Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Results Redirected By Malware


  • This topic is locked This topic is locked
12 replies to this topic

#1 secrethobospices

secrethobospices

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 26 September 2008 - 04:45 PM

Hello,

I'm having a terrible time getting trying to get rid of a nasty infection from my PC. The problems thus far:

1) If I enter a search into Google, it returns correct results, but then when I click on one of those results it will take me to bogus sites like edmunds.com, shopzilla.com, pronto.com and others.

2) It seems to be preventing me from accessing several anti-malware sites as well, such as Trend Micro, Panda Anti Virus and Bit Defender.

3) It is also preventing me from updating anti-malware software such as Spybot, Ad-Aware, etc.

I've been reading about similar problems on various forums and have run all kinds of anti-malware stuff but can't get rid of it. Any help would be much appreciated! Here is my HijackThis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:17, on 26/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
C:\old_Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [IHTWINCINEMAMGR] "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [SoundMAXPnP] "C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [F5D9050] "C:\Program Files\Belkin\F5D9050\Belkinwcui.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\old_Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (file missing)

--
End of file - 8282 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 27 September 2008 - 10:14 AM

Hello. I am PropagandaPanda (Panda or PP for short) and I will be helping you with your log.

I am still in training, so my responses to you must be checked by a coach.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of a few guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it may not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
This tool will give us a more in depth look at the state of your machine.
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
With Regards,
The Panda

#3 secrethobospices

secrethobospices
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 27 September 2008 - 02:14 PM

Hi Panda, thanks for helping me out. Here's the logs:

OTViewIt.txt

OTViewIt logfile created on: 27/09/2008 1:56:27 PM - Run 1
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.23% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 0.95 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 8.30 Gb Free Space | 3.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2003/10/22 23:44:16 | 00,155,648 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[2003/10/23 08:09:16 | 00,155,648 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2006/11/06 04:27:18 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2003/05/29 16:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[2003/05/30 09:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2004/08/04 03:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2008/09/14 21:44:20 | 01,576,176 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\old_Program Files\WinZip\WZQKPICK.EXE
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2003/03/31 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2003/03/31 08:00:00 | 00,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drwtsn32.exe
[2008/09/27 13:55:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/08/04 03:56:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/14 15:50:12 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 01:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/06/20 08:00:00 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 20:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 20:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 11:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 11:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 11:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2005/08/02 17:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2004/08/04 03:56:57 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
File not found -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/10/23 19:21:56 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2003/07/18 05:17:28 | 00,349,056 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2004/08/04 02:10:16 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2003/06/03 11:48:12 | 00,147,328 | R--- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2003/09/23 10:42:34 | 00,007,296 | R--- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2004/08/04 01:59:19 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2002/09/20 10:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
[2004/08/04 01:58:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2004/08/04 02:10:28 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/08/04 02:10:12 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2004/08/04 01:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 17:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2008/05/16 14:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/04/09 09:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [Boot | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/17 22:23:14 | 00,024,608 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2004/08/04 01:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/09/06 21:34:58 | 00,347,776 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running])
[2008/05/29 08:17:46 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/29 08:17:45 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/06/13 09:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (Sasppsdpor [Disabled | Stopped])
[2006/11/06 04:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/08/09 14:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2008/08/09 14:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [Boot | Running])
[2008/08/09 14:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [Boot | Running])
[2004/08/04 02:10:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge [On_Demand | Stopped])
[2004/08/04 02:08:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/05/20 13:20:00 | 00,070,272 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viaraid.sys -- (viaraid [Boot | Running])
[2004/08/04 02:10:21 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/05/10 06:04:30 | 00,031,264 | ---- | M] (Exent Technologies Ltd.) -- G:\games\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/12/21 18:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus [Boot | Running])
[2003/12/23 03:15:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" (Belkin)
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" (InterVideo Inc.)
"IHTWINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" (Ahead Software Gmbh)
"NvCplDaemon"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"="C:\WINDOWS\system32\nwiz.exe" /install ()
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2007/10/02 13:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
[2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\old_Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3334504D-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB -- Reg Error: Key does not exist or could not be opened.
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1F58A5BE-2A37-4AD5-9190-2EE40E8CC1BC} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{610C37DD-FB32-4238-B3E6-67EAE129F5A3} (Servers: | Description: )
{6C938222-F03E-4160-AC81-91BA5DDF9452} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{F3FE5E0A-35B1-4C45-9049-8F76330B4831} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/22 20:31:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/09/27 13:55:18 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTViewIt.exe
[2008/09/26 15:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\TrojanHunter
[2008/09/26 15:20:05 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/26 15:20:05 | 00,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/26 15:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/26 15:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/26 15:18:58 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\J\Desktop\HijackThis.lnk
[2008/09/26 15:18:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/26 14:56:30 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/26 14:29:24 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 14:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/09/26 12:00:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/26 11:42:01 | 00,000,000 | ---D | C] -- C:\fixvirus
[2008/09/26 10:53:53 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2008/09/26 10:53:32 | 01,658,678 | ---- | C] () -- C:\SmitfraudFix.exe
[2008/09/25 09:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/25 09:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/25 09:49:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/23 19:23:49 | 00,038,698 | ---- | C] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 08:41:10 | 00,000,000 | ---D | C] -- C:\wii
[2008/09/12 15:45:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/05 08:35:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/27 13:55:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\OTViewIt.exe
[2008/09/27 13:47:34 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\J\My Documents\My Sharing Folders.lnk
[2008/09/27 13:46:27 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/27 13:45:02 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008/09/27 13:44:25 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/27 13:44:24 | 00,015,672 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2008/09/27 13:44:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/27 13:44:13 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/26 17:36:49 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/26 15:49:14 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/09/26 15:20:05 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Watch.lnk
[2008/09/26 15:20:05 | 00,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2008/09/26 15:18:58 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\J\Desktop\HijackThis.lnk
[2008/09/26 14:29:30 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 12:02:05 | 00,001,150 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/26 12:00:50 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/26 11:11:36 | 00,003,384 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/26 09:34:12 | 01,658,678 | ---- | M] () -- C:\SmitfraudFix.exe
[2008/09/25 16:57:44 | 00,184,832 | ---- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/24 08:13:30 | 04,248,914 | -H-- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\IconCache.db
[2008/09/23 19:52:13 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/09/23 19:23:49 | 00,038,698 | ---- | M] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 22:25:08 | 00,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/09/20 14:41:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/19 14:29:57 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/12 12:03:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/10 13:31:09 | 00,047,866 | ---- | M] () -- C:\Documents and Settings\J\My Documents\MP31.nr3
< End of report >



Extras.txt

OTViewIt Extras logfile created on: 27/09/2008 1:56:27 PM - Run J
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.54 Gb Available Physical Memory | 77.23% Memory free
3.85 Gb Paging File | 3.45 Gb Available in Paging File | 89.71% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 0.95 Gb Free Space | 0.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 8.30 Gb Free Space | 3.56% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1.87 Gb Total Space | 1.87 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/08/22 11:45:55 | 00,159,744 | ---- | M] () -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/02/22 01:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=FileViewerUtility 1.0
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}"=MySQL Connector/ODBC 3.51
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}"=Soap 3.0 Toolkit
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}"=UFile 2007
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}"=MSXML4SP2
"{4EF35381-14BA-4163-AF82-4B34A9F0D60D}"=MySQL Server 4.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59152D0E-DDFE-4769-A746-776457091048}"=Outlook 2007 HTML and CSS Validator
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}"=Roxio Media Manager
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8ECBE643-8230-11D5-9D6B-00A024112F81}"=VDMSound 2.0.4
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Viewer 2003 (English)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=PhotoStitch
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7651FB4-AC2E-4020-90E2-B71C8C379F48}"=Macromedia Captivate
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.8
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=RemoteCapture 2.6
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon Camera WIA Driver
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}"=UFile Updater 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D1C04983-CBB6-4F60-9755-89527DF93050}"=Bug Tracker Server 3
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb"=X-Wing & TIE Fighter 95 Compatibility Fix
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}"=Garmin Training Center v4
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}"=DirectX for Managed Code Update (Summer 2004)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"=Alcohol 120% (Trial Version)
"{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}"=Home Theater
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Advanced WMA Workshop_is1"=Advanced WMA Workshop version 2.1
"AIM_6"=AIM 6
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"BLACKSHADES"=Black Shades (remove only)
"BulentsScreenRecorder4"=Bulent's Screen Recorder 4
"burnatonce_is1"=burnatonce
"camcodec"=CamStudio Lossless Codec
"CANONBJ_Deinstall_CNMCP69.DLL"=Canon PIXMA iP6000D
"CodInstl"=Intel A/V Codecs V2.0
"CoreAAC Audio Decoder"=CoreAAC Audio Decoder (remove only)
"DreamWorks Interactive: Trespasser"=Trespasser
"ffdshow_is1"=ffdshow [rev 1723] [2007-12-24]
"Game Elements PC Recoil Pad"=Game Elements PC Recoil Pad
"Gymnast_is1"=Gymnast v1.0
"HaaliMkx"=Haali Media Splitter
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=Canon Utilities FileViewerUtility 1.0
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Jagged Alliance 2 Gold"=Jagged Alliance 2 Gold
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.76 Full
"LEGO Digital Designer"=LEGO Digital Designer
"LimeWire"=LimeWire 4.12.6
"LucasArts' TIE Fighter"=LucasArts' TIE Fighter
"LucasArts' X-Wing"=LucasArts' X-Wing
"LucasArts' X-Wing Alliance"=LucasArts' X-Wing Alliance
"Lugaru_is1"=Lugaru v1.05
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Magic ISO Maker v5.5 (build 0261)"=Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft SQL Server 2000"=Microsoft SQL Server 2000
"mIRC"=mIRC
"Mozilla Firefox (3.0.2)"=Mozilla Firefox (3.0.2)
"Mozilla Thunderbird (2.0.0.16)"=Mozilla Thunderbird (2.0.0.16)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Pixie_is1"=Pixie
"PowerISO"=PowerISO
"RealAlt_is1"=Real Alternative 1.48
"ScreenRecorder"=Bulent's Screen Recorder
"Shareaza_is1"=Shareaza 2.3.1.0
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Soldat_is1"=Soldat 1.2.1
"Soulseek"=SoulSeek Client 156c
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"The Longest Journey"=The Longest Journey
"TVersity Codec Pack"=TVersity Codec Pack 1.2
"TVersity Media Server "=TVersity Media Server 1.0.0.3 RC2
"VisDir Free Disk Space Finder_is1"=VisDir Free Disk Space Finder v 1.4
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.00
"w_spf2x"=Super Puzzle Fighter II Turbo
"Wacom Tablet Driver"=Wacom Tablet Driver
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinPcapInst"=WinPcap 3.1
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"XWA Dat Customizer"=XWA Dat Customizer v1.0
"ZoomPlayer"=Zoom Player (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/09/2008 10:23:05 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application Belkinwcui.exe, version 1.0.0.28, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 12:01:48 PM | Computer Name = JON | Source = MsiInstaller | ID = 11704
Description = Product: Spy Sweeper Core -- Error 1704.An installation for Webroot
Secure Backup is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 26/09/2008 1:00:13 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application scanner.exe, version 3.8.0.4, faulting module
scanner.exe, version 3.8.0.4, fault address 0x00010f51.

Error - 26/09/2008 4:00:55 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3241, fault address 0x001d7f12.

Error - 26/09/2008 4:01:04 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 26/09/2008 4:02:02 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 4:24:45 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x38306563.

Error - 27/09/2008 1:52:37 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application mssysmgr.exe, version 0.0.0.0, faulting module
uxtheme.dll, version 6.0.2900.2180, fault address 0x000040cf.

Error - 27/09/2008 1:53:05 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 27/09/2008 1:54:57 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application mssysmgr.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/09/2008 4:05:02 PM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 26/09/2008 4:05:02 PM | Computer Name = JON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu Tcpip

Error - 26/09/2008 4:17:53 PM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 26/09/2008 4:17:59 PM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/09/2008 4:21:28 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 26/09/2008 4:24:49 PM | Computer Name = JON | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 26/09/2008 4:24:49 PM | Computer Name = JON | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/09/2008 4:27:35 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 27/09/2008 1:44:25 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 27/09/2008 1:44:30 PM | Computer Name = JON | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 28 September 2008 - 08:34 AM

Hello Secrethobospices.

I don't see anything in your logs that would be causing those problems (so far), but we will dig deeper. First we should install an antivirus.

Peer-to-Peer Programs Warning
Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s). However, please refrain from using them until your computer has been declared clean.

Install Antivirus
An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a free anti-virus program from one of the trusted venders below:After installing, update the database, run a full system scan and remove any items found.

**If we are dealing with a rootkit, it is possible that you will be prevented from installing an antivirus.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..


Post back with:
-the GMER log
-a new OTViewIt log

Tell me if your newly installed antivirus found anything other than cookies.

With Regards,
The Panda

#5 secrethobospices

secrethobospices
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 28 September 2008 - 02:00 PM

Hi Panda,

AntiVir found the following items, which were removed:

virus or unwanted program 'TR/Delf.36352' [trojan]
virus or unwanted program 'TR/Crypt.ULPM.Gen' [trojan]
virus or unwanted program 'TR/Crypt.ULPM.Gen' [trojan]
virus or unwanted program 'TR/Drop.Agent.KG' [trojan]
virus or unwanted program 'DR/Agent.dbf.1' [dropper]
virus or unwanted program 'DR/SaveNow.Z.8' [dropper]


GMER log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-28 14:49:16
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 8A56AC60 ZwAllocateVirtualMemory
SSDT 8A580208 ZwCreateKey
SSDT 8A54A278 ZwCreateProcess
SSDT 8A54A200 ZwCreateProcessEx
SSDT F7A9361C ZwCreateThread
SSDT 8A555140 ZwDeleteKey
SSDT 8A54A2F0 ZwDeleteValueKey
SSDT F7A93608 ZwOpenProcess
SSDT F7A9360D ZwOpenThread
SSDT 8A56ACD8 ZwQueueApcThread
SSDT 8A56AB70 ZwReadVirtualMemory
SSDT 8A54BD10 ZwRenameKey
SSDT 8A56ADC8 ZwSetContextThread
SSDT 8A5500A8 ZwSetInformationKey
SSDT 8A56A020 ZwSetInformationProcess
SSDT 8A56AE40 ZwSetInformationThread
SSDT 8A54A368 ZwSetValueKey
SSDT 8A56AFA8 ZwSuspendProcess
SSDT 8A56AD50 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB7D2EF20]
SSDT 8A56AEB8 ZwTerminateThread
SSDT F7A93612 ZwWriteVirtualMemory

Code E19CA5A8 ZwEnumerateKey
Code E19CF538 ZwFlushInstructionCache
Code BAEC2E21 pIofCallDriver

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + BA 804E48F4 2 Bytes [ 60, AC ]
PAGE ntoskrnl.exe!ZwEnumerateKey 805783AC 5 Bytes JMP E19CA5AC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80585F1A 5 Bytes JMP E19CF53C

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!connect 71AB406A 5 Bytes JMP 00C7000A
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!send 71AB428A 5 Bytes JMP 00C9000A
.text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!closesocket 71AB9639 5 Bytes JMP 00C8000A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA00
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA00
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A56AA00
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA00
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AAF8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5A3F3C

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 8A23D1C0
Device \Driver\Tcpip \Device\Ip 8A0FA3B0
Device \Driver\Tcpip \Device\Ip 8A107A60
Device \Driver\Tcpip \Device\Ip 89A08E98
Device \Driver\Tcpip \Device\Ip 899FFB10
Device \Driver\Tcpip \Device\Tcp 8A23D1C0
Device \Driver\Tcpip \Device\Tcp 8A0FA3B0
Device \Driver\Tcpip \Device\Tcp 8A107A60
Device \Driver\Tcpip \Device\Tcp 89A08E98
Device \Driver\Tcpip \Device\Tcp 899FFB10
Device \Driver\Cdrom \Device\CdRom0 8A172930
Device \FileSystem\Rdbss \Device\FsWrap 899DE1BC
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 8A172EC8
Device \Driver\atapi \Device\Ide\IdePort0 8A172EC8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A172EC8
Device \Driver\atapi \Device\Ide\IdePort1 8A172EC8
Device \Driver\atapi \Device\Ide\IdePort2 8A172EC8
Device \Driver\atapi \Device\Ide\IdePort3 8A172EC8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c 8A172EC8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A172EC8
Device \Driver\Cdrom \Device\CdRom1 8A172930
Device \Driver\Cdrom \Device\CdRom2 8A172930
Device \FileSystem\Srv \Device\LanmanServer 8A338264
Device \Driver\Tcpip \Device\Udp 8A23D1C0
Device \Driver\Tcpip \Device\Udp 8A0FA3B0
Device \Driver\Tcpip \Device\Udp 8A107A60
Device \Driver\Tcpip \Device\Udp 89A08E98
Device \Driver\Tcpip \Device\Udp 899FFB10
Device \Driver\Tcpip \Device\RawIp 8A23D1C0
Device \Driver\Tcpip \Device\RawIp 8A0FA3B0
Device \Driver\Tcpip \Device\RawIp 8A107A60
Device \Driver\Tcpip \Device\RawIp 89A08E98
Device \Driver\Tcpip \Device\RawIp 899FFB10
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FE5AB4
Device \Driver\Tcpip \Device\IPMULTICAST 8A23D1C0
Device \Driver\Tcpip \Device\IPMULTICAST 8A0FA3B0
Device \Driver\Tcpip \Device\IPMULTICAST 8A107A60
Device \Driver\Tcpip \Device\IPMULTICAST 89A08E98
Device \Driver\Tcpip \Device\IPMULTICAST 899FFB10
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FE5AB4
Device \FileSystem\Npfs \Device\NamedPipe 8A21F5B4
Device \FileSystem\Msfs \Device\Mailslot 89A841EC
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 8A09E478
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 8A09E478
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 89FA7934
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 89FA7934
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 89FA7934
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 89FA7934
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 89FA7934
Device \FileSystem\Cdfs \Cdfs 8A1D09C4

---- Modules - GMER 1.0.14 ----

Module _________ F741E000-F7436000 (98304 bytes)
Module \systemroot\system32\drivers\TDSSserv.sys (*** hidden *** ) BAEC1000-BAECC000 (45056 bytes)

---- Threads - GMER 1.0.14 ----

Thread 4:640 BAEC2D7E

---- Services - GMER 1.0.14 ----

Service C:\WINDOWS\system32\drivers\TDSSserv.sys (*** hidden *** ) [SYSTEM] TDSSserv <-- ROOTKIT !!!

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Minimal\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys
Reg HKLM\SYSTEM\ControlSet003\Control\SafeBoot\Network\TDSSserv.sys@ driver
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\TDSSserv@imagepath \systemroot\system32\drivers\TDSSserv.sys
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@affid 61
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@subid v2test7
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@control 0x1A 0x00 0x15 0x13 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@prov 10010
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@googleadserver pagead2.googlesyndication.com
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@flagged 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata@serf_once 1

---- EOF - GMER 1.0.14 ----



OTViewIt.Txt

OTViewIt logfile created on: 28/09/2008 2:50:42 PM - Run 2
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.67% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 1.83 Gb Free Space | 1.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 7.43 Gb Free Space | 3.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2003/10/22 23:44:16 | 00,155,648 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[2003/10/23 08:09:16 | 00,155,648 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2008/02/22 04:25:21 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2006/11/06 04:27:18 | 00,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
[2003/05/29 16:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[2003/05/30 09:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2004/08/04 03:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2004/05/12 16:04:54 | 00,196,608 | ---- | M] () -- C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\old_Program Files\WinZip\WZQKPICK.EXE
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/06/23 05:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2004/08/04 03:56:54 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008/09/27 13:55:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\Cleaners\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/08/04 03:56:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/14 15:50:12 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 01:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/06/20 08:00:00 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 20:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 20:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 11:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 11:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 11:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2005/08/02 17:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2004/08/04 03:56:57 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
File not found -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/10/23 19:21:56 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2003/07/18 05:17:28 | 00,349,056 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
[2004/08/04 02:10:16 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2003/06/03 11:48:12 | 00,147,328 | R--- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2003/09/23 10:42:34 | 00,007,296 | R--- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2004/08/04 01:59:19 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2002/09/20 10:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
[2004/08/04 01:58:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2004/08/04 02:10:28 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/08/04 02:10:12 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2004/08/04 01:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 17:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2008/05/16 14:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/04/09 09:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [Boot | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/17 22:23:14 | 00,024,608 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2004/08/04 01:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/09/06 21:34:58 | 00,347,776 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running])
[2008/05/29 08:17:46 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/29 08:17:45 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/06/13 09:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (Sasppsdpor [Disabled | Stopped])
[2006/11/06 04:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/08/09 14:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2008/08/09 14:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [Boot | Running])
[2008/08/09 14:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/08/04 02:10:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge [On_Demand | Stopped])
[2004/08/04 02:08:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/05/20 13:20:00 | 00,070,272 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viaraid.sys -- (viaraid [Boot | Running])
[2004/08/04 02:10:21 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/05/10 06:04:30 | 00,031,264 | ---- | M] (Exent Technologies Ltd.) -- G:\games\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/12/21 18:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus [Boot | Running])
[2003/12/23 03:15:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (23 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
""= File not found
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" (Belkin)
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" (InterVideo Inc.)
"IHTWINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" (Ahead Software Gmbh)
"NvCplDaemon"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"="C:\WINDOWS\system32\nwiz.exe" /install ()
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2007/10/02 13:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
[2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\old_Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145


========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3334504D-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB -- Reg Error: Key does not exist or could not be opened.
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_06
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_09
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_10
{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab -- Java Plug-in 1.5.0_11
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1F58A5BE-2A37-4AD5-9190-2EE40E8CC1BC} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{610C37DD-FB32-4238-B3E6-67EAE129F5A3} (Servers: | Description: )
{6C938222-F03E-4160-AC81-91BA5DDF9452} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{F3FE5E0A-35B1-4C45-9049-8F76330B4831} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/22 20:31:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/09/28 14:32:32 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/09/28 14:32:05 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/09/28 14:32:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/09/28 11:07:55 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/09/28 11:07:55 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/09/28 11:07:54 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/09/28 11:07:51 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/26 15:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\TrojanHunter
[2008/09/26 15:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/26 15:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/26 15:18:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/26 14:56:30 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/26 14:29:24 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 14:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/09/26 12:00:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/26 11:42:01 | 00,000,000 | ---D | C] -- C:\fixvirus
[2008/09/26 10:53:53 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2008/09/26 10:53:32 | 01,658,678 | ---- | C] () -- C:\SmitfraudFix.exe
[2008/09/25 09:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/25 09:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/25 09:49:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/23 19:23:49 | 00,038,698 | ---- | C] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 08:41:10 | 00,000,000 | ---D | C] -- C:\wii
[2008/09/12 15:45:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/05 08:35:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/28 14:45:30 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/28 14:45:10 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/09/28 14:43:40 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008/09/28 14:43:36 | 00,015,672 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2008/09/28 14:43:26 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/28 14:43:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/28 14:43:15 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/09/28 11:16:29 | 00,184,832 | ---- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/28 09:38:48 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\J\My Documents\My Sharing Folders.lnk
[2008/09/27 14:41:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/26 17:36:49 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/26 15:49:14 | 00,000,023 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/09/26 14:29:30 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 12:02:05 | 00,001,150 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/26 12:00:50 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/26 11:11:36 | 00,003,384 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/26 09:34:12 | 01,658,678 | ---- | M] () -- C:\SmitfraudFix.exe
[2008/09/24 08:13:30 | 04,248,914 | -H-- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\IconCache.db
[2008/09/23 19:52:13 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/09/23 19:23:49 | 00,038,698 | ---- | M] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 22:25:08 | 00,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/09/19 14:29:57 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/12 12:03:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/10 13:31:09 | 00,047,866 | ---- | M] () -- C:\Documents and Settings\J\My Documents\MP31.nr3
< End of report >



Extras.Txt

OTViewIt Extras logfile created on: 28/09/2008 2:50:42 PM - Run J
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.67% Memory free
3.85 Gb Paging File | 3.40 Gb Available in Paging File | 88.43% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 1.83 Gb Free Space | 1.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 7.43 Gb Free Space | 3.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/08/22 11:45:55 | 00,159,744 | ---- | M] () -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/02/22 01:23:39 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=FileViewerUtility 1.0
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}"=MySQL Connector/ODBC 3.51
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}"=Soap 3.0 Toolkit
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0150060}"=J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}"=J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}"=J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}"=J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}"=UFile 2007
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}"=MSXML4SP2
"{4EF35381-14BA-4163-AF82-4B34A9F0D60D}"=MySQL Server 4.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59152D0E-DDFE-4769-A746-776457091048}"=Outlook 2007 HTML and CSS Validator
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}"=Roxio Media Manager
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8ECBE643-8230-11D5-9D6B-00A024112F81}"=VDMSound 2.0.4
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Viewer 2003 (English)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=PhotoStitch
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7651FB4-AC2E-4020-90E2-B71C8C379F48}"=Macromedia Captivate
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.8
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=RemoteCapture 2.6
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon Camera WIA Driver
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}"=UFile Updater 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D1C04983-CBB6-4F60-9755-89527DF93050}"=Bug Tracker Server 3
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb"=X-Wing & TIE Fighter 95 Compatibility Fix
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}"=Garmin Training Center v4
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}"=DirectX for Managed Code Update (Summer 2004)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"=Alcohol 120% (Trial Version)
"{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}"=Home Theater
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Advanced WMA Workshop_is1"=Advanced WMA Workshop version 2.1
"AIM_6"=AIM 6
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"BLACKSHADES"=Black Shades (remove only)
"BulentsScreenRecorder4"=Bulent's Screen Recorder 4
"burnatonce_is1"=burnatonce
"camcodec"=CamStudio Lossless Codec
"CANONBJ_Deinstall_CNMCP69.DLL"=Canon PIXMA iP6000D
"CodInstl"=Intel A/V Codecs V2.0
"CoreAAC Audio Decoder"=CoreAAC Audio Decoder (remove only)
"DreamWorks Interactive: Trespasser"=Trespasser
"ffdshow_is1"=ffdshow [rev 1723] [2007-12-24]
"Game Elements PC Recoil Pad"=Game Elements PC Recoil Pad
"Gymnast_is1"=Gymnast v1.0
"HaaliMkx"=Haali Media Splitter
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=Canon Utilities FileViewerUtility 1.0
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Jagged Alliance 2 Gold"=Jagged Alliance 2 Gold
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.76 Full
"LEGO Digital Designer"=LEGO Digital Designer
"LimeWire"=LimeWire 4.12.6
"LucasArts' TIE Fighter"=LucasArts' TIE Fighter
"LucasArts' X-Wing"=LucasArts' X-Wing
"LucasArts' X-Wing Alliance"=LucasArts' X-Wing Alliance
"Lugaru_is1"=Lugaru v1.05
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Magic ISO Maker v5.5 (build 0261)"=Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft SQL Server 2000"=Microsoft SQL Server 2000
"mIRC"=mIRC
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"Mozilla Thunderbird (2.0.0.16)"=Mozilla Thunderbird (2.0.0.16)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Pixie_is1"=Pixie
"PowerISO"=PowerISO
"RealAlt_is1"=Real Alternative 1.48
"ScreenRecorder"=Bulent's Screen Recorder
"Shareaza_is1"=Shareaza 2.3.1.0
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Soldat_is1"=Soldat 1.2.1
"Soulseek"=SoulSeek Client 156c
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"The Longest Journey"=The Longest Journey
"TVersity Codec Pack"=TVersity Codec Pack 1.2
"TVersity Media Server "=TVersity Media Server 1.0.0.3 RC2
"VisDir Free Disk Space Finder_is1"=VisDir Free Disk Space Finder v 1.4
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.00
"w_spf2x"=Super Puzzle Fighter II Turbo
"Wacom Tablet Driver"=Wacom Tablet Driver
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinPcapInst"=WinPcap 3.1
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"XWA Dat Customizer"=XWA Dat Customizer v1.0
"ZoomPlayer"=Zoom Player (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22/09/2008 10:23:05 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application Belkinwcui.exe, version 1.0.0.28, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 12:01:48 PM | Computer Name = JON | Source = MsiInstaller | ID = 11704
Description = Product: Spy Sweeper Core -- Error 1704.An installation for Webroot
Secure Backup is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 26/09/2008 1:00:13 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application scanner.exe, version 3.8.0.4, faulting module
scanner.exe, version 3.8.0.4, fault address 0x00010f51.

Error - 26/09/2008 4:00:55 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3241, fault address 0x001d7f12.

Error - 26/09/2008 4:01:04 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 26/09/2008 4:02:02 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 4:24:45 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x38306563.

Error - 27/09/2008 1:52:37 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application mssysmgr.exe, version 0.0.0.0, faulting module
uxtheme.dll, version 6.0.2900.2180, fault address 0x000040cf.

Error - 27/09/2008 1:53:05 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 27/09/2008 1:54:57 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application mssysmgr.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 26/09/2008 4:17:53 PM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 26/09/2008 4:17:59 PM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 26/09/2008 4:21:28 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 26/09/2008 4:24:49 PM | Computer Name = JON | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 26/09/2008 4:24:49 PM | Computer Name = JON | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 26/09/2008 4:27:35 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 27/09/2008 1:44:25 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 27/09/2008 1:44:30 PM | Computer Name = JON | Source = NetBT | ID = 4307
Description = Initialization failed because the transport refused to open initial
Addresses.

Error - 28/09/2008 2:35:19 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 28/09/2008 2:43:39 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3


< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 29 September 2008 - 07:17 AM

Hello Secrethobospices.

Posted ImageBackdoor Threat
I'm sorry to say that your computer is infected with one or more backdoor trojans.

This means that sensitive information could have been stolen. I would advise to change any passwords for any accounts that you have accessed with the infected computer using a clean computer ASAP. If you have used this computer for banking, I would strongly suggest that you report the possible stolen information. Please do not use the computer for any further transactions, or to enter any other information, if at all possible, until it is declared clean.

You may want to read this article on how to handle identity theft.
You may also want to read this article regarding preventing of identity theft.

This computer can still be cleaned, however, I cannot guarantee that it will be 100% safe even after disinfection.

Please read When Should I Format, How Should I Reinstall.

I will proceed assuming you wish to disinfect. If you want to do a reinstall, reply back saying so.

Download and Run SDFix
You can find complete instructions on running SDFix in the link below:
http://www.bleepingcomputer.com/forums/t/131299/how-to-use-sdfix/

SDfix is for Windows 2000 and Windows XP only,
  • Download SDfix setup onto your desktop.
  • Run the installer. Leave the install location at your system root.
  • After the install, boot into Safe Mode.
  • Click your Start Menu. Click Run. Type in c:\sdfix\runthis.bat. Hit OK.
  • The prompt window will open. Type Y and hit Enter.
  • Wait for the scan to finish.
  • You will be prompted to restart. Press anykey to do so. Allow Sdfix to boot the computer into normal boot.
  • At reboot, the prompt window will pop-up, along with a log (\rapport.txt) shortly after. Copy the contents of the log back in your next reply.
How to Boot into Safe Mode
Print out all intructions to be carried out in Safe Mode, or save them onto your desktop as you will not be able to access the forum where you are receiving help.

If you are unfimiliar with the boot process, please jot down the boot instructions.
  • Shutdown your computer.
  • Press the power on button.
  • Wait for your computer to beep.
  • After hearing the beep, hit the F8 key repeatedly until you see a selection screen.
  • Use your arrow keys to navigate the highlight to Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP, if the highlight was not already on it.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

Update Java to Version 6 Update 7
Your current version of Java is outdated. Malware creators can exploit the lesser security of older versions. Please uninstall your current version through Add/Remove Programs. Remove all instances of Java, J2SE Runtime, Java Runtime, and Java Runtime Environment. Restart your computer after uninstalling.

Please then install the latest Java from this page. Follow the prompts and select the appropriate settings for your machine. Click on the "Required File" jdk-6u7-windows-i586-p.exe to download the installer. Double click the installer to run. Delete the installer after use.


Post back with:
-the SDFix log
-a new GMER log
-a new OTViewIt log

Tell me if you are still being redirected and how your computer is running overall. Can you access those security sites now?

With Regards,
The Panda

#7 secrethobospices

secrethobospices
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 29 September 2008 - 11:35 AM

Hi Panda,

Things are looking good now! Google results are back to normal, no blocked sites and I am able to update antivirus software again. Thanks so much, you've been a tremendous help!

Here are the logs:


SDFix report.txt:

SDFix: Version 1.230
Run by J on 29/09/2008 at 10:25

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\system32\drivers\tdssserv.sys - Deleted
C:\WINDOWS\system32\tdssadw.dll - Deleted
C:\WINDOWS\system32\tdssinit.dll - Deleted
C:\WINDOWS\system32\tdssl.dll - Deleted
C:\WINDOWS\system32\tdsslog.dll - Deleted
C:\WINDOWS\system32\tdssmain.dll - Deleted
C:\WINDOWS\system32\tdssserf.dll - Deleted
C:\WINDOWS\system32\tdssserf1.dll - Deleted
C:\WINDOWS\system32\tdssservers.dat - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-29 10:43:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\messenger\\msmsgs.exe"="C:\\Program Files\\messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"="C:\\Program Files\\TVersity\\Media Server\\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\AIM6\\aim6.exe"="C:\\Program Files\\AIM6\\aim6.exe:*:Enabled:AIM"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sat 3 Jun 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 7 Jun 2006 400 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.bla.bak"
Wed 7 Jun 2006 48 ..SH. --- "C:\Documents and Settings\All Users\DRM\v2ks.sec.bak"
Wed 7 Jun 2006 400 A.SH. --- "C:\Documents and Settings\All Users\DRM\v3ks.bla.bak"
Fri 17 Nov 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 3 May 2004 67,944 ...H. --- "C:\Program Files\Ahead\Ahead\data\Nero PhotoShow Express.exe"
Fri 12 Nov 2004 37,376 ...H. --- "C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe"

Finished!


GMER log:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-09-29 12:00:32
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT 8A56ACD8 ZwAllocateVirtualMemory
SSDT 8A555140 ZwCreateKey
SSDT 8A54AA90 ZwCreateProcess
SSDT 8A54AA18 ZwCreateProcessEx
SSDT B9AD1BEC ZwCreateThread
SSDT 8A54BD10 ZwDeleteKey
SSDT 8A54AB08 ZwDeleteValueKey
SSDT B9AD1BD8 ZwOpenProcess
SSDT B9AD1BDD ZwOpenThread
SSDT 8A56AD50 ZwQueueApcThread
SSDT 8A56ABE8 ZwReadVirtualMemory
SSDT 8A5500A8 ZwRenameKey
SSDT 8A56AE40 ZwSetContextThread
SSDT 8A54ABF8 ZwSetInformationKey
SSDT 8A54A928 ZwSetInformationProcess
SSDT 8A56AEB8 ZwSetInformationThread
SSDT 8A54AB80 ZwSetValueKey
SSDT 8A56A020 ZwSuspendProcess
SSDT 8A56ADC8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB75B1F20]
SSDT 8A56AF30 ZwTerminateThread
SSDT B9AD1BE2 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution + BA 804E48F4 2 Bytes [ D8, AC ]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[2072] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA78
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AB70
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AB70
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA78
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA78
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AB70
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 8A56AB70
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 8A56AA78
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AB70
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 8A56AA78
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 8A56AB70

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A5A3CFC

AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))

Device \Driver\Tcpip \Device\Ip 8A00AA90
Device \Driver\Tcpip \Device\Ip 89FDEC90
Device \Driver\Tcpip \Device\Ip 89D6A860
Device \Driver\Tcpip \Device\Ip 89EE19C8
Device \Driver\Tcpip \Device\Tcp 8A00AA90
Device \Driver\Tcpip \Device\Tcp 89FDEC90
Device \Driver\Tcpip \Device\Tcp 89D6A860
Device \Driver\Tcpip \Device\Tcp 89EE19C8
Device \Driver\Cdrom \Device\CdRom0 8A154428
Device \FileSystem\Rdbss \Device\FsWrap 89FB5844
Device \Driver\Cdrom \Device\CdRom1 8A154428
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-24 8A154AA0
Device \Driver\atapi \Device\Ide\IdePort0 8A154AA0
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A154AA0
Device \Driver\atapi \Device\Ide\IdePort1 8A154AA0
Device \Driver\atapi \Device\Ide\IdePort2 8A154AA0
Device \Driver\atapi \Device\Ide\IdePort3 8A154AA0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1c 8A154AA0
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A154AA0
Device \Driver\Cdrom \Device\CdRom2 8A154428
Device \FileSystem\Srv \Device\LanmanServer 897C38AC
Device \Driver\Tcpip \Device\Udp 8A00AA90
Device \Driver\Tcpip \Device\Udp 89FDEC90
Device \Driver\Tcpip \Device\Udp 89D6A860
Device \Driver\Tcpip \Device\Udp 89EE19C8
Device \Driver\Tcpip \Device\RawIp 8A00AA90
Device \Driver\Tcpip \Device\RawIp 89FDEC90
Device \Driver\Tcpip \Device\RawIp 89D6A860
Device \Driver\Tcpip \Device\RawIp 89EE19C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89FD2D44
Device \Driver\Tcpip \Device\IPMULTICAST 8A00AA90
Device \Driver\Tcpip \Device\IPMULTICAST 89FDEC90
Device \Driver\Tcpip \Device\IPMULTICAST 89D6A860
Device \Driver\Tcpip \Device\IPMULTICAST 89EE19C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 89FD2D44
Device \FileSystem\Npfs \Device\NamedPipe 8A2E8A3C
Device \FileSystem\Msfs \Device\Mailslot 89FED89C
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 8A089918
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port5Path0Target0Lun0 8A089918
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A075A3C
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A075A3C
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A075A3C
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A075A3C
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A075A3C
Device \FileSystem\Cdfs \Cdfs 8A21B15C

---- Modules - GMER 1.0.14 ----

Module _________ F741E000-F7436000 (98304 bytes)

---- EOF - GMER 1.0.14 ----


OTViewIt.txt:

OTViewIt logfile created on: 29/09/2008 12:10:12 PM - Run 3
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.30% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 1.06 Gb Free Space | 0.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 7.20 Gb Free Space | 3.09% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1.89 Gb Total Space | 1.62 Gb Free Space | 85.55% Space Free | Partition Type: FAT

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
[2003/10/22 23:44:16 | 00,155,648 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[2003/10/23 08:09:16 | 00,155,648 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2003/05/29 16:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[2003/05/30 09:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2004/08/04 03:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
[2004/05/12 16:04:54 | 00,196,608 | ---- | M] () -- C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\old_Program Files\WinZip\WZQKPICK.EXE
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/04/17 21:13:02 | 00,811,008 | ---- | M] () -- C:\fixvirus\Sep28\gmer\gmer.exe
[2008/09/27 13:55:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\Cleaners\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
[2004/08/04 03:56:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/14 15:50:12 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 01:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/06/20 08:00:00 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 20:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 20:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 11:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 11:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 11:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2005/08/02 17:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2004/08/04 03:56:57 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
File not found -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/10/23 19:21:56 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2003/07/18 05:17:28 | 00,349,056 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
File not found -- C:\DOCUME~1\J\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2003/06/03 11:48:12 | 00,147,328 | R--- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2003/09/23 10:42:34 | 00,007,296 | R--- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2004/08/04 01:59:19 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2002/09/20 10:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
[2004/08/04 01:58:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2004/08/04 02:10:28 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/08/04 02:10:12 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2004/08/04 01:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 17:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2008/05/16 14:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/04/09 09:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [Boot | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/17 22:23:14 | 00,024,608 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2004/08/04 01:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/09/06 21:34:58 | 00,347,776 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running])
[2008/05/29 08:17:46 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/29 08:17:45 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/06/13 09:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (Sasppsdpor [Disabled | Stopped])
[2006/11/06 04:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/08/09 14:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2008/08/09 14:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [Boot | Running])
[2008/08/09 14:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/08/04 02:10:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge [On_Demand | Stopped])
[2004/08/04 02:08:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/05/20 13:20:00 | 00,070,272 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viaraid.sys -- (viaraid [Boot | Running])
[2004/08/04 02:10:21 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/05/10 06:04:30 | 00,031,264 | ---- | M] (Exent Technologies Ltd.) -- G:\games\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/12/21 18:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus [Boot | Running])
[2003/12/23 03:15:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" (Belkin)
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" (InterVideo Inc.)
"IHTWINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" (Ahead Software Gmbh)
"NvCplDaemon"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"="C:\WINDOWS\system32\nwiz.exe" /install ()
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2007/10/02 13:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
[2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\old_Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3334504D-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB -- Reg Error: Key does not exist or could not be opened.
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1F58A5BE-2A37-4AD5-9190-2EE40E8CC1BC} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{610C37DD-FB32-4238-B3E6-67EAE129F5A3} (Servers: | Description: )
{6C938222-F03E-4160-AC81-91BA5DDF9452} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{F3FE5E0A-35B1-4C45-9049-8F76330B4831} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/22 20:31:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/29 12:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/09/29 11:25:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/09/29 10:16:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/09/29 10:12:20 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/09/28 14:32:32 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/09/28 14:32:05 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/09/28 14:32:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/09/28 11:07:55 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/09/28 11:07:55 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/09/28 11:07:54 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/09/28 11:07:51 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/26 15:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\TrojanHunter
[2008/09/26 15:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/26 15:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/26 15:18:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/26 14:56:30 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/26 14:29:24 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 14:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/09/26 12:00:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/26 11:42:01 | 00,000,000 | ---D | C] -- C:\fixvirus
[2008/09/26 10:53:53 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2008/09/26 10:53:32 | 01,658,678 | ---- | C] () -- C:\SmitfraudFix.exe
[2008/09/25 09:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/25 09:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2008/09/25 09:49:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/23 19:23:49 | 00,038,698 | ---- | C] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 08:41:10 | 00,000,000 | ---D | C] -- C:\wii
[2008/09/12 15:45:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/05 08:35:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/09/29 12:10:36 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\J\My Documents\My Sharing Folders.lnk
[2008/09/29 11:35:44 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/09/29 11:23:11 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/09/29 11:22:44 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008/09/29 11:21:08 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/09/29 11:21:06 | 00,015,672 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2008/09/29 11:21:02 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/09/29 11:20:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/09/29 10:28:41 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/09/28 18:11:37 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/09/28 11:16:29 | 00,184,832 | ---- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/27 14:41:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/26 17:36:49 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/26 14:29:30 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 12:02:05 | 00,001,150 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/26 12:00:50 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/26 11:11:36 | 00,003,384 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/26 09:34:12 | 01,658,678 | ---- | M] () -- C:\SmitfraudFix.exe
[2008/09/24 08:13:30 | 04,248,914 | -H-- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\IconCache.db
[2008/09/23 19:52:13 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/09/23 19:23:49 | 00,038,698 | ---- | M] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 22:25:08 | 00,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/09/12 12:03:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/10 13:31:09 | 00,047,866 | ---- | M] () -- C:\Documents and Settings\J\My Documents\MP31.nr3
< End of report >


OTViewIt Extras.txt:

OTViewIt Extras logfile created on: 29/09/2008 12:10:12 PM - Run J
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.47 Gb Available Physical Memory | 73.30% Memory free
3.85 Gb Paging File | 3.44 Gb Available in Paging File | 89.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 1.06 Gb Free Space | 0.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 7.20 Gb Free Space | 3.09% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 1.89 Gb Total Space | 1.62 Gb Free Space | 85.55% Space Free | Partition Type: FAT

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/08/22 11:45:55 | 00,159,744 | ---- | M] () -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/06/10 01:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008/07/27 21:09:38 | 00,794,624 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=FileViewerUtility 1.0
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}"=MySQL Connector/ODBC 3.51
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}"=Soap 3.0 Toolkit
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}"=UFile 2007
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}"=MSXML4SP2
"{4EF35381-14BA-4163-AF82-4B34A9F0D60D}"=MySQL Server 4.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59152D0E-DDFE-4769-A746-776457091048}"=Outlook 2007 HTML and CSS Validator
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}"=Roxio Media Manager
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8ECBE643-8230-11D5-9D6B-00A024112F81}"=VDMSound 2.0.4
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Viewer 2003 (English)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=PhotoStitch
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7651FB4-AC2E-4020-90E2-B71C8C379F48}"=Macromedia Captivate
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.8
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=RemoteCapture 2.6
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon Camera WIA Driver
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}"=UFile Updater 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D1C04983-CBB6-4F60-9755-89527DF93050}"=Bug Tracker Server 3
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb"=X-Wing & TIE Fighter 95 Compatibility Fix
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}"=Garmin Training Center v4
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}"=DirectX for Managed Code Update (Summer 2004)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"=Alcohol 120% (Trial Version)
"{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}"=Home Theater
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Advanced WMA Workshop_is1"=Advanced WMA Workshop version 2.1
"AIM_6"=AIM 6
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"BulentsScreenRecorder4"=Bulent's Screen Recorder 4
"burnatonce_is1"=burnatonce
"camcodec"=CamStudio Lossless Codec
"CANONBJ_Deinstall_CNMCP69.DLL"=Canon PIXMA iP6000D
"CodInstl"=Intel A/V Codecs V2.0
"CoreAAC Audio Decoder"=CoreAAC Audio Decoder (remove only)
"DreamWorks Interactive: Trespasser"=Trespasser
"ffdshow_is1"=ffdshow [rev 1723] [2007-12-24]
"Game Elements PC Recoil Pad"=Game Elements PC Recoil Pad
"Gymnast_is1"=Gymnast v1.0
"HaaliMkx"=Haali Media Splitter
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=Canon Utilities FileViewerUtility 1.0
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Jagged Alliance 2 Gold"=Jagged Alliance 2 Gold
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.76 Full
"LimeWire"=LimeWire 4.12.6
"LucasArts' TIE Fighter"=LucasArts' TIE Fighter
"LucasArts' X-Wing"=LucasArts' X-Wing
"LucasArts' X-Wing Alliance"=LucasArts' X-Wing Alliance
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Magic ISO Maker v5.5 (build 0261)"=Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft SQL Server 2000"=Microsoft SQL Server 2000
"mIRC"=mIRC
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"Mozilla Thunderbird (2.0.0.17)"=Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Pixie_is1"=Pixie
"PowerISO"=PowerISO
"RealAlt_is1"=Real Alternative 1.48
"ScreenRecorder"=Bulent's Screen Recorder
"Shareaza_is1"=Shareaza 2.3.1.0
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Soulseek"=SoulSeek Client 156c
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"The Longest Journey"=The Longest Journey
"TVersity Codec Pack"=TVersity Codec Pack 1.2
"TVersity Media Server "=TVersity Media Server 1.0.0.3 RC2
"VisDir Free Disk Space Finder_is1"=VisDir Free Disk Space Finder v 1.4
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.00
"w_spf2x"=Super Puzzle Fighter II Turbo
"Wacom Tablet Driver"=Wacom Tablet Driver
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinPcapInst"=WinPcap 3.1
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"XWA Dat Customizer"=XWA Dat Customizer v1.0
"ZoomPlayer"=Zoom Player (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/09/2008 12:01:48 PM | Computer Name = JON | Source = MsiInstaller | ID = 11704
Description = Product: Spy Sweeper Core -- Error 1704.An installation for Webroot
Secure Backup is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 26/09/2008 1:00:13 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application scanner.exe, version 3.8.0.4, faulting module
scanner.exe, version 3.8.0.4, fault address 0x00010f51.

Error - 26/09/2008 4:00:55 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3241, fault address 0x001d7f12.

Error - 26/09/2008 4:01:04 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 26/09/2008 4:02:02 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 4:24:45 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x38306563.

Error - 27/09/2008 1:52:37 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application mssysmgr.exe, version 0.0.0.0, faulting module
uxtheme.dll, version 6.0.2900.2180, fault address 0x000040cf.

Error - 27/09/2008 1:53:05 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 27/09/2008 1:54:57 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application mssysmgr.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/09/2008 10:57:25 AM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu
ssmdrv
Tcpip

Error - 29/09/2008 10:15:57 AM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 29/09/2008 10:37:26 AM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 29/09/2008 10:39:35 AM | Computer Name = JON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 29/09/2008 11:21:12 AM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3


< End of report >



Let me know if there's anything else left to do. Thanks again!

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 30 September 2008 - 07:17 AM

Hello Secrethobospices. Looking much better.

Install Firewall
Please now install a third-party firewall from the following selection of excellent programsThe main reason you would prefer a third-party firewall over the Windows XP Firewall is because Windows Firewall only stops incoming signals from accessing your computer. However, it will not stop programs (possibly ones that could intrude your privacy) from sending outgoing signals to the Internet or to other networks.

After you have installed one of the above firewalls, please disable your Windows Firewall, if you had it enabled.

Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
If you use Firefox browser also...
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser also...
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.



Please post back with:
-the Kaspersky scan results
-a new OTViewIt log

With Regards,
The Panda

#9 secrethobospices

secrethobospices
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 02 October 2008 - 02:42 PM

Hi Panda,

Sorry for the delay! Here's the logs:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Thursday, October 2, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Thursday, October 02, 2008 12:39:10
Records in database: 1283091
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Files scanned: 240250
Threat name: 10
Infected objects: 13
Suspicious objects: 0
Duration of the scan: 05:02:28


File name / Threat name / Threats count
C:\Documents and Settings\J\.housecall\Quarantine\javainstaller.jar-3c936701-26b2907b.zip.bac_a00368 Infected: Trojan-Downloader.Java.OpenStream.w 1
C:\Documents and Settings\J\.housecall\Quarantine\javainstaller.jar-5aa0b436-638de765.zip.bac_a00368 Infected: Trojan-Downloader.Java.OpenStream.w 1
C:\Documents and Settings\J\.housecall\Quarantine\Nail.exe.bac_a00368 Infected: not-a-virus:AdWare.Win32.BetterInternet.b 1
C:\Documents and Settings\J\Application Data\Thunderbird\Profiles\brnnbovs.default\Mail\Local Folders\Inbox.sbd\old.sbd\very old.sbd\2004 Infected: Email-Worm.Win32.Mydoom.a 1
C:\Documents and Settings\J\Application Data\Thunderbird\Profiles\brnnbovs.default\Mail\Local Folders\Inbox.sbd\old.sbd\very old.sbd\2005 Infected: Email-Worm.Win32.Sober.p 1
C:\Documents and Settings\J\Application Data\Thunderbird\Profiles\brnnbovs.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Nyxem.e 2
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.617 1
C:\SDFix\backups\backups.zip Infected: Backdoor.Win32.Agent.rfw 1
C:\SDFix\backups\backups.zip Infected: Trojan-Downloader.Win32.FraudLoad.vbxt 1
C:\SDFix\backups\catchme.zip Infected: Backdoor.Win32.Agent.roc 1
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\SmitfraudFix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

The selected area was scanned.



OTViewIt logfile created on: 02/10/2008 3:26:16 PM - Run 4
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.69% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 6.83 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 17.22 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[2003/10/22 23:44:16 | 00,155,648 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
[2003/10/23 08:09:16 | 00,155,648 | ---- | M] () -- C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
[2003/05/29 16:28:32 | 00,790,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
[2003/05/30 09:42:22 | 00,585,728 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[2004/08/04 03:56:55 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2008/09/10 17:40:06 | 00,289,576 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
[2008/06/12 14:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/07/09 09:05:20 | 00,919,016 | ---- | M] (Zone Labs, LLC) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[2004/05/12 16:04:54 | 00,196,608 | ---- | M] () -- C:\Program Files\Ahead\Ahead\data\Xtras\mssysmgr.exe
[2006/10/18 21:05:26 | 00,204,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\old_Program Files\WinZip\WZQKPICK.EXE
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
[2008/09/21 02:15:40 | 00,811,008 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
[2008/09/27 18:45:11 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/09/27 13:55:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\J\Desktop\Cleaners\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/05/12 12:38:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/06/12 14:46:25 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
[2008/08/07 09:17:00 | 00,149,761 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
[2008/09/10 16:50:26 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2004/08/04 03:56:47 | 00,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cisvc.exe -- (CiSvc [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2008/09/10 17:39:48 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
[2006/11/14 15:50:12 | 00,069,632 | ---- | M] (Macromedia) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped])
[2000/08/06 01:50:20 | 07,442,493 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER [On_Demand | Stopped])
[2000/08/06 01:50:18 | 00,065,602 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
[2008/05/16 14:01:00 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2003/06/20 08:00:00 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2007/04/22 20:29:34 | 00,088,824 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9 [On_Demand | Stopped])
[2007/04/22 20:29:32 | 00,359,160 | ---- | M] (Sonic Solutions) -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9 [Auto | Stopped])
[2007/04/23 11:43:54 | 00,310,008 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9 [Auto | Stopped])
[2007/04/23 11:43:46 | 01,010,424 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
[2007/04/23 11:43:54 | 00,166,648 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
[2005/08/02 17:18:49 | 00,086,016 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
[2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
[2000/08/06 01:50:18 | 00,303,170 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.exe -- (SQLSERVERAGENT [On_Demand | Stopped])
[2002/03/19 11:51:28 | 00,548,864 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
[2004/08/04 03:56:57 | 00,073,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr [Disabled | Stopped])
[2008/09/21 02:15:40 | 00,811,008 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [Auto | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
[2008/07/09 09:05:18 | 00,075,304 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
File not found -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService [Auto | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services ==========

[2003/03/13 18:34:48 | 00,100,224 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
[2007/10/23 19:21:56 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])
[2007/02/27 15:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
[2008/05/20 16:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
[2008/06/27 15:03:55 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb [System | Running])
[2003/07/18 05:17:28 | 00,349,056 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134 [On_Demand | Running])
File not found -- C:\DOCUME~1\J\LOCALS~1\Temp\catchme.sys -- (catchme [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys -- (CCDECODE [On_Demand | Stopped])
[2003/06/03 11:48:12 | 00,147,328 | R--- | M] (3Com Corporation) -- C:\WINDOWS\system32\drivers\EL2K_XP.sys -- (EL2000 [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer [System | Running])
[2003/09/23 10:42:34 | 00,007,296 | R--- | M] (GARMIN Corp.) -- C:\WINDOWS\system32\drivers\grmnusb.sys -- (grmnusb [On_Demand | Stopped])
[2004/08/04 01:59:19 | 00,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm [System | Running])
[2007/07/19 15:10:28 | 00,127,768 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF [System | Running])
[2002/09/20 10:53:34 | 00,235,100 | ---- | M] (Analog Devices Inc) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
[2004/08/04 01:58:38 | 00,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys -- (MSTEE [On_Demand | Stopped])
[2004/08/04 02:10:28 | 00,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys -- (NABTSFEC [On_Demand | Stopped])
[2004/08/04 02:10:12 | 00,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys -- (NdisIP [On_Demand | Stopped])
[2004/08/04 01:59:50 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped])
[2005/08/02 17:10:13 | 00,032,512 | ---- | M] (CACE Technologies) -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
[2008/05/16 14:01:00 | 06,557,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2003/03/31 08:00:00 | 00,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys -- (PCIIde [Boot | Running])
[2001/04/09 09:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\drivers\penclass.sys -- (PenClass [Boot | Running])
[2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/17 22:23:14 | 00,024,608 | R--- | M] (Philips Semiconductors) -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune [On_Demand | Running])
[2004/08/04 01:59:17 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys -- (Processor [System | Stopped])
[2003/03/31 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/03/23 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2006/11/07 19:02:04 | 00,022,272 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
[2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort [On_Demand | Running])
[2003/03/31 08:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM [On_Demand | Running])
[2006/09/06 21:34:58 | 00,347,776 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73 [On_Demand | Running])
[2008/05/29 08:17:46 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
[2008/05/29 08:17:45 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2008/06/13 09:10:50 | 00,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys -- (Sasppsdpor [Disabled | Stopped])
[2006/11/06 04:28:11 | 00,030,988 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
[2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2003/03/31 08:00:00 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sermouse.sys -- (sermouse [On_Demand | Stopped])
[2004/08/04 02:10:16 | 00,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys -- (SLIP [On_Demand | Stopped])
[2003/06/02 13:42:14 | 00,578,304 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
[2008/02/27 03:10:44 | 00,051,176 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
[2008/08/09 14:42:12 | 00,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssfs0bbc.sys -- (ssfs0bbc [Boot | Running])
[2008/08/09 14:42:14 | 00,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\sshrmd.sys -- (sshrmd [Boot | Running])
[2008/08/09 14:42:14 | 00,166,512 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\WINDOWS\system32\drivers\ssidrv.sys -- (ssidrv [Boot | Running])
[2007/03/01 10:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv [System | Running])
[2004/08/04 02:10:12 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys -- (streamip [On_Demand | Stopped])
[2005/06/18 02:48:46 | 00,019,968 | ---- | M] (WikiTek Inc.) -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge [On_Demand | Stopped])
[2004/08/04 02:08:37 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys -- (usbehci [On_Demand | Running])
[2003/05/20 13:20:00 | 00,070,272 | R--- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viaraid.sys -- (viaraid [Boot | Running])
[2008/07/09 09:05:22 | 00,394,952 | ---- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [System | Running])
[2004/08/04 02:10:21 | 00,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys -- (WSTCODEC [On_Demand | Stopped])
[2006/09/28 19:55:50 | 00,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys -- (WudfPf [On_Demand | Stopped])
[2006/09/28 20:00:34 | 00,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys -- (WudfRd [On_Demand | Stopped])
[2008/05/10 06:04:30 | 00,031,264 | ---- | M] (Exent Technologies Ltd.) -- G:\games\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32 [Auto | Running])
[2003/12/21 18:24:22 | 00,140,800 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasbus.sys -- (xmasbus [Boot | Running])
[2003/12/23 03:15:42 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\xmasscsi.sys -- (xmasscsi [Boot | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=www.google.ca/

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" (Apple Inc.)
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
"F5D9050"="C:\Program Files\Belkin\F5D9050\Belkinwcui.exe" (Belkin)
"Home Theater SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" (InterVideo Inc.)
"IHTWINCINEMAMGR"="C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe" ()
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" (Ahead Software Gmbh)
"NvCplDaemon"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NvMediaCenter"="C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"="C:\WINDOWS\system32\nwiz.exe" /install ()
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" (PowerISO Computing, Inc.)
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray (Analog Devices, Inc.)
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" (Analog Devices, Inc.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs, LLC)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE (Microsoft Corporation)
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"PhotoShow Deluxe Media Manager"=C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe ()
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" (SUPERAntiSpyware.com)
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)

========== (O4) Startup Folders ==========

[2005/09/23 22:05:26 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[2006/12/01 16:26:40 | 01,585,152 | ---- | M] (Belkin) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk = C:\Program Files\Belkin\F5D9050\Belkinwcui.exe
[2007/10/02 13:16:42 | 01,283,608 | ---- | M] (Research In Motion Limited) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
[2000/08/06 01:03:20 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
[2001/11/27 08:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\old_Program Files\WinZip\WZQKPICK.EXE

========== (O6 & O7) Internet Explorer Policies ==========
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions] - present
[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Restrictions] - present

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1606980848-884357618-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Sun Java Console -- C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Research -- C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: @xpsp3res.dll,-20001 -- C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Windows Messenger -- C:\Program Files\Messenger\msmsgs.exe File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{3334504D-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB -- Reg Error: Key does not exist or could not be opened.
{33564D57-9980-0010-8000-00AA00389B71}: http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab -- Reg Error: Key does not exist or could not be opened.
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9}: https://media.pineconeresearch.com/ActiveX/...loadcontrol.cab -- InetDownload Class
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1F58A5BE-2A37-4AD5-9190-2EE40E8CC1BC} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{610C37DD-FB32-4238-B3E6-67EAE129F5A3} (Servers: | Description: )
{6C938222-F03E-4160-AC81-91BA5DDF9452} (Servers: | Description: Belkin Wireless G Plus MIMO USB Network Adapter)
{F3FE5E0A-35B1-4C45-9049-8F76330B4831} (Servers: | Description: 1394 Net Adapter)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"={AAA288BA-9A4C-45B0-95D7-94D524869DB5} (HKLM) -- C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2006/04/22 20:31:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/02 15:21:56 | 00,005,464 | ---- | C] () -- C:\Documents and Settings\J\Desktop\Kaspersky.html
[2008/10/02 09:27:46 | 08,388,384 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/02 09:27:46 | 00,000,032 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/02 09:16:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/10/02 09:16:21 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/02 09:16:12 | 00,075,248 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\zllsputility.exe
[2008/10/02 09:16:12 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SpOrder.dll
[2008/10/02 09:16:04 | 00,127,768 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2008/10/02 09:15:59 | 00,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/02 09:15:59 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsregexp.dll
[2008/10/02 09:15:58 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcomm.dll
[2008/10/02 09:15:58 | 00,071,144 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\zlcommdb.dll
[2008/10/02 09:15:54 | 01,086,952 | ---- | C] (Python Software Foundation) -- C:\WINDOWS\System32\zpeng24.dll
[2008/10/02 09:15:54 | 00,099,816 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsxml.dll
[2008/10/02 09:15:54 | 00,046,568 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vswmi.dll
[2008/10/02 09:15:53 | 00,394,952 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdatant.sys
[2008/10/02 09:15:53 | 00,352,918 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/02 09:15:53 | 00,275,944 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vspubapi.dll
[2008/10/02 09:15:53 | 00,103,912 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsmonapi.dll
[2008/10/02 09:15:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2008/10/02 09:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2008/10/02 09:15:03 | 00,472,552 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsutil.dll
[2008/10/02 09:15:03 | 00,157,160 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsinit.dll
[2008/10/02 09:15:03 | 00,083,432 | ---- | C] (Zone Labs, LLC) -- C:\WINDOWS\System32\vsdata.dll
[2008/10/02 09:15:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2008/10/01 16:41:11 | 00,001,963 | ---- | C] () -- C:\Documents and Settings\J\Desktop\TVersity.lnk
[2008/09/29 12:04:13 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2008/09/29 11:25:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2008/09/29 10:16:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2008/09/29 10:12:20 | 00,000,000 | ---D | C] -- C:\SDFix
[2008/09/28 14:32:32 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/09/28 14:32:05 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/09/28 14:32:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/09/28 11:07:55 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2008/09/28 11:07:55 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2008/09/28 11:07:54 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2008/09/28 11:07:51 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2008/09/28 11:07:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2008/09/26 15:35:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\J\Application Data\TrojanHunter
[2008/09/26 15:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/09/26 15:20:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/09/26 15:18:58 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/09/26 14:56:30 | 00,000,000 | ---D | C] -- C:\fixwareout
[2008/09/26 14:29:24 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 14:29:24 | 00,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.0
[2008/09/26 12:00:50 | 00,000,164 | ---- | C] () -- C:\install.dat
[2008/09/26 11:42:01 | 00,000,000 | ---D | C] -- C:\fixvirus
[2008/09/26 10:53:53 | 00,000,000 | ---D | C] -- C:\SmitfraudFix
[2008/09/26 10:53:32 | 01,658,678 | ---- | C] () -- C:\SmitfraudFix.exe
[2008/09/25 09:56:39 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2008/09/25 09:56:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2008/09/25 09:49:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2008/09/23 19:23:49 | 00,038,698 | ---- | C] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 08:41:10 | 00,000,000 | ---D | C] -- C:\wii
[2008/09/12 15:45:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2008/09/05 08:35:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2008/10/02 15:21:56 | 00,005,464 | ---- | M] () -- C:\Documents and Settings\J\Desktop\Kaspersky.html
[2008/10/02 14:55:13 | 08,388,384 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008/10/02 13:58:13 | 00,000,582 | ---- | M] () -- C:\Documents and Settings\J\My Documents\My Sharing Folders.lnk
[2008/10/02 13:27:30 | 00,192,000 | ---- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 09:30:22 | 00,352,918 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2008/10/02 09:29:34 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2008/10/02 09:28:22 | 00,015,672 | ---- | M] () -- C:\WINDOWS\System32\wacom.dat
[2008/10/02 09:28:18 | 00,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2008/10/02 09:28:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/02 09:27:57 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/10/02 09:27:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/10/02 09:27:49 | 00,000,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2008/10/02 09:24:43 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2008/10/01 16:41:11 | 00,001,963 | ---- | M] () -- C:\Documents and Settings\J\Desktop\TVersity.lnk
[2008/09/29 17:31:52 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/29 11:35:44 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/09/29 10:28:41 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2008/09/28 14:32:05 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/09/28 14:32:05 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/09/28 14:32:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/09/27 14:41:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2008/09/26 17:36:49 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2008/09/26 14:29:30 | 00,059,392 | R--- | M] () -- C:\WINDOWS\System32\streamhlp.dll
[2008/09/26 12:02:05 | 00,001,150 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/09/26 12:00:50 | 00,000,164 | ---- | M] () -- C:\install.dat
[2008/09/26 11:11:36 | 00,003,384 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2008/09/26 09:34:12 | 01,658,678 | ---- | M] () -- C:\SmitfraudFix.exe
[2008/09/24 08:13:30 | 04,248,914 | -H-- | M] () -- C:\Documents and Settings\J\Local Settings\Application Data\IconCache.db
[2008/09/23 19:52:13 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/09/23 19:23:49 | 00,038,698 | ---- | M] () -- C:\Documents and Settings\J\My Documents\Leanne - WeezerRadiohead.nr3
[2008/09/21 22:25:08 | 00,001,065 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2008/09/12 12:03:23 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/09/10 13:31:09 | 00,047,866 | ---- | M] () -- C:\Documents and Settings\J\My Documents\MP31.nr3
< End of report >



OTViewIt Extras logfile created on: 02/10/2008 3:26:16 PM - Run J
OTViewIt by OldTimer - Version 1.0.9.1 Folder = C:\Documents and Settings\J\Desktop\Cleaners
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.69% Memory free
3.85 Gb Paging File | 3.28 Gb Available in Paging File | 85.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 6.83 Gb Free Space | 6.11% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 232.88 Gb Total Space | 17.22 Gb Free Space | 7.40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JON
Current User Name: J
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=1
"FirewallDisableNotify"=1
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 03:56:56 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006/08/22 11:45:55 | 00,159,744 | ---- | M] () -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
[2008/06/10 01:21:04 | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/19 12:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007/01/04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
[2008/08/06 11:21:06 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/09/10 17:39:54 | 14,228,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/09/21 02:15:40 | 00,811,008 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
msdaipp: [HKLM - No CLSID value]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}"=SpyHunter
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004
"{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=FileViewerUtility 1.0
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}"=MySQL Connector/ODBC 3.51
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}"=OpenOffice.org Installer 1.0
"{18D10072035C4515918F7E37EAFAACFC}"=AutoUpdate
"{23170F69-40C1-2701-0442-000001000000}"=7-Zip 4.42
"{245F6C7A-0C22-4DE0-8202-2AAA620A1D3A}"=Microsoft XNA Framework Redistributable 2.0
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}"=Soap 3.0 Toolkit
"{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160070}"=Java™ SE Development Kit 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{37D74171-3131-498A-BE5D-7E3DA6AC0DBE}"=UFile 2007
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}"=Google Earth
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}"=Spy Sweeper Core
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}"=iTunes
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}"=MSXML4SP2
"{4EF35381-14BA-4163-AF82-4B34A9F0D60D}"=MySQL Server 4.1
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{59152D0E-DDFE-4769-A746-776457091048}"=Outlook 2007 HTML and CSS Validator
"{66D171AA-670F-4309-9C74-5BA7F7DBA0B3}"=Roxio Media Manager
"{67E158AF-8856-4337-B483-EA21930786AF}"=GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6DA9102E-199F-43A0-A36B-6EF48081A658}"=MobileMe Control Panel
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8ECBE643-8230-11D5-9D6B-00A024112F81}"=VDMSound 2.0.4
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90520409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Visio Viewer 2003 (English)
"{939740B5-0064-4779-854A-8C1086181C05}"=Macromedia FreeHand MXa
"{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"{9922FE96-6803-498D-A6AD-4EB5A3B956A5}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=PhotoStitch
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager
"{A7651FB4-AC2E-4020-90E2-B71C8C379F48}"=Macromedia Captivate
"{AA9768AA-FF0B-4C66-A085-31E934F77841}"=Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70700000002}"=Adobe Reader 7.0.8
"{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=RemoteCapture 2.6
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon Camera WIA Driver
"{BAF0296B-77EA-425B-934E-671B4DBAED6E}"=UFile Updater 2007
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD49361E-3FE6-457E-90A1-9C59E29B5D02}"=Java DB 10.3.1.4
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D1C04983-CBB6-4F60-9755-89527DF93050}"=Bug Tracker Server 3
"{d57cf80f-9230-4a5d-a8ea-38510a12d220}.sdb"=X-Wing & TIE Fighter 95 Compatibility Fix
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}"=Garmin Training Center v4
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}"=Windows Media Encoder 9 Series
"{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004
"{E9E34215-82EF-4909-BE2F-F581F0DC9062}"=DirectX for Managed Code Update (Summer 2004)
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"=Alcohol 120% (Trial Version)
"{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"{F0A37341-D692-11D4-A984-009027EC0A9C}"=SoundMAX
"{F7514465-E5F3-48E9-A952-327DAEF33DE6}"=Home Theater
"AC3Filter"=AC3Filter (remove only)
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"AdobeESD"=Adobe Download Manager 2.0 (Remove Only)
"Advanced WMA Workshop_is1"=Advanced WMA Workshop version 2.1
"AIM_6"=AIM 6
"AntiVir PersonalEdition Classic"=Avira AntiVir Personal - Free Antivirus
"BlackBerry_{98605CAA-5F52-44EC-8AF7-2EC1A4C35F2D}"=BlackBerry Desktop Software 4.2.2
"BulentsScreenRecorder4"=Bulent's Screen Recorder 4
"burnatonce_is1"=burnatonce
"camcodec"=CamStudio Lossless Codec
"CANONBJ_Deinstall_CNMCP69.DLL"=Canon PIXMA iP6000D
"CodInstl"=Intel A/V Codecs V2.0
"CoreAAC Audio Decoder"=CoreAAC Audio Decoder (remove only)
"DreamWorks Interactive: Trespasser"=Trespasser
"ffdshow_is1"=ffdshow [rev 1723] [2007-12-24]
"Game Elements PC Recoil Pad"=Game Elements PC Recoil Pad
"Gymnast_is1"=Gymnast v1.0
"HaaliMkx"=Haali Media Splitter
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{0627E8E9-6822-4A5E-9225-286741CDC3E4}"=Canon Utilities FileViewerUtility 1.0
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}"=Belkin Wireless G Plus MIMO USB Network Adapter
"InstallShield_{A3E0FF15-90D5-40CD-8565-B80A433B0D4C}"=Canon Utilities PhotoStitch 3.1
"InstallShield_{B08894AF-D523-46B1-9B9B-2DA6B29CDD23}"=Canon Utilities RemoteCapture 2.6
"InstallShield_{B8CD1189-53D6-4C51-8082-14B812EABBA8}"=Canon IXY 320, PowerShot S230, IXUS v3 WIA Driver
"InstallShield_{EB371786-9449-4ED8-B47A-032467A58CAD}"=CamStudio
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}"=EA Download Manager
"Jagged Alliance 2 Gold"=Jagged Alliance 2 Gold
"KLiteCodecPack_is1"=K-Lite Codec Pack 2.76 Full
"LimeWire"=LimeWire 4.12.6
"LucasArts' TIE Fighter"=LucasArts' TIE Fighter
"LucasArts' X-Wing"=LucasArts' X-Wing
"LucasArts' X-Wing Alliance"=LucasArts' X-Wing Alliance
"Macromedia Shockwave Player"=Macromedia Shockwave Player
"Magic ISO Maker v5.5 (build 0261)"=Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32"=MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft SQL Server 2000"=Microsoft SQL Server 2000
"mIRC"=mIRC
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"Mozilla Thunderbird (2.0.0.17)"=Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"Nero PhotoShow Express"=Nero PhotoShow Express
"NeroMultiInstaller!UninstallKey"=Nero Suite
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers"=NVIDIA Drivers
"Pixie_is1"=Pixie
"PowerISO"=PowerISO
"RealAlt_is1"=Real Alternative 1.48
"ScreenRecorder"=Bulent's Screen Recorder
"Shareaza_is1"=Shareaza 2.3.1.0
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Soulseek"=SoulSeek Client 156c
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.4
"The Longest Journey"=The Longest Journey
"TVersity Codec Pack"=TVersity Codec Pack 1.2
"TVersity Media Server "=TVersity Media Server 1.0.0.4 RC3
"VisDir Free Disk Space Finder_is1"=VisDir Free Disk Space Finder v 1.4
"Vodei Multimedia Processor"=Vodei Multimedia Processor 2.00
"w_spf2x"=Super Puzzle Fighter II Turbo
"Wacom Tablet Driver"=Wacom Tablet Driver
"WGA"=Windows Genuine Advantage Validation Tool
"Windows Media Encoder 9"=Windows Media Encoder 9 Series
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"Windows XP Service Pack"=Windows XP Service Pack 2
"WinPcapInst"=WinPcap 3.1
"WMCSetup"=Windows Media Connect
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver"=Xbox 360 Controller for Windows
"XWA Dat Customizer"=XWA Dat Customizer v1.0
"ZoneAlarm"=ZoneAlarm
"ZoomPlayer"=Zoom Player (remove only)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/09/2008 4:00:55 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3241, fault address 0x001d7f12.

Error - 26/09/2008 4:01:04 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 26/09/2008 4:02:02 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/09/2008 4:24:45 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module unknown, version 0.0.0.0, fault address 0x38306563.

Error - 27/09/2008 1:52:37 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application mssysmgr.exe, version 0.0.0.0, faulting module
uxtheme.dll, version 6.0.2900.2180, fault address 0x000040cf.

Error - 27/09/2008 1:53:05 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 27/09/2008 1:54:57 PM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application mssysmgr.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 29/09/2008 10:57:25 AM | Computer Name = JON | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 29/09/2008 2:25:16 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module flash9b.ocx, version 9.0.28.0, fault address 0x001877fb.

Error - 29/09/2008 2:38:39 PM | Computer Name = JON | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 29/09/2008 10:15:51 AM | Computer Name = JON | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SCDEmu
ssmdrv
Tcpip

Error - 29/09/2008 10:15:57 AM | Computer Name = JON | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 29/09/2008 10:37:26 AM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 29/09/2008 10:39:35 AM | Computer Name = JON | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.

Error - 29/09/2008 11:21:12 AM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 30/09/2008 10:10:46 PM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3

Error - 02/10/2008 9:28:40 AM | Computer Name = JON | Source = Service Control Manager | ID = 7000
Description = The Webroot Spy Sweeper Engine service failed to start due to the
following error: %%3


< End of report >

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 03 October 2008 - 07:15 AM

Hello Secrethobospices.

Your computer is clean of malware, for the most part. You have some items in quarentine here. Please delete them:
C:\Documents and Settings\J\.housecall\Quarantine

You also have some virus in your Thunderbird email. Please empty those folders if possible. The junk mail folder atleast.

Run Cleanup! with OTViewIt
  • Double click the OTViewIt.exe icon on your desktop to start the program.
  • Click the CleanUp! button.
  • Click Yes when asked to reboot.
Set New System Restore Point
Now you should Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click System Restor.
  • Choose the radio button marked "Create a Restore Point" on the first screen then click Next. Give the R.P. a name then click Create. The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type:
    cleanmgr
  • Click OK.
  • Click the More Options Tab.
  • Click Clean Up in the System Restore section to remove all previous restore points except the newly created one.
Preventing Malware Infection in the Future
Please also have a look at the following links, giving some advice and suggestions for preventing future infections: Visit the Windows Update Site regularly.
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache! Posted Image
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
    Note that it will download them for you, but you still have to actually click install.
    If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates separately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Thank you for choosing Bleeping Computer as you malware removal source. Be sure to tell your friends about us!


Do you have any further questions or concerns?

With Regards,
The Panda

#11 secrethobospices

secrethobospices
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 03 October 2008 - 09:37 AM

Hi Panda,

No more questions or concerns, everything is running great again! Thanks so much for all of your help,

Have a great weekend!

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:17 AM

Posted 03 October 2008 - 10:43 AM

Hello.

Glad to hear things are better. You are very welcome :thumbsup: .

I would like to thank the Team Coach Shaba for supervising our work.

Good weekend to you too.

The Panda

#13 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:17 AM

Posted 03 October 2008 - 10:55 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users