computer extremely slow and full of trojans

Status
Not open for further replies.
E

Edgecrusher

New member
hi, my computer is very slow on start up and including internet. makes it difficult to watch videos on youtube.


DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by Home at 18:49:24 on 2012-10-21
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.768.306 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\temp\mixersel.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
uSearch Page = hxxp://search.live.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s%s
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Mixersel] c:\windows\temp\mixersel.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\d-link wireless n dwa-140\AirNCFG.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wnda3200\WNDA3200WPSMgr.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C} : DHCPNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0} : NameServer = 85.17.255.198,46.19.33.120
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\vfv1tlv3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.search.yahoo.com/search?fr=mcafee&p=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-22 65848]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-5 36000]
R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-11 228376]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-22 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-22 166840]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-10-5 86224]
R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-10-5 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-5 83392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2011-7-29 54760]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-7-29 95232]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-22 976728]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\netgear\wnda3200\WifiDevChkSvc.exe [2012-5-6 167936]
R3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2012-9-14 96256]
R3 ELNK3;3Com EtherLink III;c:\windows\system32\drivers\elnk3.sys [2012-9-14 25159]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2012-5-6 57440]
R3 RapportIaso;RapportIaso;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\RapportIaso.sys [2012-6-8 21520]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-6-8 560896]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250808]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\home\locals~1\temp\alsysio.sys --> c:\docume~1\home\locals~1\temp\ALSysIO.sys [?]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [2012-5-6 1759584]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\netgear\wnda3200\jswpsapi.exe [2012-5-6 360529]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-6-11 115168]
.
=============== Created Last 30 ================
.
2012-10-13 13:31:10 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-13 13:31:10 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-13 13:29:59 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2012-10-13 13:29:58 73696 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2012-10-13 13:29:58 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-10-13 13:29:58 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-10-13 13:29:58 18912 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-10-13 13:29:58 116192 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-09-30 17:46:24 -------- d-----w- c:\program files\iPod
2012-09-30 17:45:38 -------- d-----w- c:\program files\iTunes
2012-09-30 17:45:38 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-09-22 15:34:42 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
==================== Find3M ====================
.
2012-10-09 18:14:57 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:14:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 16:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 20:29:36 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-08-30 20:29:36 667136 ----a-w- c:\windows\system32\wininet.dll
2012-08-30 20:29:36 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-08-30 19:10:00 65536 ----a-w- c:\windows\system32\OpenCL.dll
2012-08-28 13:00:25 369664 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-21 12:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 12:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
.
============= FINISH: 18:51:01.57 ===============


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-21 18:52:35
-----------------------------
18:52:35.562 OS Version: Windows 5.1.2600 Service Pack 3
18:52:35.562 Number of processors: 1 586 0x703
18:52:35.562 ComputerName: FAMILYPC-0F08F1 UserName: Home
18:52:36.453 Initialize success
18:52:51.645 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
18:52:51.645 Disk 0 Vendor: SAMSUNG_SP0802N TK100-24 Size: 76351MB BusType: 3
18:52:51.655 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-c
18:52:51.655 Disk 1 Vendor: WDC_WD102AA 05.05B05 Size: 9787MB BusType: 3
18:52:51.665 Disk 0 MBR read successfully
18:52:51.675 Disk 0 MBR scan
18:52:51.675 Disk 0 Windows XP default MBR code
18:52:51.675 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76340 MB offset 63
18:52:51.685 Disk 0 scanning sectors +156344580
18:52:51.765 Disk 0 scanning C:\WINDOWS\system32\drivers
18:53:15.319 Service scanning
18:53:35.278 Modules scanning
18:53:50.039 Disk 0 trace - called modules:
18:53:50.069 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
18:53:50.420 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fd6ab8]
18:53:50.420 3 CLASSPNP.SYS[f758efd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x82f85b00]
18:53:50.420 Scan finished successfully
18:54:11.590 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Home\Desktop\MBR.dat"
18:54:11.610 The log file has been saved successfully to "C:\Documents and Settings\Home\Desktop\aswMBRlog.txt"
 
Hi, and welcome to our malware removal forum!

My name is Richard and I'll be happy to help you with your computer problems.

Please be advised that I am currently in training, so my responses will need to be approved by one of our experts before I post them. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

Please note the following:
  • The cleaning process is not instant as logs can take time to research. Sit tight and please be patient.
  • I will be working on your malware issues. This may or may not solve other issues you may have with your system.
  • While we are fixing your problems, do NOT install/re-install any programs or run any fixes or scanners unless told to do so.
  • Ensure that your anti-virus definitions are up-to-date.
  • I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive.
  • Do not back up any Applications (programs). These should be re-installed from the original source CD(s) or website(s).
  • During the course of our cleanup, please do not do any additional online work or surfing until we have verified that your system is clean.
  • I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier.
  • Be sure to follow the directions and run tools/scans in the order listed.
  • If you do not reply to your topic, it will be closed after 3 days.
I will return as soon as possible with more instructions.



Regards,

Richard:greeting:
 
Please know that I have not forgotten about you.:)

I am waiting for one of our experts to review my response before I post it. This is only to ensure you are receiving accurate instructions. It may cause a delay in my replies.

I will return as soon as possible with the instructions.:2thumb:



Regards,

Richard:greeting:
 
Thanks for your patience.:)

ADWCLEANER
----------------------------
Download AdwCleaner from here and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log in your reply.
  • You can find the log file at C:\AdwCleaner[Rn].txt as well - (n is the scan number.)
Next

Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    services.exe
    /md5stop
    %systemroot%\*. /rp /s
    %systemdrive%\$Recycle.Bin|@;true;true;true
    DRIVES
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • You may need two posts to fit them both in.
In your next reply, please provide the following:
  • AdwCleaner log.
  • OTL log.
  • Description of how your PC is running.



Regards,

Richard:greeting:
 
# AdwCleaner v2.005 - Logfile created 10/26/2012 at 18:23:04
# Updated 14/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - FAMILYPC-0F08F1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\Conduit.xml
Folder Found : C:\DOCUME~1\Home\LOCALS~1\Temp\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\IBUpdaterService
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\ConduitCommon
Folder Found : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged
Folder Found : C:\Documents and Settings\Home\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\bProtector
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3227982
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Key Found : HKU\S-1-5-21-1645522239-1708537768-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Found : HKU\S-1-5-21-1645522239-1708537768-1343024091-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [specialsavings@superfish.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.5512

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227982
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980

-\\ Mozilla Firefox v16.0.1 (en-GB)

Profile name : default
File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\prefs.js

Found : user_pref("CT3227982..clientLogIsEnabled", false);
Found : user_pref("CT3227982..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3227982..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3227982.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3227982.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3227982.BrowserCompStateIsOpen_9221552460232570768", true);
Found : user_pref("CT3227982.CTID", "CT3227982");
Found : user_pref("CT3227982.CurrentServerDate", "13-8-2012");
Found : user_pref("CT3227982.DSChangedManually", false);
Found : user_pref("CT3227982.DSInstall", true);
Found : user_pref("CT3227982.DSProtectChoice", false);
Found : user_pref("CT3227982.DSProtectCount", 1);
Found : user_pref("CT3227982.DialogsAlignMode", "LTR");
Found : user_pref("CT3227982.DialogsGetterLastCheckTime", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight T[...]
Found : user_pref("CT3227982.DownloadReferralCookieData", "");
Found : user_pref("CT3227982.FirstServerDate", "13-8-2012");
Found : user_pref("CT3227982.FirstTime", true);
Found : user_pref("CT3227982.FirstTimeFF3", true);
Found : user_pref("CT3227982.FirstTimeHiddenVer", true);
Found : user_pref("CT3227982.FixPageNotFoundErrors", true);
Found : user_pref("CT3227982.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3227982.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3227982.HPInstall", true);
Found : user_pref("CT3227982.HasUserGlobalKeys", true);
Found : user_pref("CT3227982.HomePageProtectorEnabled", true);
Found : user_pref("CT3227982.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=[...]
Found : user_pref("CT3227982.Initialize", true);
Found : user_pref("CT3227982.InitializeCommonPrefs", true);
Found : user_pref("CT3227982.InstallationAndCookieDataSentCount", 1);
Found : user_pref("CT3227982.InstallationId", "installbrain");
Found : user_pref("CT3227982.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT3227982.InstalledDate", "Mon Aug 13 2012 20:16:01 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.InvalidateCache", false);
Found : user_pref("CT3227982.IsAlertDBUpdated", true);
Found : user_pref("CT3227982.IsGrouping", false);
Found : user_pref("CT3227982.IsInitSetupIni", true);
Found : user_pref("CT3227982.IsMulticommunity", false);
Found : user_pref("CT3227982.IsOpenThankYouPage", false);
Found : user_pref("CT3227982.IsOpenUninstallPage", true);
Found : user_pref("CT3227982.LanguagePackLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT3227982.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3227982.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3227982.LastLogin_3.15.0.0", "Mon Aug 13 2012 21:08:36 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.LatestVersion", "3.14.1.0");
Found : user_pref("CT3227982.Locale", "en");
Found : user_pref("CT3227982.MCDetectTooltipHeight", "83");
Found : user_pref("CT3227982.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3227982.MCDetectTooltipWidth", "295");
Found : user_pref("CT3227982.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3227982.OriginalFirstVersion", "3.15.0.0");
Found : user_pref("CT3227982.RadioIsPodcast", false);
Found : user_pref("CT3227982.RadioLastCheckTime", "Mon Aug 13 2012 21:08:43 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT3227982.RadioLastUpdateIPServer", "3");
Found : user_pref("CT3227982.RadioLastUpdateServer", "3");
Found : user_pref("CT3227982.RadioMediaID", "9962");
Found : user_pref("CT3227982.RadioMediaType", "Media Player");
Found : user_pref("CT3227982.RadioMenuSelectedID", "EBRadioMenu_CT32279829962");
Found : user_pref("CT3227982.RadioShrinkedFromSetup", false);
Found : user_pref("CT3227982.RadioStationName", "California%20Rock");
Found : user_pref("CT3227982.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT3227982.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSource=13");
Found : user_pref("CT3227982.SearchCaption", "appbario8 Customized Web Search");
Found : user_pref("CT3227982.SearchEngineBeforeUnload", "Secure Search");
Found : user_pref("CT3227982.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3227982.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3227982.SearchInNewTabEnabled", true);
Found : user_pref("CT3227982.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3227982.SearchInNewTabLastCheckTime", "Mon Aug 13 2012 21:08:40 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT3227982.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3227982.SearchProtectorEnabled", false);
Found : user_pref("CT3227982.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3227982.SendProtectorDataViaLogin", true);
Found : user_pref("CT3227982.ServiceMapLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Daylight Time[...]
Found : user_pref("CT3227982.SettingsLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT3227982.SettingsLastUpdate", "1344850466");
Found : user_pref("CT3227982.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13");
Found : user_pref("CT3227982.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3227982.ThirdPartyComponentsLastCheck", "Mon Aug 13 2012 20:14:28 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT3227982.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3227982.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3227982.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3227982");
Found : user_pref("CT3227982.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3227982.UserID", "UN49853975388931193");
Found : user_pref("CT3227982.ValidationData_Toolbar", 0);
Found : user_pref("CT3227982.alertChannelId", "1663751");
Found : user_pref("CT3227982.autoDisableScopes", -1);
Found : user_pref("CT3227982.backendstorage.bday_installdate", "31332D37");
Found : user_pref("CT3227982.backendstorage.bday_installfromtoolbar", "796573");
Found : user_pref("CT3227982.backendstorage.ct3227982ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT3227982.backendstorage.ct3227982current_term", "");
Found : user_pref("CT3227982.backendstorage.ct3227982sdate", "2D31");
Found : user_pref("CT3227982.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3227982.globalFirstTimeInfoLastCheckTime", "Mon Aug 13 2012 20:14:29 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT3227982.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3227982.initDone", true);
Found : user_pref("CT3227982.isFirstRadioInstallation", false);
Found : user_pref("CT3227982.myStuffEnabled", true);
Found : user_pref("CT3227982.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3227982.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3227982.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3227982.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3227982.navigateToUrlOnSearch", false);
Found : user_pref("CT3227982.revertSettingsEnabled", true);
Found : user_pref("CT3227982.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3227982.searchProtectorEnableByLogin", true);
Found : user_pref("CT3227982.testingCtid", "");
Found : user_pref("CT3227982.toolbarAppMetaDataLastCheckTime", "Mon Aug 13 2012 20:16:00 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3227982.toolbarContextMenuLastCheckTime", "Mon Aug 13 2012 20:16:07 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT3227982.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3227982&Search[...]
Found : user_pref("CommunityToolbar.ConduitSearchList", "appbario8 Customized Web Search");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3227982/CT3227982[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3227982", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3227982",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"3ae[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Home\\Application [...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.0.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.asp[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT3227982");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3227982");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3227982");
Found : user_pref("CommunityToolbar.globalUserId", "06517215-b3e9-41fe-8768-760576433d43");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3227982");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 13 2012 20:14:2[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 13 2012 20:14:28 GMT+0100 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "44423814-4715-44fd-adeb-d6b8323892e9");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3227980&SearchSour[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaultenginename", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaultthis.engineName", "appbario8 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&Sea[...]
Found : user_pref("browser.search.order.1", "appbario8 Customized Web Search");
Found : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"1\": {\"id\": \"1\",\"[...]

*************************

AdwCleaner[R1].txt - [15268 octets] - [26/10/2012 18:23:04]

########## EOF - C:\AdwCleaner[R1].txt - [15329 octets] ##########
 
OTL logfile created on: 26/10/2012 18:30:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.54 Mb Total Physical Memory | 560.73 Mb Available Physical Memory | 73.06% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 37.88 Gb Free Space | 50.82% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Home\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
PRC - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\Temp\mixersel.exe (Realtek Semiconductor Corp.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Trusteer\Rapport\bin\js32.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WPSLib.dll ()
MOD - C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\nvapi.dll ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (McAfee SiteAdvisor Service) -- c:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WDCS_WNDA3200) -- C:\Program Files\NETGEAR\WNDA3200\WifiDevChkSvc.exe ()
SRV - (jswpsapi) -- C:\Program Files\NETGEAR\WNDA3200\jswpsapi.exe (Atheros Communications, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (ALSysIO) -- C:\DOCUME~1\Home\LOCALS~1\Temp\ALSysIO.sys File not found
DRV - (RapportCerberus_43926) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ()
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportEI) -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\system32\drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira GmbH)
DRV - (AR9271) -- C:\WINDOWS\system32\drivers\athuw.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (JSWSCIMD) -- C:\WINDOWS\system32\drivers\jswscimd.sys (Atheros Communications, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (rt2870) -- C:\WINDOWS\system32\drivers\rt2870.sys (Ralink Technology, Corp.)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (ctlsb16) -- C:\WINDOWS\system32\drivers\ctlsb16.sys (Copyright (C) Creative Technology Ltd. 1994-2001)
DRV - (ELNK3) -- C:\WINDOWS\system32\drivers\elnk3.sys (3Com Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3227982
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{398B7CF9-BCF9-46EA-8A8D-E0B4C5AAB69E}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3227980
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "appbario8 Customized Web Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledAddons: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.2.1
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.8
FF - prefs.js..extensions.enabledAddons: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.5.0
FF - prefs.js..keyword.URL: "http://uk.search.yahoo.com/search?fr=mcafee&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/09/30 17:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/11/13 22:18:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/13 14:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/13 14:30:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles/vfv1tlv3.default\extensions\specialsavings@superfish.com

[2011/07/29 21:40:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Extensions
[2012/10/26 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions
[2012/10/03 08:05:59 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/10/26 17:39:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged
[2012/10/19 18:24:34 | 000,529,693 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/12 08:59:35 | 000,292,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2012/10/26 17:39:50 | 000,530,068 | ---- | M] () (No name found) -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\extensions\staged\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/08/07 17:23:28 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\vfv1tlv3.default\searchplugins\conduit.xml
[2012/10/13 14:30:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/30 17:28:27 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012/10/13 14:31:09 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/11 19:29:30 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/09/30 18:04:46 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/11 19:29:30 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/06/11 19:29:30 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/13 21:12:22 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/10/13 14:31:00 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/06/11 19:29:30 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004/08/04 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [D-Link D-Link Wireless N DWA-140] C:\Program Files\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe (D-Link)
O4 - HKLM..\Run: [Mixersel] C:\WINDOWS\Temp\mixersel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WNDA3200 Smart Wizard.lnk = C:\Program Files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe (NETGEAR)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{178F3F01-59E9-4B64-A167-017FBD2D3F6C}: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DBF607C1-DE27-4DCE-9317-192C135086B0}: NameServer = 85.17.255.198,46.19.33.120
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/29 20:08:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [1997/01/01 01:45:54 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun\command - "" = E:\AutoInst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/10/21 18:49:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Home\Start Menu\Programs\Administrative Tools
[2012/10/13 14:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/30 18:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/09/30 18:46:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/09/30 18:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/09/30 18:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/30 18:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/26 18:11:20 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/10/26 17:24:48 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/10/26 17:24:04 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/26 17:23:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/21 18:55:22 | 000,003,309 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 18:54:11 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/10/10 23:25:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/10/09 19:14:57 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/10/09 19:14:55 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/09/30 19:57:48 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/30 18:51:39 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/30 17:31:18 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/21 18:55:22 | 000,003,309 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\attach.zip
[2012/10/21 18:54:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Home\Desktop\MBR.dat
[2012/09/30 18:51:39 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/09/30 17:31:18 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/04/15 00:46:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/16 12:06:17 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/21 23:20:01 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Home\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/29 22:51:53 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011/07/29 22:51:31 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011/07/29 21:40:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/07/29 20:53:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/07/29 20:52:09 | 000,098,256 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/29 20:10:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/07/29 20:05:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== ZeroAccess Check ==========

[2011/07/29 23:52:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/08/30 21:29:36 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 01:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/09/30 18:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/08/13 20:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBUpdaterService
[2011/12/13 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2011/12/13 19:47:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2011/07/29 23:06:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/08/01 00:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/12/16 10:50:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\DDMSettings
[2012/10/25 19:53:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Spotify
[2011/08/01 16:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Thinstall
[2011/07/29 23:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Home\Application Data\Trusteer

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 12:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 01:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 12:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 13:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 01:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 01:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 01:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /rp /s >

< %systemdrive%\$Recycle.Bin|@;true;true;true >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: SAMSUNG SP0802N
Partitions: 1
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD102AA
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 75.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #1, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 10.00GB
Starting Offset: 32256
Hidden sectors: 0


========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction

< End of report >
 
OTL Extras logfile created on: 26/10/2012 18:30:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Home\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.54 Mb Total Physical Memory | 560.73 Mb Available Physical Memory | 73.06% Memory free
2.12 Gb Paging File | 1.67 Gb Available in Paging File | 79.08% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.55 Gb Total Space | 37.88 Gb Free Space | 50.82% Space Free | Partition Type: NTFS
Drive D: | 9.54 Gb Total Space | 5.85 Gb Free Space | 61.31% Space Free | Partition Type: NTFS

Computer Name: FAMILYPC-0F08F1 | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B02F55E-7E6B-4226-8E67-76514D33FD41}_is1" = NETGEAR WNDA3200 wireless adapter Setup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D7D2F494-89E3-42ED-8A2B-75BDD9B464CB}" = D-Link Wireless N DWA-140
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX Setup
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.1 (x86 en-GB)" = Mozilla Firefox 16.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Rapport_msi" = Rapport
"Spotify" = Spotify
"WIC" = Windows Imaging Component
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 17/10/2012 14:28:16 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 20/10/2012 07:07:11 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 20/10/2012 07:07:11 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 20/10/2012 12:04:23 | Computer Name = FAMILYPC-0F08F1 | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x800708ca (converted
to 0x800423f4).

Error - 21/10/2012 06:38:58 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 21/10/2012 06:38:58 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 23/10/2012 11:58:06 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 23/10/2012 11:58:06 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

Error - 23/10/2012 12:16:56 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 23/10/2012 12:16:56 | Computer Name = FAMILYPC-0F08F1 | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10053 (An established connection was aborted
by the software in your host machine.)

[ System Events ]
Error - 24/10/2012 14:51:39 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 24/10/2012 14:51:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 25/10/2012 02:18:40 | Computer Name = FAMILYPC-0F08F1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.72 for the Network Card with network
address 00265A0CA3C3 has been denied by the DHCP server 10.130.161.17 (The DHCP
Server sent a DHCPNACK message).

Error - 25/10/2012 12:19:17 | Computer Name = FAMILYPC-0F08F1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.72 for the Network Card with network
address 00265A0CA3C3 has been denied by the DHCP server 10.130.161.17 (The DHCP
Server sent a DHCPNACK message).

Error - 25/10/2012 12:23:24 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 25/10/2012 12:23:24 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 25/10/2012 12:23:26 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 26/10/2012 12:28:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 26/10/2012 12:28:41 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 26/10/2012 12:28:45 | Computer Name = FAMILYPC-0F08F1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >

computer is running fine, but not sure on when starting it up and waiting like 5 mins to load. and its still the same when trying to watch youtube videos. it plays the videos, but it looks like their out of sync, which it isnt. same for when watching imdb movie trailers.
 
just restarted the computer and still took the same amount of time to load up the desktop. also, i remember avira and malwarebytes detected around 193-200 viruses, which werent able to get rid of them all completly.
 
NameServer = 85.17.255.198,46.19.33.120
Click to expand...
Do these DNS server IP addresses look familiar? :)

Next

Please post the Malwarebytes Anti-Malware and Avira logs (if possible).:cool:

The Malwarebytes Anti-Malware log can be found by:
  • Selecting the Logs tab when the application is started.
  • Navigating to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Next

RE-RUN ADWCLEANER
----------------------------
  • Run AdwCleaner and select Delete.
  • Once done it will ask to reboot, allow the reboot.
  • On reboot a log will be produced, please attach the content of the log to your next reply.
Next

Please run OTL.exe.
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
Code: 
:OTL
O3 - HKLM\..\Toolbar: (no name) - {0cc09160-108c-4759-bab1-5c12c216e005} - No CLSID value found.
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell - "" = AutoRun
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{cb3910b0-97bd-11e1-a032-00012e0b40db}\Shell\AutoRun\command - "" = E:\AutoInst.exe

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot when it is done.
  • Then post the results of the log it produces.
In your next reply, please provide the following:
  • AdwCleaner log.
  • OTL log.
  • Malwarebytes Anti-Malware and Avira logs (if possible).
  • Update on how your PC is running.



Regards,

Richard:greeting:
 
NameServer = 85.17.255.198,46.19.33.120

no they dont. not sure what thats about. will be posting malwarebytes log today. but avira doesnt give logs, only detections in a info box.
 
nevermind. i managed to get the avira log.



Avira Free Antivirus
Report file date: 30 October 2012 10:32

Scanning for 4424836 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.47.35 126464 Bytes 22/10/2012 21:29:44
VBASE018.VDF : 7.11.47.95 175616 Bytes 24/10/2012 21:31:18
VBASE019.VDF : 7.11.47.177 164352 Bytes 26/10/2012 16:30:16
VBASE020.VDF : 7.11.47.229 143360 Bytes 28/10/2012 10:14:26
VBASE021.VDF : 7.11.47.230 2048 Bytes 28/10/2012 10:14:26
VBASE022.VDF : 7.11.47.231 2048 Bytes 28/10/2012 10:14:27
VBASE023.VDF : 7.11.47.232 2048 Bytes 28/10/2012 10:14:27
VBASE024.VDF : 7.11.47.233 2048 Bytes 28/10/2012 10:14:27
VBASE025.VDF : 7.11.47.234 2048 Bytes 28/10/2012 10:14:27
VBASE026.VDF : 7.11.47.235 2048 Bytes 28/10/2012 10:14:27
VBASE027.VDF : 7.11.47.236 2048 Bytes 28/10/2012 10:14:28
VBASE028.VDF : 7.11.47.237 2048 Bytes 28/10/2012 10:14:28
VBASE029.VDF : 7.11.47.238 2048 Bytes 28/10/2012 10:14:28
VBASE030.VDF : 7.11.47.239 2048 Bytes 28/10/2012 10:14:28
VBASE031.VDF : 7.11.48.34 136192 Bytes 29/10/2012 10:28:41
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 30 October 2012 10:32

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'plugin-container.exe' - '54' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'firefox.exe' - '117' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '130' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '148' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1615' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file


End of the scan: 30 October 2012 17:35
Used time: 7:02:54 Hour(s)

The scan has been done completely.

13838 Scanned directories
304301 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
304301 Files not concerned
3880 Archives were scanned
3 Warnings
0 Notes
283375 Objects were scanned with rootkit scan
0 Hidden objects were found
 
Thanks for the information:bigthumb:

Please post the old Malwarebytes Anti-Malware and Avira logs (if possible) from the previous scans which detected around 193-200 items. No worries if you don't have the Avira log.:)

Older Malwarebytes Anti-Malware logs can be found by navigating to C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt



Regards,

Richard:greeting:
 
Avira Free Antivirus
Report file date: 20 October 2012 15:43

Scanning for 4376603 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: AVGuardAsyncScan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_508285cc\guard_slideup.avp
Logging.............................: default
Primary action......................: Repair
Secondary action....................: Quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: 20 October 2012 15:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'spotify.exe' - '1' Module(s) have been scanned
Scan process 'saui.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mcsacore.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '1' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '1' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'mixersel.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150015.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54841893.qua'.
Begin scan in 'D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll'
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150033.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c133734.qua'.


End of the scan: 20 October 2012 15:48
Used time: 05:02 Minute(s)

The scan has been done completely.

0 Scanned directories
45 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
43 Files not concerned
0 Archives were scanned
0 Warnings
2 Notes
 
Avira Free Antivirus
Report file date: 20 October 2012 16:40

Scanning for 4376603 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.45.207 2363904 Bytes 11/10/2012 22:42:50
VBASE008.VDF : 7.11.45.208 2048 Bytes 11/10/2012 22:42:50
VBASE009.VDF : 7.11.45.209 2048 Bytes 11/10/2012 22:42:50
VBASE010.VDF : 7.11.45.210 2048 Bytes 11/10/2012 22:42:51
VBASE011.VDF : 7.11.45.211 2048 Bytes 11/10/2012 22:42:51
VBASE012.VDF : 7.11.45.212 2048 Bytes 11/10/2012 22:42:51
VBASE013.VDF : 7.11.45.213 2048 Bytes 11/10/2012 22:42:51
VBASE014.VDF : 7.11.46.65 220160 Bytes 16/10/2012 18:11:12
VBASE015.VDF : 7.11.46.153 173568 Bytes 18/10/2012 18:27:31
VBASE016.VDF : 7.11.46.223 162304 Bytes 19/10/2012 00:10:40
VBASE017.VDF : 7.11.46.224 2048 Bytes 19/10/2012 00:10:41
VBASE018.VDF : 7.11.46.225 2048 Bytes 19/10/2012 00:10:42
VBASE019.VDF : 7.11.46.226 2048 Bytes 19/10/2012 00:10:42
VBASE020.VDF : 7.11.46.227 2048 Bytes 19/10/2012 00:10:43
VBASE021.VDF : 7.11.46.228 2048 Bytes 19/10/2012 00:10:43
VBASE022.VDF : 7.11.46.229 2048 Bytes 19/10/2012 00:10:44
VBASE023.VDF : 7.11.46.230 2048 Bytes 19/10/2012 00:10:44
VBASE024.VDF : 7.11.46.231 2048 Bytes 19/10/2012 00:10:45
VBASE025.VDF : 7.11.46.232 2048 Bytes 19/10/2012 00:10:45
VBASE026.VDF : 7.11.46.233 2048 Bytes 19/10/2012 00:10:45
VBASE027.VDF : 7.11.46.234 2048 Bytes 19/10/2012 00:10:46
VBASE028.VDF : 7.11.46.235 2048 Bytes 19/10/2012 00:10:46
VBASE029.VDF : 7.11.46.236 2048 Bytes 19/10/2012 00:10:47
VBASE030.VDF : 7.11.46.237 2048 Bytes 19/10/2012 00:10:47
VBASE031.VDF : 7.11.46.240 2048 Bytes 20/10/2012 00:10:47
Engine version : 8.2.10.187
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.60 463227 Bytes 05/10/2012 21:50:27
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.118 5423480 Bytes 11/10/2012 22:42:57
AEHELP.DLL : 8.1.25.2 258423 Bytes 11/10/2012 22:42:54
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.6 115060 Bytes 11/10/2012 22:42:58
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.3 53621 Bytes 18/10/2012 18:27:34
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 20 October 2012 16:40

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '67' Module(s) have been scanned
Scan process 'spotify.exe' - '81' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '159' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '59' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '59' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '132' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '68' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '153' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150065.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '54dbaa89.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150064.dll
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '4c4c852f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150063.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1e13dfc7.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150062.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '78249002.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150061.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3da0bd3c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150060.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '42bb8f5d.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150041.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e03a317.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150040.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '721be346.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150039.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5f41cc0b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150038.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '4629f791.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150037.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2a75dba1.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150036.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '5bcce237.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150035.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d6d2f0.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150034.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '10ffabb2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150032.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19f4af19.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150031.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '41b5b670.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150030.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '6d41cfbd.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150029.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '53bfaf67.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150028.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '30b18414.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150027.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1679c409.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150026.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '24edbfac.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150025.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ea894d2.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150024.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '11fbf098.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150023.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6fd7fcbf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150022.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3aaff874.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150021.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3739895c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150020.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2b649d55.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150019.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1ab7d09b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150018.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '76e1c4ad.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150017.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3f7be1ab.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150016.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '64eee97a.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150014.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '025ce593.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150013.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '55d2973b.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150012.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '77a2c04f.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150011.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1fb2bad9.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150010.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3fc4be5c.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150009.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6ae0f8eb.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150008.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bc0d954.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150007.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '6e6c9bdf.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150006.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '0bbbef7e.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150005.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '185fd3ed.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150004.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0ae6af51.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150003.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '1db6cce3.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150002.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4794fe73.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150001.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '62998467.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150000.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '16c29c14.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149999.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '34c0ce98.qua'.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1149998.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4153b681.qua'.


End of the scan: 20 October 2012 21:48
Used time: 4:46:34 Hour(s)

The scan has been done completely.

11064 Scanned directories
298671 Files were scanned
48 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
48 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
298623 Files not concerned
2992 Archives were scanned
3 Warnings
48 Notes
275077 Objects were scanned with rootkit scan
0 Hidden objects were found
 
Avira Free Antivirus
Report file date: 05 October 2012 17:41

Scanning for 4311676 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.223 199680 Bytes 02/10/2012 21:48:45
VBASE027.VDF : 7.11.45.29 196096 Bytes 04/10/2012 21:47:53
VBASE028.VDF : 7.11.45.30 2048 Bytes 04/10/2012 21:47:53
VBASE029.VDF : 7.11.45.31 2048 Bytes 04/10/2012 21:47:53
VBASE030.VDF : 7.11.45.32 2048 Bytes 04/10/2012 21:47:53
VBASE031.VDF : 7.11.45.34 2048 Bytes 04/10/2012 21:47:54
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 05 October 2012 17:41

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'saui.exe' - '26' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'plugin-container.exe' - '75' Module(s) have been scanned
Scan process 'firefox.exe' - '130' Module(s) have been scanned
Scan process 'wlcomm.exe' - '68' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '87' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '149' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1633' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\WINNT\aoto.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\Aooy.exe
--> Object
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan

Beginning disinfection:
D:\WINNT\system32\drivers\secdrv.sys
[DETECTION] Is the TR/Rootkit.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5286c906.qua'.
D:\WINNT\system32\×ÀÝÉÏÀÍ‹ÁÉÉk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b8fe504.qua'.
D:\WINNT\system32\zongxim.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1841bc33.qua'.
D:\WINNT\system32\zesttns.dll
[DETECTION] Is the TR/PSW.Online.apxy Trojan
[NOTE] The file was moved to the quarantine directory under the name '7e49f38b.qua'.
D:\WINNT\system32\xsiscok.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '3bf7dec4.qua'.
D:\WINNT\system32\xsisco.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '44ececa5.qua'.
D:\WINNT\system32\wonlins.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '0851c0eb.qua'.
D:\WINNT\system32\vordisa.dll
[DETECTION] Is the TR/Crypt.NSPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '747580bb.qua'.
D:\WINNT\system32\userinit.exe
[DETECTION] Is the TR/Agent.avwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '591aaff2.qua'.
D:\WINNT\system32\tobaoupk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '4077946c.qua'.
D:\WINNT\system32\tobaoup.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '2c2bb85d.qua'.
D:\WINNT\system32\tldcoco.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d9081c7.qua'.
D:\WINNT\system32\telmanz.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5382b179.qua'.
D:\WINNT\system32\System.exe
[DETECTION] Is the TR/PSW.MultiFirst.W Trojan
[NOTE] The file was moved to the quarantine directory under the name '1692c857.qua'.
D:\WINNT\system32\rexljehk.exe
[DETECTION] Is the TR/Agent.BACI Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f9ccc90.qua'.
D:\WINNT\system32\rexljeh.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '47ddd5f9.qua'.
D:\WINNT\system32\qonenx.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6b13ac40.qua'.
D:\WINNT\system32\qanhllao.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '55edccec.qua'.
D:\WINNT\system32\mirwznt.dll
[DETECTION] Is the TR/PSW.Online.bir Trojan
[NOTE] The file was moved to the quarantine directory under the name '36dfe7e7.qua'.
D:\WINNT\system32\meyotme.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '101ea7fe.qua'.
D:\WINNT\system32\lenyuns.dll
[DETECTION] Is the TR/PSW.Online.bin Trojan
[NOTE] The file was moved to the quarantine directory under the name '22bfdc5a.qua'.
D:\WINNT\system32\kandoftt.dll
[DETECTION] Is the TR/PSW.O.ttyw.28672 Trojan
[NOTE] The file was moved to the quarantine directory under the name '28faf758.qua'.
D:\WINNT\system32\jonzyan.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '17a9936b.qua'.
D:\WINNT\system32\jolends.dll
[DETECTION] Is the TR/PSW.OnlineGames.ZQO.184 Trojan
[NOTE] The file was moved to the quarantine directory under the name '69839f4c.qua'.
D:\WINNT\system32\HBYY.dll
[DETECTION] Is the TR/Agent.arkc.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '3ce89bd2.qua'.
D:\WINNT\system32\HBXY2.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3171eafa.qua'.
D:\WINNT\system32\HBWOW.dll
[DETECTION] Is the TR/Thief.Wow.dhj.6 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2d2dfef3.qua'.
D:\WINNT\system32\HBWD.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1cfeb33c.qua'.
D:\WINNT\system32\HBW2I.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '70a8a70a.qua'.
D:\WINNT\system32\HBTL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3937820d.qua'.
D:\WINNT\system32\HBSOUL.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '62a38adc.qua'.
D:\WINNT\system32\HBSHQ.dll
[DETECTION] Is the TR/PSW.OnlineGames.tvbf Trojan
[NOTE] The file was moved to the quarantine directory under the name '04118635.qua'.
D:\WINNT\system32\HBQQXX.dll
[DETECTION] Is the TR/Spy.Small.byv.2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '539df49d.qua'.
D:\WINNT\system32\HBQQSG.dll
[DETECTION] Is the TR/Thief.OnLineGames.txbq.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '71eda3d6.qua'.
D:\WINNT\system32\HBQQFFO.dll
[DETECTION] Is the TR/Agent.alwp Trojan
[NOTE] The file was moved to the quarantine directory under the name '19fdd941.qua'.
D:\WINNT\system32\HBmhly.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3997ddc4.qua'.
D:\WINNT\system32\HBKDXY.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6cd59b70.qua'.
D:\WINNT\system32\HBJTLQ.dll
[DETECTION] Is the TR/Agent.annv.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0df6bacf.qua'.
D:\WINNT\system32\HBDNF.dll
[DETECTION] Is the TR/Thief.OnLineGames.tvez Trojan
[NOTE] The file was moved to the quarantine directory under the name '6850f844.qua'.
D:\WINNT\system32\HBBO.dll
[DETECTION] Is the TR/SmallGame.AG.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0d858ce5.qua'.
D:\WINNT\system32\HBASKTAO.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.uyi.6 back-door program
[NOTE] The file was moved to the quarantine directory under the name '1e60b076.qua'.
D:\WINNT\system32\fliecods.dll
[DETECTION] Is the TR/Thief.OnLineGames.tsyz.4 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0cb1cca6.qua'.
D:\WINNT\system32\cenbezn.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '1be4af1d.qua'.
D:\WINNT\system32\batteo.dll
[DETECTION] Is the TR/Spy.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '41f89d89.qua'.
D:\WINNT\system32\Aooy.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '64c8e793.qua'.
D:\WINNT\aoto.exe
[DETECTION] Is the TR/Drop.Cattivo.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '10aeffe0.qua'.


End of the scan: 06 October 2012 00:29
Used time: 6:42:45 Hour(s)

The scan has been done completely.

12772 Scanned directories
314581 Files were scanned
46 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
46 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
314535 Files not concerned
3525 Archives were scanned
3 Warnings
46 Notes
276403 Objects were scanned with rootkit scan
0 Hidden objects were found
 
Avira Free Antivirus
Report file date: 02 October 2012 19:15

Scanning for 4294881 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available.

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Microsoft Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : FAMILYPC-0F08F1

Version information:
BUILD.DAT : 12.0.0.1199 40869 Bytes 07/09/2012 22:20:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 10/08/2012 19:10:01
AVSCAN.DLL : 12.3.0.15 54736 Bytes 10/06/2012 22:09:38
LUKE.DLL : 12.3.0.15 68304 Bytes 10/06/2012 22:09:40
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 10/06/2012 22:09:40
AVREG.DLL : 12.3.0.17 232200 Bytes 10/06/2012 22:09:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 10:59:22
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 10:59:22
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 10:59:22
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 00:03:29
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:00:02
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 23:28:38
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 14:36:52
VBASE007.VDF : 7.11.41.251 2048 Bytes 06/09/2012 14:36:53
VBASE008.VDF : 7.11.41.252 2048 Bytes 06/09/2012 14:36:53
VBASE009.VDF : 7.11.41.253 2048 Bytes 06/09/2012 14:36:53
VBASE010.VDF : 7.11.41.254 2048 Bytes 06/09/2012 14:36:53
VBASE011.VDF : 7.11.41.255 2048 Bytes 06/09/2012 14:36:53
VBASE012.VDF : 7.11.42.0 2048 Bytes 06/09/2012 14:36:53
VBASE013.VDF : 7.11.42.1 2048 Bytes 06/09/2012 14:36:54
VBASE014.VDF : 7.11.42.65 203264 Bytes 09/09/2012 14:36:54
VBASE015.VDF : 7.11.42.125 156672 Bytes 11/09/2012 14:36:54
VBASE016.VDF : 7.11.42.171 187904 Bytes 12/09/2012 14:36:55
VBASE017.VDF : 7.11.42.235 141312 Bytes 13/09/2012 14:36:55
VBASE018.VDF : 7.11.43.35 133632 Bytes 15/09/2012 14:36:55
VBASE019.VDF : 7.11.43.89 129024 Bytes 18/09/2012 14:36:55
VBASE020.VDF : 7.11.43.141 130560 Bytes 19/09/2012 14:36:55
VBASE021.VDF : 7.11.43.187 121856 Bytes 21/09/2012 14:36:56
VBASE022.VDF : 7.11.43.251 147456 Bytes 24/09/2012 14:36:56
VBASE023.VDF : 7.11.44.43 152064 Bytes 25/09/2012 14:36:56
VBASE024.VDF : 7.11.44.103 165888 Bytes 27/09/2012 14:36:57
VBASE025.VDF : 7.11.44.167 160256 Bytes 30/09/2012 14:36:57
VBASE026.VDF : 7.11.44.168 2048 Bytes 30/09/2012 14:36:57
VBASE027.VDF : 7.11.44.169 2048 Bytes 30/09/2012 14:36:57
VBASE028.VDF : 7.11.44.170 2048 Bytes 30/09/2012 14:36:57
VBASE029.VDF : 7.11.44.171 2048 Bytes 30/09/2012 14:36:57
VBASE030.VDF : 7.11.44.172 2048 Bytes 30/09/2012 14:36:57
VBASE031.VDF : 7.11.44.208 136704 Bytes 01/10/2012 21:47:26
Engine version : 8.2.10.178
AEVDF.DLL : 8.1.2.10 102772 Bytes 10/07/2012 11:07:34
AESCRIPT.DLL : 8.1.4.58 463226 Bytes 29/09/2012 14:37:04
AESCN.DLL : 8.1.9.2 131444 Bytes 29/09/2012 14:37:03
AESBX.DLL : 8.2.5.12 606578 Bytes 14/06/2012 22:12:59
AERDL.DLL : 8.1.9.15 639348 Bytes 21/12/2011 10:59:20
AEPACK.DLL : 8.3.0.38 811382 Bytes 29/09/2012 14:37:03
AEOFFICE.DLL : 8.1.2.48 201082 Bytes 29/09/2012 14:37:02
AEHEUR.DLL : 8.1.4.108 5329272 Bytes 29/09/2012 14:37:01
AEHELP.DLL : 8.1.24.0 258423 Bytes 29/09/2012 14:36:59
AEGEN.DLL : 8.1.5.38 434548 Bytes 29/09/2012 14:36:58
AEEXP.DLL : 8.2.0.2 115060 Bytes 29/09/2012 14:37:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 10/07/2012 11:07:33
AECORE.DLL : 8.1.28.2 201079 Bytes 29/09/2012 14:36:58
AEBB.DLL : 8.1.1.0 53618 Bytes 21/12/2011 10:59:20
AVWINLL.DLL : 12.3.0.15 27344 Bytes 10/06/2012 22:09:36
AVPREF.DLL : 12.3.0.15 51920 Bytes 10/06/2012 22:09:38
AVREP.DLL : 12.3.0.15 179208 Bytes 10/06/2012 22:09:40
AVARKT.DLL : 12.3.0.15 211408 Bytes 10/06/2012 22:09:37
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 10/06/2012 22:09:37
SQLITE3.DLL : 3.7.0.1 398288 Bytes 10/06/2012 22:09:40
AVSMTP.DLL : 12.3.0.32 63480 Bytes 10/08/2012 19:10:01
NETNT.DLL : 12.3.0.15 17104 Bytes 10/06/2012 22:09:40
RCIMAGE.DLL : 12.3.0.31 4445944 Bytes 10/08/2012 19:09:48
RCTEXT.DLL : 12.3.0.31 97784 Bytes 10/08/2012 19:09:49

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 02 October 2012 19:15

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'rsmsink.exe' - '28' Module(s) have been scanned
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '60' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '72' Module(s) have been scanned
Scan process 'avcenter.exe' - '70' Module(s) have been scanned
Scan process 'wlcomm.exe' - '69' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'iPodService.exe' - '29' Module(s) have been scanned
Scan process 'rundll32.exe' - '30' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'WifiDevChkSvc.exe' - '15' Module(s) have been scanned
Scan process 'SeaPort.exe' - '51' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'mcsacore.exe' - '54' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '28' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '57' Module(s) have been scanned
Scan process 'avguard.exe' - '56' Module(s) have been scanned
Scan process 'WNDA3200WPSMgr.exe' - '35' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '32' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '136' Module(s) have been scanned
Scan process 'ctfmon.exe' - '25' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '58' Module(s) have been scanned
Scan process 'RunDLL32.exe' - '29' Module(s) have been scanned
Scan process 'DivXUpdate.exe' - '51' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'mixersel.exe' - '21' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '25' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '38' Module(s) have been scanned
Scan process 'Explorer.EXE' - '86' Module(s) have been scanned
Scan process 'spoolsv.exe' - '53' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '147' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '63' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '71' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting to scan executable files (registry).
The registry was scanned ( '1632' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Home\My Documents\Downloads\avira_free_antivirus_en.exe
[WARNING] The file is password protected
C:\Documents and Settings\Home\My Documents\Downloads\install_flashplayer11x32_mssd_aih.exe
[WARNING] The file is password protected
Begin scan in 'D:\'
D:\Documents and Settings\Administrator\Local Settings\Temp\1a007.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\20abe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\Administrator\Local Settings\Temp\38b29.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip
[WARNING] The file is password protected
D:\Documents and Settings\thu\Local Settings\Temp\100.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1008758
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1012952
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1013304
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1024149
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1032803
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1042796
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1051218
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1070616
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1075563
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1076514
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1081923
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1091226
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093088
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1093540
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098105
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1098676
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1103554
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1126647
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1128049
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\113.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1142971
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1143702
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1155990
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1157963
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1184561
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1191169
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\120.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1222364
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1276353
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1285586
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\12B.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13af1.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13e31.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\13ec7.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14025.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14089.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1410c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14184.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14224.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14397.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14780.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\147d0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14820.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14848.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1499302
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a1f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14a8d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14b0f.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14bec.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14e08.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\14f7b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15039.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1509d.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1517779
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\151a2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1550787
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1576c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\157f8.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15852.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1586949
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1588e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\15E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1606b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\161ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16292.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16473.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1649b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\168ac.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\169bb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16c8c.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16ce6.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\16e80.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\177.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17a79.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17b55.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\17E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1822e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\18238.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1868445
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\1884208
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\18a0b.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\192ce.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\19906.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1A5.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1a6e9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1afc0.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ba1e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1bdfe.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1cd67.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1E.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\1ea14.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\208934
[DETECTION] Is the TR/Agent.BACI Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2415040
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2417032
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\243a9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2469168
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2580a.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\25b36.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\29.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2ada2.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2bcbb.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2e6c9.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\2eccf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\30253.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3261e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\34.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3633874
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\3c808.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3D.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\3dbe8e.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4080083
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4130617
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4194846
[DETECTION] Is the TR/Agent.BACJ Trojan
D:\Documents and Settings\thu\Local Settings\Temp\4a694.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\506186
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\530201
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\537161
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\538182
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\545253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\548297
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\5514cf.x
[DETECTION] Is the TR/Dldr.Agent.2560.D Trojan
D:\Documents and Settings\thu\Local Settings\Temp\557861
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\566253
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\57.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\579512
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\580523
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\585150
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\587593
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\589136
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\604518
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\612309
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\625578
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\660348
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\689210
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\694347
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\6A.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\73.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\898741
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\92.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\933501
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\936331
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\944945
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\957532
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\958164
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\97.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\976461
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\990589
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Documents and Settings\thu\Local Settings\Temp\995529
[0] Archive type: NSIS
--> ProgramFilesDir/33.exe
[DETECTION] Is the TR/Obfuscated.kah Trojan
D:\Documents and Settings\thu\Local Settings\Temp\A4.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\BB.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Documents and Settings\thu\Local Settings\Temp\E0.tmp
--> Object
[DETECTION] Is the TR/Drop.Spy.Pca.A.2 Trojan
D:\Program Files\CCTV\CCTV Video Client\uninstall.exe
[WARNING] Invalid end of file
D:\Program Files\Internet Explorer\Sys_NtMe.Zys
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\UnixsMe.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
D:\Program Files\Internet Explorer\VitnNt64.987
[DETECTION] Is the TR/ATRAPS.Gen Trojan
D:\Program Files\Internet Explorer\VneNt64.Jmp
[DETECTION] Contains recognition pattern of the DR/Delphi.Gen dropper
 
End of the scan: 03 October 2012 00:37
Used time: 5:18:02 Hour(s)

The scan has been canceled!

11139 Scanned directories
242758 Files were scanned
183 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
161 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
242575 Files not concerned
2355 Archives were scanned
4 Warnings
161 Notes


the thing about this current computer is that it has been changed, cos my other PC broke due to the faulty motherboard. but this current computer i have now is much more older than my previous. this one is ridiculously old from the 90's. it was originally from a cousins workplace. when i scanned it the day i got it, thats when it detected all the serious amounts of viruses. and the only thing that was kept from my old computer was the hard drive, which is now in this one. also i have a very new recent wireless usb stick connected to this old piece of junk. i dont think streaming youtube videos works that well on this computer.
 
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.30.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Home :: FAMILYPC-0F08F1 [administrator]

06/10/2012 12:50:18
mbam-log-2012-10-06 (12-50-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 299115
Time elapsed: 6 hour(s), 56 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 8
D:\Program Files\Funshion Online\Funshion\RouterSetting.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Uninstall.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\Funshion.exe (PUP.Funshion) -> Quarantined and deleted successfully.
D:\Program Files\Funshion Online\Funshion\funshionplugin2.dll (PUP.Funshion) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150042.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{FFF5F88D-6AE9-4C53-9F1C-7BAF06C9CB1C}\RP243\A1150043.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\wpcap.dll (Malware.Packer.Gen) -> Quarantined and deleted successfully.
D:\WINNT\Packet.dll (HackTool.Agent) -> Quarantined and deleted successfully.

(end)
 
Status
Not open for further replies.
Back
Top