McAffee found SUSP_IP_MJ_Create, I run TDSSKiller

**Kerstinb** · 2010-11-06, 21:03

McAffee found SUSP_IP_MJ_Create (51 finds), I was advised run TDSSKiller (Kaspersky) and it found 1 thread and required to reboot to fix - I've done this and rerun the McAffee quick test - it didn't find anything now but I still can't update my Anti Virus software so I wonder if I still have this Trojan/Virus or if there is an additional problem? Furthermore can you advise if I need to change any of my normal log ons (i.e. Internet banking) after having had SUSP_IP_MJ_Create (sorry I'm not a computer expert

)?
Looking forward hearing from you

DDS (Ver_10-11-05.01) - NTFSx86
Run by user at 19:45:33.06 on 06/11/2010
Internet Explorer: 8.0.6001.18975
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3034.1860 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\RUNDLL32.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101029225621.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: NameServer = 93.188.162.133,93.188.160.13
TCP: {8699EBDC-1627-4423-90AF-DCCC4B25425B} = 93.188.162.133,93.188.160.13
TCP: {8BB7F400-33B3-4EC0-A942-BDDBD87E57B8} = 93.188.162.133,93.188.160.13
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 386712]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-10-29 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-29 164808]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-10-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-10-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-10-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-29 141792]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-29 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-10-29 152992]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-10-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-29 312904]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-29 84264]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]

=============== Created Last 30 ================

2010-11-06 15:12:09 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-06 15:10:31 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-06 14:36:18 -------- d-----w- c:\progra~2\PC Tools
2010-11-06 14:25:31 -------- d-----w- c:\users\user\appdata\roaming\GetRightToGo
2010-11-02 22:42:12 -------- d-----w- c:\users\user\appdata\local\Adobe
2010-10-31 23:00:02 -------- d-----w- c:\users\user\appdata\roaming\PeerNetworking
2010-10-30 10:02:04 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-30 10:02:04 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-10-30 10:02:04 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-30 10:02:02 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-30 10:02:01 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-30 10:02:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-30 09:56:08 -------- d-----w- c:\windows\system32\x64
2010-10-30 09:48:04 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2010-10-30 09:46:11 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-30 09:30:20 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-30 09:30:19 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-30 09:30:19 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-30 09:30:19 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-30 09:30:19 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-30 09:30:19 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-30 09:30:17 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-30 09:30:15 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-30 09:21:12 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-10-30 09:21:10 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-10-30 09:21:09 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-30 09:21:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-30 09:20:57 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-30 09:14:00 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-30 09:13:59 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-30 09:13:59 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-29 21:56:20 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-29 21:55:56 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-29 21:55:56 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-29 21:55:56 312904 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-29 21:55:56 164808 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-29 21:55:55 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-29 21:55:55 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-29 21:55:55 152992 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-10-29 21:55:35 -------- d-----w- c:\program files\McAfee.com
2010-10-29 21:55:35 -------- d-----w- c:\program files\common files\Mcafee
2010-10-29 21:55:32 -------- d-----w- c:\program files\McAfee
2010-10-29 21:43:51 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-29 21:28:39 -------- d-----w- c:\users\user\appdata\roaming\Trusteer
2010-10-29 21:28:27 -------- d-----w- c:\program files\Trusteer
2010-10-29 21:26:34 -------- d-----w- c:\progra~2\Trusteer
2010-10-29 19:31:48 -------- d-----w- c:\users\user\appdata\local\Google
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Deployment
2010-10-29 19:31:33 -------- d-----w- c:\users\user\appdata\local\Apps
2010-10-29 13:21:49 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-29 13:21:47 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-29 13:21:34 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-29 13:16:51 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-29 13:16:50 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-29 13:16:34 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-29 13:16:25 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-29 13:16:04 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-29 13:16:02 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-29 13:14:58 2868224 ----a-w- c:\windows\system32\mf.dll
2010-10-29 13:12:59 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-10-29 13:11:58 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-10-29 13:09:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-10-29 13:02:00 -------- d-----w- c:\program files\Marvell
2010-10-29 13:01:41 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-10-29 13:01:41 -------- d-----w- c:\windows\system32\Lang
2010-10-29 13:01:40 948760 ----a-w- c:\windows\system32\igxpun.exe
2010-10-29 13:01:21 -------- d-----w- C:\Intel
2010-10-29 12:51:27 -------- d-----w- c:\program files\JRE
2010-10-29 12:50:57 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-29 12:48:09 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-10-29 12:42:12 -------- d-sh--w- c:\windows\Installer
2010-10-29 12:39:37 2730536 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
2010-10-29 12:39:28 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{88ce7dcb-7a5d-4b24-ad89-f006d8e55703}\mpengine.dll
2010-10-29 12:39:24 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-29 12:39:24 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-29 12:39:24 1418752 ----a-w- c:\program files\windows media player\setup_wm.exe
2010-10-29 12:39:20 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpshare.exe
2010-10-29 12:39:20 107520 ----a-w- c:\program files\windows media player\wmpconfig.exe
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-10-29 12:39:19 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-10-29 12:37:49 -------- d-----w- c:\program files\VideoLAN
2010-10-29 12:34:30 98304 ----a-w- c:\windows\system32\cabview.dll
2010-10-29 12:34:13 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-10-29 12:18:25 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-10-29 12:17:56 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-10-29 12:17:39 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-10-29 12:17:39 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-10-29 12:03:46 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-10-28 21:50:12 -------- d-----w- c:\windows\Panther
2010-10-28 21:49:57 -------- d-sh--w- C:\Boot

==================== Find3M ====================

2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-31 15:41:42 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:41:42 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:40:26 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:39:46 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:07:25 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-26 16:01:41 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-08-26 16:01:35 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01:33 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01:32 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01:32 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-26 14:11:10 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 18:46:02 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-25 18:45:44 136216 ----a-w- c:\windows\system32\igfxtray.exe
2010-08-25 18:45:42 266776 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-08-25 18:45:40 170520 ----a-w- c:\windows\system32\igfxpers.exe
2010-08-25 18:45:38 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-25 18:45:36 171032 ----a-w- c:\windows\system32\hkcmd.exe
2010-08-25 18:45:32 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-25 18:39:46 81920 ----a-w- c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 18:31:30 4967424 ----a-w- c:\windows\system32\igdumd32.dll
2010-08-25 18:30:02 439308 ----a-w- c:\windows\system32\igcompkrng500.bin
2010-08-25 18:30:00 982240 ----a-w- c:\windows\system32\igkrng500.bin
2010-08-25 18:30:00 92356 ----a-w- c:\windows\system32\igfcg500m.bin
2010-08-25 18:28:22 571904 ----a-w- c:\windows\system32\igdumdx32.dll
2010-08-25 18:23:14 4411904 ----a-w- c:\windows\system32\igd10umd32.dll
2010-08-25 18:09:34 11040256 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-25 18:00:00 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-25 18:00:00 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-25 17:59:58 261632 ----a-w- c:\windows\system32\igfxTMM.dll
2010-08-25 17:59:58 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-25 17:59:42 57344 ----a-w- c:\windows\system32\igfxsrvc.dll
2010-08-25 17:59:24 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-25 17:59:16 94720 ----a-w- c:\windows\system32\hccutils.dll
2010-08-25 17:59:10 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-25 17:59:08 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-25 17:59:06 85504 ----a-w- c:\windows\system32\igfxrenu.lrc
2010-08-25 17:59:06 828928 ----a-w- c:\windows\system32\igfxress.dll
2010-08-25 17:59:06 228864 ----a-w- c:\windows\system32\igfxdev.dll
2010-08-25 17:52:00 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-25 17:52:00 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-08-25 17:52:00 143360 ----a-w- c:\windows\system32\iglhcp32.dll
2010-08-20 15:21:02 866816 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 13:32:33 126464 ----a-w- c:\windows\system32\spoolsv.exe

============= FINISH: 19:46:36.72 ===============

**ken545** · 2010-11-12, 23:14

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

Your computer is still infected and has been hijacked by the lovely people in the Ukraine

93.188.162.0 - 93.188.162.255
Promnet Ltd.

Ondrej Voloshin
Ekaterininskaya str., 41, 65000, Odessa, Ukraine
support@prom-net.com.ua
+380504414402

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

**Kerstinb** · 2010-11-14, 13:53

ComboFix 10-11-12.06 - user 14/11/2010 12:36:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3034.2121 [GMT 0:00]
Running from: c:\users\user\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 12:42 . 2010-11-14 12:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-06 19:41 . 2010-11-06 19:42 -------- d-----w- c:\program files\ERUNT
2010-11-06 15:12 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-06 15:10 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2010-11-06 14:36 . 2010-11-06 14:52 -------- d-----w- c:\programdata\PC Tools
2010-11-02 22:39 . 2010-11-02 22:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-30 12:02 . 2010-10-30 12:02 -------- d-----w- c:\windows\Sun
2010-10-30 10:02 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-10-30 10:02 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-30 10:02 . 2008-04-23 04:41 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-10-30 10:02 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-30 10:02 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-10-30 10:02 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-10-30 09:56 . 2010-10-30 09:56 -------- d-----w- c:\windows\system32\x64
2010-10-30 09:48 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2010-10-30 09:46 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-30 09:30 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-10-30 09:30 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-30 09:30 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-10-30 09:30 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-10-30 09:30 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2010-10-30 09:30 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-10-30 09:30 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-10-30 09:30 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-30 09:21 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-10-30 09:21 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-10-30 09:21 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-30 09:21 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-10-30 09:20 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2010-10-30 09:14 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-10-30 09:13 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-10-30 09:13 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-10-29 21:55 . 2010-10-29 21:57 -------- d-----w- c:\program files\Common Files\Mcafee
2010-10-29 21:55 . 2010-10-30 09:04 -------- d-----w- c:\program files\McAfee
2010-10-29 21:43 . 2010-08-24 13:57 141792 ----a-w- c:\windows\system32\mfevtps.exe.ff22.deleteme
2010-10-29 21:43 . 2010-10-30 09:11 -------- d-----w- c:\programdata\McAfee
2010-10-29 21:28 . 2010-10-29 21:28 -------- d-----w- c:\program files\Trusteer
2010-10-29 21:26 . 2010-10-29 21:26 -------- d-----w- c:\programdata\Trusteer
2010-10-29 13:47 . 2010-10-29 13:47 -------- d-----w- c:\program files\Intel
2010-10-29 13:21 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-10-29 13:21 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-10-29 13:21 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-10-29 13:16 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-29 13:16 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-29 13:16 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2010-10-29 13:16 . 2010-06-22 12:57 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-29 13:16 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2010-10-29 13:16 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-10-29 13:12 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2010-10-29 13:11 . 2008-08-12 03:39 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-10-29 13:09 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-10-29 13:02 . 2010-10-29 13:02 -------- d-----w- c:\program files\Marvell
2010-10-29 13:01 . 2010-10-29 13:01 -------- d-----w- c:\windows\system32\Lang
2010-10-29 13:01 . 2006-11-02 14:21 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-10-29 13:01 . 2010-08-25 18:45 948760 ----a-w- c:\windows\system32\igxpun.exe
2010-10-29 13:01 . 2010-10-29 13:01 -------- d-----w- C:\Intel
2010-10-29 12:51 . 2010-10-29 12:51 -------- d-----w- c:\program files\JRE
2010-10-29 12:50 . 2010-10-29 12:51 -------- d-----w- c:\program files\OpenOffice.org 3
2010-10-29 12:48 . 2010-10-29 12:47 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-10-29 12:47 . 2010-10-29 12:47 -------- d-----w- c:\program files\Java
2010-10-29 12:42 . 2010-11-06 14:37 -------- d-sh--w- c:\windows\Installer
2010-10-29 12:39 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{88CE7DCB-7A5D-4B24-AD89-F006D8E55703}\mpengine.dll
2010-10-29 12:39 . 2010-10-19 10:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-29 12:39 . 2009-09-10 15:21 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe
2010-10-29 12:39 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-10-29 12:39 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-10-29 12:39 . 2009-07-14 10:59 107520 ----a-w- c:\program files\Windows Media Player\wmpconfig.exe
2010-10-29 12:39 . 2009-07-14 10:58 107520 ----a-w- c:\program files\Windows Media Player\wmpshare.exe
2010-10-29 12:39 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-10-29 12:39 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-10-29 12:38 . 2010-10-29 12:38 -------- d-----w- c:\windows\system32\Macromed
2010-10-29 12:37 . 2010-10-29 12:38 -------- d-----w- c:\program files\ImgBurn
2010-10-29 12:37 . 2010-10-29 12:37 -------- d-----w- c:\program files\VideoLAN
2010-10-29 12:34 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-10-29 12:34 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-10-29 12:18 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-10-29 12:18 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-10-29 12:18 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-10-29 12:18 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-10-29 12:17 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2010-10-29 12:17 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-10-29 12:17 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2010-10-29 12:17 . 2009-08-06 18:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-10-29 12:17 . 2009-08-06 17:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-10-29 12:03 . 2007-10-09 17:17 1123328 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-10-28 21:50 . 2010-10-28 12:54 -------- d-----w- c:\windows\Panther
2010-10-28 21:49 . 2010-10-28 21:49 -------- d-----w- C:\Boot
2010-10-28 14:30 . 2010-10-29 21:56 -------- d-----w- c:\users\user
2010-10-28 14:17 . 2010-10-31 23:30 -------- d-----w- c:\windows\Debug

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 19:10 . 2008-01-21 02:24 184320 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-10-03 22:43 . 2010-10-03 22:43 59240 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2010-08-26 16:01 . 2010-10-29 13:14 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:01 . 2010-10-29 13:14 459776 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:01 . 2010-10-29 13:14 541696 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:01 . 2010-10-29 13:14 2153984 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-25 18:46 . 2010-08-25 18:46 8198680 ----a-w- c:\windows\system32\TVWSetup.exe
2010-08-25 18:45 . 2010-08-25 18:45 179224 ----a-w- c:\windows\system32\igfxext.exe
2010-08-25 18:45 . 2010-08-25 18:45 3156504 ----a-w- c:\windows\system32\GfxUI.exe
2010-08-25 18:39 . 2010-08-25 18:39 81920 ----a-w- c:\windows\system32\igfxCoIn_v2202.dll
2010-08-25 18:31 . 2010-08-25 18:31 9024512 ----a-w- c:\windows\system32\drivers\igdkmd32.sys
2010-08-25 18:23 . 2010-08-25 18:23 4411904 ----a-w- c:\windows\system32\igd10umd32.dll
2010-08-25 18:09 . 2010-08-25 18:09 11040256 ----a-w- c:\windows\system32\ig4icd32.dll
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrsky.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrslv.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86528 ----a-w- c:\windows\system32\igfxresn.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrtrk.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrsve.lrc
2010-08-25 18:02 . 2010-08-25 18:02 84992 ----a-w- c:\windows\system32\igfxrtha.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrrus.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrptg.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrplk.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrptb.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrnor.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrita.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrhun.lrc
2010-08-25 18:02 . 2010-08-25 18:02 84480 ----a-w- c:\windows\system32\igfxrheb.lrc
2010-08-25 18:02 . 2010-08-25 18:02 82944 ----a-w- c:\windows\system32\igfxrkor.lrc
2010-08-25 18:02 . 2010-08-25 18:02 82944 ----a-w- c:\windows\system32\igfxrjpn.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86528 ----a-w- c:\windows\system32\igfxrfra.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86528 ----a-w- c:\windows\system32\igfxrell.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrnld.lrc
2010-08-25 18:02 . 2010-08-25 18:02 86016 ----a-w- c:\windows\system32\igfxrdeu.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrfin.lrc
2010-08-25 18:02 . 2010-08-25 18:02 85504 ----a-w- c:\windows\system32\igfxrcsy.lrc
2010-08-25 18:02 . 2010-08-25 18:02 84992 ----a-w- c:\windows\system32\igfxrdan.lrc
2010-08-25 18:02 . 2010-08-25 18:02 84480 ----a-w- c:\windows\system32\igfxrara.lrc
2010-08-25 18:02 . 2010-08-25 18:02 81920 ----a-w- c:\windows\system32\igfxrcht.lrc
2010-08-25 18:02 . 2010-08-25 18:02 81920 ----a-w- c:\windows\system32\igfxrchs.lrc
2010-08-25 18:00 . 2010-08-25 18:00 23552 ----a-w- c:\windows\system32\igfxexps.dll
2010-08-25 18:00 . 2010-08-25 18:00 194560 ----a-w- c:\windows\system32\igfxpph.dll
2010-08-25 17:59 . 2010-08-25 17:59 115200 ----a-w- c:\windows\system32\igfxcpl.cpl
2010-08-25 17:59 . 2010-08-25 17:59 130048 ----a-w- c:\windows\system32\igfxdo.dll
2010-08-25 17:59 . 2010-08-25 17:59 120320 ----a-w- c:\windows\system32\gfxSrvc.dll
2010-08-25 17:59 . 2010-08-25 17:59 4096 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2010-08-25 17:52 . 2010-08-25 17:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2010-08-25 17:52 . 2010-08-25 17:52 208896 ----a-w- c:\windows\system32\iglhsip32.dll
2010-08-25 17:52 . 2010-08-25 17:52 143360 ----a-w- c:\windows\system32\iglhcp32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-10-29 149280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-8052193-4273620517-90382641-1000]
"EnableNotificationsRef"=dword:00000001

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 0046311289737863mcinstcleanup;McAfee Application Installer Cleanup (0046311289737863);c:\users\user\AppData\Local\Temp\004631~1.EXE [x]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 RapportKELL;RapportKELL;c:\windows\system32\Drivers\RapportKELL.sys [2010-10-03 59240]
R3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-10-03 169320]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S1 RapportCerberus_19917;RapportCerberus_19917;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys [2010-10-03 34792]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-10-03 767208]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc [x]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
*Deregistered* - mfenlfk
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\User_Feed_Synchronization-{F6D41C94-C351-425A-A8C6-175895CEF138}.job
- c:\windows\system32\msfeedssync.exe [2010-11-06 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 12:42
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1108)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
.
Completion time: 2010-11-14 12:44:41
ComboFix-quarantined-files.txt 2010-11-14 12:44

Pre-Run: 267,442,429,952 bytes free
Post-Run: 267,444,744,192 bytes free

- - End Of File - - E360A751F06226CF202AE60A3343E222

**ken545** · 2010-11-14, 14:18

Lets go ahead and run this scan and see if its still there, Combofix may have removed it.

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**Kerstinb** · 2010-11-14, 14:38

OTL logfile created on: 14/11/2010 13:31:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 245.79 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (0046311289737863mcinstcleanup) McAfee Application Installer Cleanup (0046311289737863) -- C:\Users\user\AppData\Local\Temp\004631~1.EXE File not found
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (TfSysMon) -- C:\Windows\System32\drivers\TfSysMon.sys File not found
DRV - (TfNetMon) -- C:\Windows\System32\drivers\TfNetMon.sys File not found
DRV - (TfFsMon) -- C:\Windows\System32\drivers\TfFsMon.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\user\AppData\Local\Temp\catchme.sys File not found
DRV - (RapportCerberus_19917) -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (Trusteer Ltd.)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Windows\System32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/14 13:12:39 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 13:29:32 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/11/14 13:16:28 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVG10
[2010/11/14 13:14:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/11/14 13:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/11/14 13:12:15 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/11/14 13:12:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/11/14 13:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/11/14 13:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/14 12:44:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/14 12:44:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\temp
[2010/11/14 12:43:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/14 12:33:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/11/14 12:33:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/11/14 12:33:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/11/14 12:32:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/14 12:32:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/06 19:44:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/11/06 19:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/11/06 15:11:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/11/06 15:11:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/11/06 15:11:27 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/11/06 15:11:27 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/11/06 15:11:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/11/06 15:11:27 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/11/06 15:11:27 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/11/06 15:11:26 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/11/06 15:11:26 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/11/06 15:11:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/11/06 15:11:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/11/06 15:11:25 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/11/06 15:11:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/11/06 15:11:25 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/11/06 15:11:24 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/11/06 15:11:24 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/11/06 15:11:24 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/11/06 15:10:31 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/11/06 15:10:31 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/11/06 15:10:30 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/11/06 15:10:30 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/11/06 15:10:30 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/11/06 15:10:30 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/11/06 15:10:30 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/11/06 15:10:30 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/11/06 15:10:29 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/11/06 15:10:29 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/11/06 15:10:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/11/06 15:10:29 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/11/06 15:10:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/11/06 15:10:29 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/11/06 15:10:28 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/11/06 15:10:28 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/11/06 15:10:28 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/11/06 15:10:28 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/11/06 15:10:27 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/11/06 15:10:26 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/11/06 15:10:26 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/11/06 15:10:26 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/11/06 15:10:26 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/11/06 15:10:26 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/11/06 15:10:26 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/11/06 14:36:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/06 14:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/06 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Downloads
[2010/11/06 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2010/11/02 22:42:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Adobe
[2010/11/02 22:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/11/02 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/02 22:39:09 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/11/01 19:31:14 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\vlc
[2010/10/31 23:00:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2010/10/30 12:10:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/30 12:02:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/10/30 10:09:45 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/10/30 10:09:44 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/10/30 10:09:43 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/10/30 10:09:43 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/10/30 10:09:43 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/10/30 10:09:43 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/30 10:09:43 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/10/30 10:09:43 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/10/30 10:09:43 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/10/30 10:09:43 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/10/30 10:09:43 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/10/30 10:09:43 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/10/30 10:09:43 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/10/30 10:09:43 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/10/30 10:09:43 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/10/30 10:09:43 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/10/30 10:09:43 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/10/30 10:09:43 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/10/30 10:09:42 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/10/30 10:09:42 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/10/30 10:09:42 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/10/30 10:09:42 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/10/30 10:09:42 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/10/30 10:09:42 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/10/30 10:02:04 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/10/30 10:02:04 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/10/30 10:02:04 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/10/30 10:02:02 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/10/30 10:02:01 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/10/30 10:02:01 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/10/30 09:56:08 | 000,000,000 | ---D | C] -- C:\Windows\System32\x64
[2010/10/30 09:46:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010/10/30 09:30:20 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/10/30 09:30:19 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/10/30 09:30:19 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/10/30 09:30:19 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/10/30 09:30:19 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/10/30 09:30:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/10/30 09:30:17 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/10/30 09:30:15 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/10/30 09:21:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/10/30 09:21:00 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/10/30 09:20:57 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/10/30 09:14:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/10/30 09:13:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/10/29 21:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/10/29 21:55:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/10/29 21:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/10/29 21:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/10/29 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Trusteer
[2010/10/29 21:28:27 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/10/29 21:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Trusteer
[2010/10/29 19:31:48 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Google
[2010/10/29 19:31:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Deployment
[2010/10/29 19:31:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apps
[2010/10/29 13:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/10/29 13:21:49 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/10/29 13:21:47 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/10/29 13:21:34 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/10/29 13:16:50 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/29 13:16:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/10/29 13:15:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/10/29 13:15:50 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/10/29 13:15:49 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/10/29 13:15:49 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/10/29 13:15:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/10/29 13:15:49 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/29 13:15:49 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/10/29 13:15:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/10/29 13:15:49 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/10/29 13:15:23 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/10/29 13:15:23 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/10/29 13:15:23 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/10/29 13:15:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/10/29 13:15:08 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/10/29 13:15:05 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/10/29 13:14:58 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/10/29 13:14:58 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/10/29 13:14:34 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/10/29 13:14:34 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/10/29 13:14:27 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/29 13:14:19 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/10/29 13:14:11 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/10/29 13:14:05 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/29 13:14:04 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/29 13:14:01 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/10/29 13:13:54 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/10/29 13:13:54 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/10/29 13:13:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/10/29 13:13:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/10/29 13:13:34 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/10/29 13:13:31 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/29 13:13:30 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/29 13:13:28 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/10/29 13:13:26 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/29 13:13:23 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/10/29 13:13:17 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/10/29 13:13:13 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/10/29 13:13:13 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/10/29 13:13:01 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/10/29 13:13:01 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/10/29 13:13:01 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/10/29 13:13:00 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/10/29 13:13:00 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/10/29 13:13:00 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/10/29 13:12:59 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/10/29 13:12:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/10/29 13:12:59 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/10/29 13:12:35 | 000,866,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/29 13:12:28 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/10/29 13:12:27 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/10/29 13:12:27 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/10/29 13:12:27 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/10/29 13:12:27 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/10/29 13:12:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/10/29 13:12:27 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/10/29 13:12:24 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/10/29 13:12:19 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/10/29 13:12:14 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/10/29 13:12:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/10/29 13:12:11 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/10/29 13:12:11 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/10/29 13:12:11 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/10/29 13:12:01 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/10/29 13:11:58 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/10/29 13:11:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/10/29 13:11:55 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/10/29 13:11:49 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/10/29 13:11:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/10/29 13:11:39 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/10/29 13:11:36 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/10/29 13:11:36 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/10/29 13:11:36 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/10/29 13:11:35 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/10/29 13:11:35 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/10/29 13:11:35 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/10/29 13:11:35 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/10/29 13:11:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/10/29 13:11:35 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/10/29 13:11:26 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/29 13:11:19 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/10/29 13:11:19 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/10/29 13:11:17 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/10/29 13:11:16 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/10/29 13:11:16 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/10/29 13:11:08 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/10/29 13:10:42 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/10/29 13:10:42 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/10/29 13:10:37 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/10/29 13:10:01 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/10/29 13:10:01 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/10/29 13:10:01 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/10/29 13:10:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/10/29 13:09:53 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/10/29 13:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2010/10/29 13:01:41 | 000,319,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2010/10/29 13:01:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\Lang
[2010/10/29 13:01:40 | 000,948,760 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igxpun.exe
[2010/10/29 13:01:21 | 000,000,000 | ---D | C] -- C:\Intel
[2010/10/29 13:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/10/29 13:00:49 | 000,059,392 | ---- | C] (Intel Corporation) -- C:\Windows\System32\oemdspif.dll
[2010/10/29 13:00:46 | 000,828,928 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2010/10/29 13:00:46 | 000,303,104 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxresp.lrc
[2010/10/29 13:00:46 | 000,261,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2010/10/29 13:00:46 | 000,155,648 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxCoIn_v1637.dll
[2010/10/29 13:00:46 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2010/10/29 13:00:46 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2010/10/29 13:00:44 | 004,967,424 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2010/10/29 13:00:44 | 000,668,696 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcfg.exe
[2010/10/29 13:00:44 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2010/10/29 13:00:44 | 000,228,864 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdev.dll
[2010/10/29 13:00:43 | 002,674,688 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4dev32.dll
[2010/10/29 13:00:43 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2010/10/29 13:00:34 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\TMP
[2010/10/29 13:00:29 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/29 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Macromedia
[2010/10/29 12:55:40 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Adobe
[2010/10/29 12:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/10/29 12:50:57 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/10/29 12:48:09 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/10/29 12:48:09 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/29 12:48:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/29 12:48:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/29 12:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/10/29 12:42:12 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/10/29 12:41:59 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2010/10/29 12:39:24 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/10/29 12:39:24 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/29 12:39:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/10/29 12:39:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/10/29 12:39:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/10/29 12:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/10/29 12:38:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/10/29 12:37:58 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/10/29 12:37:49 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/10/29 12:37:31 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Kerstin & Rick
[2010/10/29 12:18:26 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/10/29 12:18:25 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/10/29 12:17:56 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/10/29 12:17:56 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/10/29 12:17:55 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/10/29 12:17:39 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/10/29 12:17:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/10/29 12:03:46 | 001,123,328 | ---- | C] (Broadcom Corp.) -- C:\Windows\System32\drivers\BCMWL5.SYS
[2010/10/29 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\data
[2010/10/28 21:50:12 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/10/28 21:49:57 | 000,000,000 | ---D | C] -- C:\Boot
[2010/10/28 14:30:18 | 000,000,000 | R--D | C] -- C:\Users\user\Searches
[2010/10/28 14:30:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Identities
[2010/10/28 14:30:09 | 000,000,000 | R--D | C] -- C:\Users\user\Contacts
[2010/10/28 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\VirtualStore
[2010/10/28 14:30:03 | 000,000,000 | --SD | C] -- C:\Users\user\AppData\Roaming\Microsoft
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Videos
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Saved Games
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Pictures
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Music
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Links
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Favorites
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Downloads
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Documents
[2010/10/28 14:30:03 | 000,000,000 | R--D | C] -- C:\Users\user\Desktop
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Temporary Internet Files
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Templates
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Start Menu
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\SendTo
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Recent
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\PrintHood
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\NetHood
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Videos
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Pictures
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Documents\My Music
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\My Documents
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Local Settings
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\History
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Cookies
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\Application Data
[2010/10/28 14:30:03 | 000,000,000 | -HSD | C] -- C:\Users\user\AppData\Local\Application Data
[2010/10/28 14:30:03 | 000,000,000 | -H-D | C] -- C:\Users\user\AppData
[2010/10/28 14:30:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Microsoft
[2010/10/28 14:30:03 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Media Center Programs
[2010/10/28 14:17:33 | 000,000,000 | ---D | C] -- C:\Windows\Debug
[2010/10/28 12:53:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/10/28 12:50:44 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/10/28 12:50:32 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/25 17:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2010/11/14 13:29:39 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe
[2010/11/14 13:24:49 | 000,600,378 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/14 13:24:49 | 000,105,852 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/14 13:21:07 | 099,194,032 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/14 13:21:07 | 000,629,836 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/14 13:18:10 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 13:18:09 | 000,002,592 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/14 13:17:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/14 13:17:51 | 3179,708,416 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/14 13:14:15 | 000,000,830 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/14 12:32:29 | 003,909,080 | R--- | M] () -- C:\Users\user\Desktop\ComboFix.exe
[2010/11/14 12:21:16 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6D41C94-C351-425A-A8C6-175895CEF138}.job
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/07 22:58:46 | 000,000,943 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/06 19:41:25 | 000,000,733 | ---- | M] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2010/11/06 19:41:25 | 000,000,714 | ---- | M] () -- C:\Users\user\Desktop\ERUNT.lnk
[2010/11/02 22:46:22 | 000,002,119 | ---- | M] () -- C:\Users\user\Desktop\sign.jpg
[2010/11/02 22:39:26 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/02 19:57:45 | 000,009,216 | ---- | M] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 23:31:49 | 000,014,214 | ---- | M] () -- C:\Users\user\Desktop\Rick Vamp.jpg
[2010/10/31 23:00:03 | 000,024,206 | ---- | M] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/10/30 16:25:21 | 186,239,111 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/30 12:13:34 | 000,246,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/29 18:41:07 | 000,000,511 | ---- | M] () -- C:\Users\user\Desktop\Kerstin & Rick - Shortcut.lnk
[2010/10/29 18:39:25 | 000,000,490 | ---- | M] () -- C:\Users\user\Desktop\Music - Shortcut.lnk
[2010/10/29 18:38:54 | 000,000,518 | ---- | M] () -- C:\Users\user\Desktop\Pictures - Shortcut.lnk
[2010/10/29 13:44:50 | 000,000,680 | ---- | M] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/10/29 12:54:17 | 000,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2010/10/29 12:47:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/10/29 12:47:55 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/10/29 12:47:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/10/29 12:47:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/10/29 12:38:18 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/29 12:38:00 | 000,001,674 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/10/29 12:38:00 | 000,001,650 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/10/28 21:49:59 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/10/28 12:54:41 | 000,049,052 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/10/28 12:54:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/10/19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010/11/14 13:21:07 | 099,194,032 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/14 13:21:07 | 000,629,836 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2010/11/14 13:14:15 | 000,000,830 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/14 12:33:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/11/14 12:33:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/11/14 12:33:19 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/11/14 12:33:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/11/14 12:33:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/14 12:32:18 | 003,909,080 | R--- | C] () -- C:\Users\user\Desktop\ComboFix.exe
[2010/11/09 18:21:38 | 000,000,420 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{F6D41C94-C351-425A-A8C6-175895CEF138}.job
[2010/11/06 19:41:25 | 000,000,733 | ---- | C] () -- C:\Users\user\Desktop\NTREGOPT.lnk
[2010/11/06 19:41:25 | 000,000,714 | ---- | C] () -- C:\Users\user\Desktop\ERUNT.lnk
[2010/11/06 15:11:26 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/11/02 22:46:22 | 000,002,119 | ---- | C] () -- C:\Users\user\Desktop\sign.jpg
[2010/11/02 22:39:26 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/01 19:40:34 | 000,009,216 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 23:30:31 | 000,014,214 | ---- | C] () -- C:\Users\user\Desktop\Rick Vamp.jpg
[2010/10/31 23:00:02 | 000,024,206 | ---- | C] () -- C:\Users\user\AppData\Roaming\UserTile.png
[2010/10/30 12:13:02 | 3179,708,416 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/30 12:09:59 | 186,239,111 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/30 10:09:45 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/10/30 10:09:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/10/30 10:09:43 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/10/29 18:41:07 | 000,000,511 | ---- | C] () -- C:\Users\user\Desktop\Kerstin & Rick - Shortcut.lnk
[2010/10/29 18:39:25 | 000,000,490 | ---- | C] () -- C:\Users\user\Desktop\Music - Shortcut.lnk
[2010/10/29 18:38:54 | 000,000,518 | ---- | C] () -- C:\Users\user\Desktop\Pictures - Shortcut.lnk
[2010/10/29 13:15:24 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/10/29 13:00:44 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/10/29 12:55:43 | 000,000,943 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/10/29 12:54:17 | 000,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2010/10/29 12:38:18 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/10/29 12:38:00 | 000,001,674 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2010/10/29 12:38:00 | 000,001,650 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2010/10/28 21:49:59 | 000,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010/10/28 21:49:57 | 000,333,203 | RHS- | C] () -- C:\bootmgr
[2010/10/28 14:30:06 | 000,000,680 | ---- | C] () -- C:\Users\user\AppData\Local\d3d9caps.dat
[2010/10/28 14:30:03 | 000,000,258 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/10/28 14:30:03 | 000,000,240 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/10/28 12:54:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010/08/25 17:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 17:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/11/14 13:16:28 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVG10
[2010/11/06 14:36:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GetRightToGo
[2010/10/31 23:00:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PeerNetworking
[2010/10/29 13:00:34 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TMP
[2010/10/29 21:28:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Trusteer
[2010/11/14 13:16:45 | 000,016,012 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/14 12:21:16 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{F6D41C94-C351-425A-A8C6-175895CEF138}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

**Kerstinb** · 2010-11-14, 14:39

OTL Extras logfile created on: 14/11/2010 13:31:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\user\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372.61 Gb Total Space | 245.79 Gb Free Space | 65.96% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-8052193-4273620517-90382641-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FDBCAD-84C5-4C26-BFF6-42184466F92F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{1DA0E8AA-C3D5-47D3-98DF-A37603905A39}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1E806932-20C2-41D3-876C-3EDF66EAE66B}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{2C27365C-19EA-47AB-824B-DA82087A21D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{38CCD41B-9662-4BB0-8F48-2E4C4B74D6F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3EE9BC9C-0D70-4CBE-95AD-F3B9D700644B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{45675E73-FC87-4802-9110-A42116A7187C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{75AA9D65-912D-469F-9EC5-60F4AFA48D46}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{79D1509B-BEE1-4036-96AB-D086CB93217D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{7C1A8A05-7109-4AB5-AC19-37B513540D91}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{992B06AF-A582-48E4-83C8-6EE66E8B108E}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{C4E4901F-F7C2-44BE-B081-FCFF6DE182C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C922710D-B5E2-430B-BA54-34FD6E3947A1}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{FC028E49-BE7F-404E-909E-5C18CCA955E7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Rapport_msi" = Rapport
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/11/2010 14:19:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/11/2010 14:26:25 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2010 14:06:03 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2010 13:45:05 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2010 08:18:38 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5004
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5004
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description =

Error - 14/11/2010 09:19:09 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14/11/2010 08:17:06 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 14/11/2010 08:36:06 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 14/11/2010 08:42:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 14/11/2010 09:18:05 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-8052193-4273620517-90382641-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03FDBCAD-84C5-4C26-BFF6-42184466F92F}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{1DA0E8AA-C3D5-47D3-98DF-A37603905A39}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1E806932-20C2-41D3-876C-3EDF66EAE66B}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{2C27365C-19EA-47AB-824B-DA82087A21D1}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{38CCD41B-9662-4BB0-8F48-2E4C4B74D6F6}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{3EE9BC9C-0D70-4CBE-95AD-F3B9D700644B}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{45675E73-FC87-4802-9110-A42116A7187C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{75AA9D65-912D-469F-9EC5-60F4AFA48D46}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{79D1509B-BEE1-4036-96AB-D086CB93217D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgam.exe |
"{7C1A8A05-7109-4AB5-AC19-37B513540D91}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{992B06AF-A582-48E4-83C8-6EE66E8B108E}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{C4E4901F-F7C2-44BE-B081-FCFF6DE182C9}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C922710D-B5E2-430B-BA54-34FD6E3947A1}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{FC028E49-BE7F-404E-909E-5C18CCA955E7}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVG" = AVG 2011
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Rapport_msi" = Rapport
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/11/2010 14:19:04 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 10/11/2010 14:26:25 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 11/11/2010 14:06:03 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/11/2010 13:45:05 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2010 08:18:38 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5004
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5004
Description =

Error - 14/11/2010 08:31:32 | Computer Name = user-PC | Source = McLogEvent | ID = 5022
Description =

Error - 14/11/2010 09:19:09 | Computer Name = user-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14/11/2010 08:17:06 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 08:18:39 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 14/11/2010 08:36:06 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 14/11/2010 08:42:50 | Computer Name = user-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 14/11/2010 09:18:05 | Computer Name = user-PC | Source = HTTP | ID = 15016
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14/11/2010 09:19:13 | Computer Name = user-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

**ken545** · 2010-11-14, 15:17

Looks like its gone. How are things running now ?

**Kerstinb** · 2010-11-14, 15:32

Thank you so much Ken545. All seems to be running smoothly now. You made me weekend

**ken545** · 2010-11-14, 18:29

Open OTL and click on the Cleanup Feature and it will remove most of the tools we used to clean your system along with there back up folders.

How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
WhattheTech
Grinler BleepingComputer
GeeksTo Go
Dslreports

Safe Surfn
Ken

**ken545** · 2010-11-26, 14:07

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

Thread: McAffee found SUSP_IP_MJ_Create, I run TDSSKiller

Thread Tools

Display

McAffee found SUSP_IP_MJ_Create, I run TDSSKiller

Thank you - please find the report here

OTL.Txt

Extras.txt

Thank you

Tags for this Thread

Posting Permissions