/09/2009 15:38:22 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdxCATSCustConnectService
    service to connect.

    Error - 25/09/2009 15:38:22 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7000
    Description = The lxdxCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 25/09/2009 15:38:31 | Computer Name = SUASLAPTOP4 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    ClntMgmt.sys

    Error - 26/09/2009 05:47:02 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 26/09/2009 05:47:02 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 26/09/2009 05:47:04 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 26/09/2009 05:47:04 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.

    Error - 26/09/2009 05:47:17 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452689
    Description = Time Provider NtpClient: An error occurred during DNS lookup of the
    manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
    again in 15 minutes. The error was: A socket operation was attempted to an unreachable
    host. (0x80072751)

    Error - 26/09/2009 05:47:17 | Computer Name = SUASLAPTOP4 | Source = W32Time | ID = 39452701
    Description = The time provider NtpClient is configured to acquire time from one
    or more time sources, however none of the sources are currently accessible. No attempt
    to contact a source will be made for 14 minutes. NtpClient has no source of accurate
    time.


    < End of report >


  • Advertisement
  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    hi

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
      :OTL
      O33 - MountPoints2\{19f01605-16a5-11dd-a15f-006073e7c56b}\Shell\Open(&O)\command - "" = RECYCLED\appmgmt.exe
      O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell - "" = AutoRun
      O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{2ee519a2-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\AutoRun\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
      O33 - MountPoints2\{2ee519a3-f3fe-11dc-a140-006073e7c56b}\Shell\open\command - "" = F:\SYSTEM\S-3-7-89-2225458569-9856321456-454423558-8896\explorer.exe -- File not found
      O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell - "" = AutoRun
      O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{4e021106-3142-11dd-a172-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
      O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell - "" = AutoRun
      O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{b4f8a066-3140-11dd-a171-006073e7c56b}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
      O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell - "" = AutoRun
      O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{badcc8c7-ef1a-11db-a068-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
      O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell - "" = AutoRun
      O33 - MountPoints2\{cba10048-bad1-11dd-a20b-006073ed7d28}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell - "" = AutoRun
      O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{dbf550d2-f3f7-11dc-a13f-006073e7c56b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
      [2009/09/26 13:58:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Vince\Desktop\GooredFix Backups
      [2009/09/26 13:57:00 | 00,069,192 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Vince\Desktop\GooredFix.exe
      
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
      "C:\Program Files\tinyproxy\tinyproxy.exe"=-
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done



    Download ComboFix from one of these locations:

    Link 1
    Link 2


    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    RcAuto1.gif


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.


  • Closed Accounts Posts: 69 ✭✭xprepairs


    Just food for thought. Comodo makes a good firewall, BUT the AV included is severly lacking.


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    @ASJ Thanks for this. I haven't been able to get to the computer until now and I'm just going through the instructions now, cheers.
    xprepairs wrote: »
    Just food for thought. Comodo makes a good firewall, BUT the AV included is severly lacking.

    Good to know, thanks. Maybe I'll just use their firewall and install a different A/V after this process.

    Perhaps the problem I'm having is with the Comodo A/V after all and there might not be an infection.

    I really appreciate the help with investigating it though.

    So far, I've followed the OTL instructions in the post above and on reboot there was a problem in that the laptop could no longer connect to the wireless network. Even though it appears to be connected, when I try to browse it says 'resolving host....' and then can't connect. Works fine when plugged into the router with a cable though.

    I'll continue with the instructions and report back with the log and on the above issue.

    cheers


  • Registered Users, Registered Users 2 Posts: 2,809 ✭✭✭edanto


    Combofix log:

    ComboFix 09-09-28.01 - Vince 29/09/2009 22:28.1.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1015.536 [GMT 1:00]
    Running from: c:\documents and settings\Vince\Desktop\ComboFix.exe
    AV: COMODO Antivirus *On-access scanning enabled* (Outdated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\recycler\S-1-5-21-1708537768-602609370-725345543-500
    c:\recycler\S-1-5-21-2904479229-2175686988-744735450-500
    c:\windows\Installer\1bdb1b7.msp
    c:\windows\Installer\WinRMSrv.msi

    .
    ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
    .

    2009-09-29 20:53 . 2009-09-29 20:53
    d
    w- C:\_OTL
    2009-09-26 20:36 . 2009-09-26 20:36
    d
    w- c:\program files\IrfanView
    2009-09-26 10:35 . 2009-09-26 10:35
    d
    w- c:\program files\Trend Micro
    2009-09-24 18:07 . 2009-09-28 12:01
    d
    w- c:\documents and settings\Vince\Application Data\FileZilla
    2009-09-22 19:36 . 2009-09-29 20:55 61472 ----a-w- c:\windows\system32\drivers\sfi.dat
    2009-09-22 19:27 . 2009-09-22 19:37
    d
    w- c:\documents and settings\All Users\Application Data\Comodo
    2009-09-22 19:27 . 2009-09-22 19:52 179792 ----a-w- c:\windows\system32\guard32.dll
    2009-09-22 19:27 . 2009-09-22 19:52 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
    2009-09-22 19:27 . 2009-09-22 19:52 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2009-09-22 19:27 . 2009-09-22 19:52 132296 ----a-w- c:\windows\system32\drivers\cmdguard.sys
    2009-09-22 19:27 . 2009-09-22 19:27
    d
    w- c:\program files\COMODO
    2009-09-22 19:18 . 2009-09-22 19:18
    d
    w- c:\documents and settings\Vince\Application Data\AVG8
    2009-09-19 12:32 . 2009-09-22 19:52
    d
    w- c:\documents and settings\Vince\Application Data\Skype
    2009-09-19 08:58 . 2009-09-19 09:00
    d
    w- c:\documents and settings\Vince\Application Data\Mp3tag
    2009-09-19 08:57 . 2009-09-19 08:57
    d
    w- c:\program files\Mp3tag
    2009-09-10 18:46 . 2009-09-19 21:02
    d
    w- c:\documents and settings\Vince\Local Settings\Application Data\MediaMonkey
    2009-09-10 18:46 . 2009-09-10 18:46
    d
    w- c:\program files\MediaMonkey
    2009-09-10 18:45 . 2009-06-21 21:44 153088
    w- c:\windows\system32\dllcache\triedit.dll
    2009-09-02 22:12 . 2009-09-02 22:12
    d
    w- c:\program files\PC Inspector File Recovery

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-09-19 13:23 . 2008-02-21 18:06
    d
    w- c:\program files\Picasa2
    2009-09-19 12:31 . 2008-05-12 11:26
    d
    w- c:\program files\VoipCheapCom
    2009-09-19 11:16 . 2008-12-08 11:57
    d
    w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-14 20:37 . 2009-04-06 12:21
    d
    w- c:\program files\Microsoft Silverlight
    2009-09-10 13:54 . 2008-12-08 11:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 13:53 . 2008-12-08 11:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-09-02 22:12 . 2005-09-29 10:30
    d--h--w- c:\program files\InstallShield Installation Information
    2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-07-17 19:01 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\atl.dll
    2009-07-13 22:43 . 2004-08-04 08:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
    2009-07-09 11:16 . 2009-07-23 20:51 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-07-09 11:16 . 2009-07-23 20:51 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-07-03 17:09 . 2004-08-04 08:00 915456 ----a-w- c:\windows\system32\wininet.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Google Update"="c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-08-13 133104]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "lxdxmon.exe"="c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe" [2008-11-03 680616]
    "EzPrint"="c:\program files\Lexmark 3600-4600 Series\ezprint.exe" [2008-11-03 107176]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-09-22 1799952]
    "AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-08-24 88363]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
    backup=c:\windows\pss\DVD Check.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "btwdins"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\LMabcoms.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\avgagent.exe"=
    "c:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
    "c:\\WINDOWS\\system32\\lxdxcoms.exe"=
    "c:\\WINDOWS\\system32\\lxdxcfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
    "c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Documents and Settings\\Vince\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Vince\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6150:TCP"= 6150:TCP:avgagent.exe
    "9090:TCP"= 9090:TCP:TINYPROXY
    "53:TCP"= 53:TCP:TINYPROXY

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [22/09/2009 20:27 132296]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [22/09/2009 20:27 25160]
    R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [10/02/2009 18:39 91136]
    R2 avgagent;AVG7 Remote Support Service (AvgAgent);avgagent.exe /srvfsys --> avgagent.exe [?]
    R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [10/06/2006 01:46 80384]
    R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [10/02/2009 18:38 23180]
    S2 AVG7 Remote Support Service (AvgAgent) (avgagent) ;AVG7 Remote Support Service (AvgAgent) (avgagent) ;c:\program files\tinyproxy\tinyproxy.exe --> c:\program files\tinyproxy\tinyproxy.exe [?]
    S2 gupdate1c99b36e1394b5c;Google Update Service (gupdate1c99b36e1394b5c);c:\program files\Google\Update\GoogleUpdate.exe [02/03/2009 14:00 133104]
    S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [25/05/2009 22:22 98984]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:00]

    2009-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-02 13:00]

    2009-09-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006Core.job
    - c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 21:21]

    2009-09-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-719119060-2452408960-2207782838-1006UA.job
    - c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-13 21:21]
    .
    .
    Supplementary Scan
    .
    uStart Page = hxxp://sites.google.com/a/suas.ie/suas-internal-webpage/
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    DPF: CEBdc - hxxps://www.boi-bol.com/jsp/payments/dcApplet.cab
    DPF: CEBdep - hxxps://www.boi-bol.com/jsp/payments/dcDependencies.cab
    DPF: KCrypto for Applets - hxxps://www.ros.ie/applets/kcrypto.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Vince\Application Data\Mozilla\Firefox\Profiles\lqkxtkxe.default\
    FF - prefs.js: browser.startup.homepage - hxxp://sites.google.com/a/suas.ie/suas-internal-webpage/
    FF - plugin: c:\documents and settings\Vince\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Vince\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Picasa2\npPicasa3.dll
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-09-29 22:33
    Windows 5.1.2600 Service Pack 3 NTFS

    detected NTDLL code modification:
    ZwClose, ZwOpenFile

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    LOCKED REGISTRY KEYS

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    DLLs Loaded Under Running Processes

    - - - - - - - > 'winlogon.exe'(1576)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(1632)
    c:\windows\system32\guard32.dll
    .
    Completion time: 2009-09-29 22:35
    ComboFix-quarantined-files.txt 2009-09-29 21:35

    Pre-Run: 24,032,546,816 bytes free
    Post-Run: 23,983,435,776 bytes free

    173 --- E O F --- 2009-09-14 19:45


  • Closed Accounts Posts: 1,970 ✭✭✭ActorSeeksJob


    looking good

    I'd try re-install Comodo


    Download TFC to your desktop
    • Open the file and close any other windows.
    • It will close all programs itself when run, make sure to let it run uninterrupted.
    • Click the Start button to begin the process. The program should not take long to finish its job
    • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




    Please download Malwarebytes' Anti-Malware from Here

    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






    Go to Kaspersky website and perform an online antivirus scan.
    1. Read through the requirements and privacy statement and click on Accept button.
    2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    3. When the downloads have finished, click on Settings.
    4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
      [*]Click on My Computer under Scan.
      [*]Once the scan is complete, it will display the results. Click on View Scan Report.
      [*]You will see a list of infected items there. Click on Save Report As....
      [*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.


    5. Advertisement
    Advertisement