Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspected Malware Infection - Ad Pop-ups Within Ie7 Window


  • This topic is locked This topic is locked
25 replies to this topic

#1 bewley

bewley

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 04 October 2008 - 04:29 PM

Hi there, I use Internet Explorer 7. I've recently started getting small pop-up adverts in the bottom right-corner of the browser window - these only appear when I visit certain sites, not all the time. I have a pop-up blocker but it doesn't work on these, presumably as the ads do not need to open a new window.

The symptoms fitted the descriptions of an infection called Vundo, but I tried using a program called Vundofix but that couldn't find any Vundo infection. So I assume it's something similar.

Also, more recently, I've noticed the IE7 History tab is no longer recording any visited websites - it just comes up blank now. I don't know if this is a connected problem or whether it's something completely separate, but it's a new development so I thought I'd mention it.

I've followed most of your 'do this before posting' guide - including Spybot Search & Destroy, McAfee Avert Stinger, and AVG (free edition) anti-virus and anti-spyware.

The new HijackThis log is pasted below. I'd be grateful if you could have a look.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:11:58, on 04/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\Khost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://login.live.com/login.srf?id=2&vv=450&lc=2057
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -

C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32

\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\WAREZ Monsters\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\Khost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -

https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat.../muweb_site.cab?

1139245816920
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-

scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) -

http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} -

https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24386D77-2348-45CE-A544-879FC7D94024}: NameServer =

194.168.4.100 194.168.8.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program

Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1

\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8

\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT

Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo!

Internet\ModemLock.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program

Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe

(file missing)
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32

\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program

Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation -

C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6547 bytes

BC AdBot (Login to Remove)

 


#2 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 13 October 2008 - 04:49 PM

Hello. I am PropagandaPanda (Panda or PP for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Finally, please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
Download and Run OTViewIt
  • Please download OTViewIt by OldTimer to your desktop.
  • Double click on the OTViewIt.exe icon on your desktop. If you are using Windows Vista, right click the icon and select Run as Administrator.
  • Check the Scan All Users checkbox and leave Use Whitelist checked. Set the File Age to 30 days.
  • Click on the Run Scan button. Two reports that are located in the same location as OTViewIt will open.OTViewIt.txt <-- Will be opened
    Extra.txt <-- Will be minimized
Copy and Paste the logs into your next reply.
Please also tell me of any changes you have made to your computer since your topic was started.

If you do not make a reply in 5 days, we will need to close your topic.

**Please make sure Word Wrap is disabled in your notepad.

With Regards,
The Panda

Important Note to Other Users Reading this Topic: The instructions provided in this topic below this point are for the original topic starter only. Even if you have similar problems or log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic. Feel free to link to any relevant topics as needed.

#3 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 13 October 2008 - 07:02 PM

Hi Panda. In answer to your question, I don;t think I've made any significant changes in terms of un/installing programs or deleting any files which are likely to be problematic (just a few photos and Word files, perhaps).



Okay, first up is the OTViewIt.txt report:

OTViewIt logfile created on: 14/10/2008 00:46:24 - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 337.60 Mb Available Physical Memory | 32.99% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 27.26 Gb Free Space | 52.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== Processes ==========

[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
[2004/01/12 07:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2004/03/04 16:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
[2004/08/21 19:04:48 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/08/19 10:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/29 17:12:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2005/05/31 02:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited) -- C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe
[2006/11/08 18:32:42 | 01,040,832 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2008/07/03 17:43:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/09/03 15:10:44 | 00,136,344 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\Watchdog.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2008/10/02 23:59:08 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe -- (BT Modem Lock [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
File not found -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/04/29 15:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2001/09/27 23:26:40 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
[2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMDAGP.SYS -- (amdagp [Boot | Running])
[2004/08/06 15:32:44 | 00,104,735 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
[2002/04/17 20:27:02 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2005/08/04 00:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/08/28 22:50:10 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 17:43:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2003/09/26 11:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2005/05/31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2005/04/30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BtNetDrv.sys -- (BT [On_Demand | Running])
[2005/05/31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
[2005/04/30 15:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2005/04/30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 17:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B [On_Demand | Stopped])
[2004/06/17 16:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 16:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/11/26 02:09:10 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2001/12/11 19:17:14 | 00,037,087 | ---- | M] (Sony Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2004/03/03 03:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Running])
[2004/01/09 10:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/16 16:52:10 | 00,270,136 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2004/10/19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
[2005/03/25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2004/01/13 03:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Running])
[2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/06/17 16:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004/11/19 15:01:20 | 00,013,184 | R--- | M] (YAMAHA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (267032 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
9213 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{3BFFE033-BF43-11D5-A271-00A024A51325}: https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab -- iNotes6 Class
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1139245816920 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}: http://www.trendmicro.com/spyware-scan/as4web.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}: https://register.btinternet.com/templates/b...bcontrol024.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{099E7AF1-56D0-4C82-BF85-670A68F8145B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{6EE545E9-52D6-4553-BE6F-50B88BB7D6D1} (Servers: | Description: )
{7DECC29D-2E0D-4CA0-9EDE-876F4302F4BF} (Servers: | Description: 1394 Net Adapter)
{9217ECE7-51DA-4341-8AAC-EE3A09542904} (Servers: | Description: Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{C52626EB-BB95-4E39-987B-617B0B54BAF9} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 17:43:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\SYSTEM32\ati2evxx.dll (ATI Technologies Inc.)
Sebring: "DllName" = C:\WINDOWS\system32\LgNotify.dll -- C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/14 00:45:52 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/14 00:13:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\New Folder
[2008/10/08 19:54:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/02 19:08:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:49:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/09/30 18:41:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/29 18:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2008/09/29 18:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2008/09/29 18:50:42 | 08,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Converter 3
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter 3
[2008/09/29 18:36:00 | 21,205,200 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2008/09/22 19:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/22 19:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/22 18:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/22 18:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/14 00:00:00 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\A3AC4AAA91A7C206.job
[2008/10/13 22:25:14 | 28,732,166 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/13 22:23:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/13 22:22:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/13 22:22:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/13 22:22:22 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/13 00:17:34 | 00,098,816 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/12 12:58:55 | 00,000,537 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/10/09 22:20:21 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 19:54:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/06 16:22:40 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/02 19:08:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/10/02 18:04:53 | 00,267,032 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2008/09/30 18:34:31 | 00,072,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/23 23:40:58 | 00,412,018 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/23 23:40:58 | 00,065,964 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/23 23:40:57 | 00,482,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >




-----------------------------------------------------------------------------------


And here is the Extra.txt report:

OTViewIt Extras logfile created on: 14/10/2008 00:46:24 - Run
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 337.60 Mb Available Physical Memory | 32.99% Memory free
2.40 Gb Paging File | 1.84 Gb Available in Paging File | 76.74% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 27.26 Gb Free Space | 52.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: Off
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2006/01/08 17:32:54 | 00,208,941 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/06/06 14:23:08 | 01,183,744 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/08/28 17:28:14 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 17:43:25 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 10:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{1C877DA0-5EFF-11D4-9254-0000F460E7A9}"=OpenMG Jukebox
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2C351DB8-E088-41A2-9BF0-113727FBB697}"=Intel® PROSet
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}"=Smart Start UP
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}"=BT Openworld Dell Signup
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{36235A3F-92C7-4F90-84E7-3697C59AD369}"=Sony ACID 4.0f
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}"=Sony Sound Forge 7.0
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.1
"{68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}"=4oD
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{783033B0-D8E6-11D5-9293-0050BA073EEC}"=Presto! ImageFolio 4.2
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}"=OpenMG Secure Module 3.0.01
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}"=BlueSoleil
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}"=Presto! Mr. Photo 3
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}"=SpeedTouch USB Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}"=Sony Net MD Help
"4oD"=4oD
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"AltoMP3 Gold"=AltoMP3 Gold 5.20
"America Online uk"=AOL UK (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach uk"=AOL Coach Version 1.0(Build:20040201.2 uk)
"Applian FLV Player2.0.24"=Applian FLV Player
"ASAPI Update"=ASAPI Update
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"BTopenworld"=BT Yahoo! Internet Connection Manager 6.0
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Dell Photo Printer 720"=Dell Photo Printer 720
"ExpressBurn"=Express Burn
"ffdshow_is1"=ffdshow [rev 780] [2007-01-15]
"Finale NotePad 2005a"=Finale NotePad 2005a
"Finale SongWriter 2005"=Finale SongWriter 2005
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"Lavasoft VX2 Cleaner"=Lavasoft VX2 Cleaner
"LP Recorder"=LP Recorder
"Messenger Control Plugin for Ad-aware"=Messenger Control Plugin for Ad-aware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MIKSOFT Mobile 3GP converter_is1"=MIKSOFT Mobile 3GP converter
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1"=MSConfig CleanUp 1.2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.0.01-01-12-03-01"=OpenMG Limited Patch 3.0.01-01-12-17-01
"OpenMG HotFix3.0.01-01-12-10-01"=OpenMG Limited Patch 3.0.01-01-12-10-01
"Quartz AudioMaster Freeware"=Quartz AudioMaster Freeware
"QuickTime"=QuickTime
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Replay Converter 3"=Replay Converter 3
"Replay Media Catcher 3.01"=Replay Media Catcher 3.01
"Slice"=Slice Uninstall
"SoundTap"=SoundTap Uninstall
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Steinberg Cubase SX v2.01"=Steinberg Cubase SX v2.01
"Steinberg WaveLab 5.01a"=Steinberg WaveLab 5.01a
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Switch"=Switch
"WavePad"=WavePad Uninstall
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BALM USER BEEP"=CiD Help

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BALM USER BEEP"=CiD Help

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/10/2008 20:08:58 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:09:02 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:09:25 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 03/10/2008 20:09:25 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 03/10/2008 20:10:24 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:10:55 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 874870878.

Error - 09/10/2008 17:30:00 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/10/2008 17:30:02 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 452615105.

Error - 11/10/2008 07:32:27 | Computer Name = MONKEY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module flash9f.ocx, version 9.0.124.0, fault address 0x000c633b.

Error - 11/10/2008 07:32:30 | Computer Name = MONKEY | Source = Application Error | ID = 1001
Description = Fault bucket 882412613.

[ System Events ]
Error - 30/09/2008 13:34:19 | Computer Name = MONKEY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 30/09/2008 13:34:19 | Computer Name = MONKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 30/09/2008 13:40:35 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 30/09/2008 13:40:52 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30/09/2008 13:42:14 | Computer Name = MONKEY | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1553C77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 01/10/2008 12:49:18 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/10/2008 19:00:05 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:14:00 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:37:25 | Computer Name = MONKEY | Source = PSched | ID = 14103
Description = QoS [Adapter {9217ECE7-51DA-4341-8AAC-EE3A09542904}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 13/10/2008 17:22:35 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 14 October 2008 - 07:18 AM

Hello bewley.

I don't see much active malware in your logs, though there difinately was an infection(s) at some point.
---
I see that you have SpyBot installed, but from Warez? Spybot is a free program. If you did not download it from safer-networking.org, uninstall it.

Download and run MalwareBytes Anti-Malware
Let's see what this can find.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

You can refer to this page which has a visual of the instructions above.



Post back with:
-the Malware Bytes log
-a new OTViewIt log

Tell me if you are still receiving those popups at this point.

With Regards,
The Panda

#5 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 14 October 2008 - 03:56 PM

Hi there. Malawarebytes found a Trojan of some sort, but sadly the pop-ups are still there, lurking about and laughing at me. I also mention again that my IE History still isn't working either (although I don't know if that's connected).

My Spybot was originally saved in the folder named Warez as I was introduced to it from another support forum a couple of years ago. I had to save various free scan programs, so I put them all into one folder so I could keep track of them - I named it Warez after one of the techie folks from the forum. However, I have updated Spybot from source since then, and it now has its own separate home elsewhere.

Here is the MBAM report:

Malwarebytes' Anti-Malware 1.28
Database version: 1268
Windows 5.1.2600 Service Pack 2

14/10/2008 19:29:48
mbam-log-2008-10-14 (19-29-48).txt

Scan type: Quick Scan
Objects scanned: 49088
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\WakeNet (Trojan.Adware) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------------------------------------


Here is the new OTViewIt report:

OTViewIt logfile created on: 14/10/2008 21:44:48 - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 488.04 Mb Available Physical Memory | 47.70% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 26.90 Gb Free Space | 51.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
[2004/01/12 07:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2004/03/04 16:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2004/08/21 19:04:48 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2004/08/19 10:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/09/29 17:12:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2005/05/31 02:04:00 | 01,415,824 | ---- | M] (Safer Networking Limited) -- C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2006/11/08 18:32:42 | 01,040,832 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
[2008/07/03 17:43:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/09/03 15:10:44 | 00,136,344 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\Watchdog.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2008/06/23 10:20:52 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe -- (BT Modem Lock [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
File not found -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/04/29 15:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2001/09/27 23:26:40 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
[2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMDAGP.SYS -- (amdagp [Boot | Running])
[2004/08/06 15:32:44 | 00,104,735 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
[2002/04/17 20:27:02 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2005/08/04 00:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/08/28 22:50:10 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 17:43:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2003/09/26 11:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2005/05/31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2005/04/30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BtNetDrv.sys -- (BT [On_Demand | Running])
[2005/05/31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
[2005/04/30 15:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2005/04/30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 17:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B [On_Demand | Stopped])
[2004/06/17 16:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 16:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/11/26 02:09:10 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2001/12/11 19:17:14 | 00,037,087 | ---- | M] (Sony Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2004/03/03 03:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Running])
[2004/01/09 10:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/16 16:52:10 | 00,270,136 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2004/10/19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
[2005/03/25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2004/01/13 03:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Running])
[2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/06/17 16:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004/11/19 15:01:20 | 00,013,184 | R--- | M] (YAMAHA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.dell.co.uk/myway

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (267032 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
9213 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k File not found
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)
"SpybotSD TeaTimer"=C:\WAREZ Monsters\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableRegistryTools"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/05/15 15:42:26 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{3BFFE033-BF43-11D5-A271-00A024A51325}: https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab -- iNotes6 Class
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1139245816920 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}: http://www.trendmicro.com/spyware-scan/as4web.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}: https://register.btinternet.com/templates/b...bcontrol024.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{099E7AF1-56D0-4C82-BF85-670A68F8145B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{6EE545E9-52D6-4553-BE6F-50B88BB7D6D1} (Servers: | Description: )
{7DECC29D-2E0D-4CA0-9EDE-876F4302F4BF} (Servers: | Description: 1394 Net Adapter)
{9217ECE7-51DA-4341-8AAC-EE3A09542904} (Servers: | Description: Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{C52626EB-BB95-4E39-987B-617B0B54BAF9} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 17:43:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\SYSTEM32\ati2evxx.dll (ATI Technologies Inc.)
Sebring: "DllName" = C:\WINDOWS\system32\LgNotify.dll -- C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/14 18:31:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Malwarebytes
[2008/10/14 18:31:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:31:37 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/14 18:31:37 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/14 18:30:28 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 00:45:52 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/14 00:13:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\New Folder
[2008/10/08 19:54:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/02 19:08:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:49:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/09/30 18:41:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/29 18:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2008/09/29 18:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2008/09/29 18:50:42 | 08,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Converter 3
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter 3
[2008/09/29 18:36:00 | 21,205,200 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2008/09/22 19:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/22 19:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/22 18:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/22 18:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/10/14 21:38:39 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/14 21:00:00 | 00,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\A3AC4AAA91A7C206.job
[2008/10/14 20:54:07 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/14 20:53:09 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/14 20:52:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/14 20:52:51 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/14 18:31:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:30:32 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 18:26:49 | 28,751,634 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/12 12:58:55 | 00,000,537 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/10/09 22:20:21 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 19:54:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/06 16:22:40 | 00,068,419 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/02 19:08:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/10/02 18:04:53 | 00,267,032 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2008/09/30 18:34:31 | 00,072,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/23 23:40:58 | 00,412,018 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/23 23:40:58 | 00,065,964 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/23 23:40:57 | 00,482,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >





----------------------------------------------------------------


And here is the new OTViewIt Extras report:


OTViewIt Extras logfile created on: 14/10/2008 21:44:48 - Run 2
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 488.04 Mb Available Physical Memory | 47.70% Memory free
2.40 Gb Paging File | 1.99 Gb Available in Paging File | 82.70% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 26.90 Gb Free Space | 51.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
File not found -- C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
[2006/01/08 17:32:54 | 00,208,941 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/06/06 14:23:08 | 01,183,744 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/08/28 17:28:14 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
File not found -- C:\WINDOWS\SYSTEM32\DRIVERS\svchost.exe:*:Disabled:svchost

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 17:43:25 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 10:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{1C877DA0-5EFF-11D4-9254-0000F460E7A9}"=OpenMG Jukebox
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2C351DB8-E088-41A2-9BF0-113727FBB697}"=Intel® PROSet
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}"=Smart Start UP
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}"=BT Openworld Dell Signup
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{36235A3F-92C7-4F90-84E7-3697C59AD369}"=Sony ACID 4.0f
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}"=Sony Sound Forge 7.0
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.1
"{68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}"=4oD
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{783033B0-D8E6-11D5-9293-0050BA073EEC}"=Presto! ImageFolio 4.2
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}"=OpenMG Secure Module 3.0.01
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}"=BlueSoleil
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}"=Presto! Mr. Photo 3
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}"=SpeedTouch USB Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}"=Sony Net MD Help
"4oD"=4oD
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"AltoMP3 Gold"=AltoMP3 Gold 5.20
"America Online uk"=AOL UK (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach uk"=AOL Coach Version 1.0(Build:20040201.2 uk)
"Applian FLV Player2.0.24"=Applian FLV Player
"ASAPI Update"=ASAPI Update
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"BTopenworld"=BT Yahoo! Internet Connection Manager 6.0
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Dell Photo Printer 720"=Dell Photo Printer 720
"ExpressBurn"=Express Burn
"ffdshow_is1"=ffdshow [rev 780] [2007-01-15]
"Finale NotePad 2005a"=Finale NotePad 2005a
"Finale SongWriter 2005"=Finale SongWriter 2005
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"Lavasoft VX2 Cleaner"=Lavasoft VX2 Cleaner
"LP Recorder"=LP Recorder
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Control Plugin for Ad-aware"=Messenger Control Plugin for Ad-aware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MIKSOFT Mobile 3GP converter_is1"=MIKSOFT Mobile 3GP converter
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1"=MSConfig CleanUp 1.2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.0.01-01-12-03-01"=OpenMG Limited Patch 3.0.01-01-12-17-01
"OpenMG HotFix3.0.01-01-12-10-01"=OpenMG Limited Patch 3.0.01-01-12-10-01
"Quartz AudioMaster Freeware"=Quartz AudioMaster Freeware
"QuickTime"=QuickTime
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Replay Converter 3"=Replay Converter 3
"Replay Media Catcher 3.01"=Replay Media Catcher 3.01
"Slice"=Slice Uninstall
"SoundTap"=SoundTap Uninstall
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Steinberg Cubase SX v2.01"=Steinberg Cubase SX v2.01
"Steinberg WaveLab 5.01a"=Steinberg WaveLab 5.01a
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Switch"=Switch
"WavePad"=WavePad Uninstall
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BALM USER BEEP"=CiD Help

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BALM USER BEEP"=CiD Help

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03/10/2008 20:08:58 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:09:02 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16705, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:09:25 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 03/10/2008 20:09:25 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 854786114.

Error - 03/10/2008 20:10:24 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application WINWORD.EXE, version 11.0.8227.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 03/10/2008 20:10:55 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 874870878.

Error - 09/10/2008 17:30:00 | Computer Name = MONKEY | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.3156, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 09/10/2008 17:30:02 | Computer Name = MONKEY | Source = Application Hang | ID = 1001
Description = Fault bucket 452615105.

Error - 11/10/2008 07:32:27 | Computer Name = MONKEY | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16705, faulting
module flash9f.ocx, version 9.0.124.0, fault address 0x000c633b.

Error - 11/10/2008 07:32:30 | Computer Name = MONKEY | Source = Application Error | ID = 1001
Description = Fault bucket 882412613.

[ System Events ]
Error - 30/09/2008 13:34:19 | Computer Name = MONKEY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 30/09/2008 13:34:19 | Computer Name = MONKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 30/09/2008 13:40:35 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 30/09/2008 13:40:52 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30/09/2008 13:42:14 | Computer Name = MONKEY | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1553C77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 01/10/2008 12:49:18 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/10/2008 19:00:05 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:14:00 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:37:25 | Computer Name = MONKEY | Source = PSched | ID = 14103
Description = QoS [Adapter {9217ECE7-51DA-4341-8AAC-EE3A09542904}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 13/10/2008 17:22:35 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 14 October 2008 - 04:09 PM

Hello bewley.

Let's dig a bit deeper.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run.

To disable AVG:
  • Please navigate to the system tray on the bottom right hand corner and look for this Posted Image sign.
  • Right click it-> select Quit Control Center.
  • A warning will pop up, click Yes
    To disable Ad-Aware:
    • Right click on the Ad-Watch icon in the system tray.
    • At the bottom of the screen there will be two checkable items called "Active" and "Automatic".
    • Active: This will turn Ad-Watch On\Off without closing it.
    • Automatic: Suspicious activity will be blocked automatically.
  • Uncheck both of those boxes.
  • (When done, you can re-enable it using the same steps but this time check both boxes.)
To disable SpyBot's TeaTimer:
  • Run Spybot-S&D in Advanced Mode. If it is not already set to do this Go to the Mode menu select Advanced Mode.
  • On the left hand side, Click on Tools.
  • Click on the Resident icon in the list.
  • Uncheck Resident TeaTimer and OK any prompts.
  • Download ResetTeaTimer.bat and run it to remove entries set by TeaTimer. The file should take only a second to finish. Delete this file after use.
Restart your computer for the changes to take affect.

Install Recovery Console and Run ComboFix
Download Combofix from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3

Go to Microsoft's website => http://support.microsoft.com/kb/310994

Select the download that's appropriate for your Operating System.

Posted Image
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Download the file and save it as it's originally named onto your desktop.
  • Close any open windows, including this one.
  • Drag the setup package onto ComboFix.exe and drop it.


    Posted Image
  • Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console.
  • At the next prompt, click Yes to run the full ComboFix scan.

    Posted Image
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Download and Run Scan with GMER
We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close all other running programs. There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>.
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • Click OK.
  • You will be prompted to restart your computer. Please do so.
After the reboot, run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in Safe Mode
Important!:Please do not select the Show all checkbox during the scan..

Be sure to re-enable your protection.


Please post back with:
-the ComboFix log
-the GMER log
-a new HijackThis log

Also tell me if those popups are still around. Can you describe what you see in those popups? Ads for antispyware programs?

With Regards,
The Panda

Edited by PropagandaPanda, 14 October 2008 - 04:10 PM.


#7 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 15 October 2008 - 12:16 PM

Hi there, I cannot follow your instructions to disable AVG 8. When I right-click the AVG icon, there is no option to "Quit Control Center" . There are only three options:
1. Open AVG User InterFace;
2. Update now;
3. Exit.

When I open AVG, there is simply no option anywhere to disable it. It doesn't seem designed to be turned off!

Please advise if I can continue without disabling AVG, or whether I should be doing something else.

Also, for your information, the screenshot you provide of webpage http://support.microsoft.com/kb/310994 is inaccurate. I figured out what to do, but others may get confused. ;-)


Cheers,
Bewley

#8 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 15 October 2008 - 02:20 PM

Hello Bewley.

In that case, proceed without disabling AVG, but make sure SpyBot's Teatimer is disabled.

Also, for your information, the screenshot you provide of webpage http://support.microsoft.com/kb/310994 is inaccurate. I figured out what to do, but others may get confused.

Thanks for informing me. However, I don't see where the inaccuracy is.

With Regards,
The Panda

#9 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 15 October 2008 - 04:15 PM

Hi there. The pop-ups are still popping up here and there, as they do. They slide up in the bottom right-hand corner of the IE window occasionally. The ads look a bit like a Messenger service of some sort (I don't use MSN Messenger, but imagine it may look similar) - they say "You have 1 new message" with a picture of a lady, and say "click here to reply" at the bottom, but it looks like they actually link to dating websites and suchlike. I don't click on pop-ups, but running the mouse over the ad brings up addresses like "www.fling.com" or "beta.adyea.com" which I assume are dating sites.



Here is the Combofix report:


ComboFix 08-10-15.01 - Tim 2008-10-15 21:03:59.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.602 [GMT 1:00]
Running from: C:\Documents and Settings\Tim\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.

2008-10-15 18:19 . 2008-10-15 18:19 250 --a------ C:\WINDOWS\gmer.ini
2008-10-14 18:31 . 2008-10-14 18:32 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-14 18:31 . 2008-10-14 18:31 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\Malwarebytes
2008-10-14 18:31 . 2008-10-14 18:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-14 18:31 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys
2008-10-14 18:31 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mbam.sys
2008-10-08 19:54 . 2008-10-08 19:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-08 19:54 . 2008-10-08 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-30 18:49 . 2008-09-30 18:49 <DIR> d-------- C:\VundoFix Backups
2008-09-29 18:52 . 2008-09-29 18:52 <DIR> d-------- C:\WINDOWS\Replay Media Catcher
2008-09-29 18:52 . 2008-09-29 18:52 <DIR> d-------- C:\Program Files\Replay Media Catcher
2008-09-29 18:50 . 2008-09-29 18:52 8,320,728 --a------ C:\Program Files\FLV PlayerRCATSetup.exe
2008-09-29 18:46 . 2008-09-29 18:46 <DIR> d-------- C:\WINDOWS\Replay Converter 3
2008-09-29 18:46 . 2008-09-29 18:46 <DIR> d-------- C:\Program Files\Replay Converter 3
2008-09-29 18:36 . 2008-09-29 18:46 21,205,200 --a------ C:\Program Files\FLV PlayerRCSetup.exe
2008-09-29 18:35 . 2008-09-29 18:35 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-09-29 18:35 . 2008-09-29 18:35 <DIR> d-------- C:\Program Files\FLV Player
2008-09-22 19:07 . 2008-09-22 19:07 <DIR> d-------- C:\Documents and Settings\Tim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-09-22 19:06 . 2008-09-22 19:06 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-09-22 18:48 . 2008-09-22 18:48 <DIR> d-------- C:\Program Files\NOS
2008-09-22 18:48 . 2008-09-22 18:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 20:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-10-15 19:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-02 18:08 --------- d-----w C:\Program Files\Trend Micro
2008-10-02 17:20 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-23 16:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-28 21:50 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\cdm.dll
2008-07-18 21:10 94,920 ----a-w C:\WINDOWS\SYSTEM32\cdm.dll
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\wuauclt.exe
2008-07-18 21:10 53,448 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuauclt.exe
2008-07-18 21:10 45,768 ----a-w C:\WINDOWS\SYSTEM32\wups2.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\wups.dll
2008-07-18 21:10 36,552 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wups.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\wuapi.dll
2008-07-18 21:09 563,912 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuapi.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\wucltui.dll
2008-07-18 21:09 325,832 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wucltui.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\wuweb.dll
2008-07-18 21:09 205,000 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuweb.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\wuaueng.dll
2008-07-18 21:09 1,811,656 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\wuaueng.dll
2008-07-18 21:07 270,880 ----a-w C:\WINDOWS\SYSTEM32\mucltui.dll
2008-07-18 21:07 210,976 ----a-w C:\WINDOWS\SYSTEM32\muweb.dll
2000-03-30 19:02 500,544 ----a-w C:\Program Files\QuickTime 4.exe
2000-03-30 19:01 8,278,184 ----a-w C:\Program Files\QuickTimeInstallCache.qdat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"kdx"="C:\Program Files\Kontiki\Khost.exe" [2006-11-08 1040832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-08-21 155648]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-29 1234712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 07:55 110592 C:\WINDOWS\SYSTEM32\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-28 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-28 231704]
S3 getPlus® Helper;getPlus® Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-10-15 C:\WINDOWS\Tasks\A3AC4AAA91A7C206.job
- c:\docume~1\tim\applic~1\drvsur~1\fork ford anti.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tim\Application Data\Mozilla\Firefox\Profiles\bxhzuu5g.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://login.live.com/login.srf?id=2&vv=450&lc=2057
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 21:05:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-15 21:07:40
ComboFix-quarantined-files.txt 2008-10-15 20:07:15

Pre-Run: 29,029,789,696 bytes free
Post-Run: 29,799,964,672 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

131 --- E O F --- 2008-10-01 17:31:34



---------------------------------------------

Here is the GMER report


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-10-15 21:28:32
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.14 ----

Device \FileSystem\Fastfat \Fat B71DFC8A

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- EOF - GMER 1.0.14 ----




---------------------------


And here is the HijackThis report


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:16, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\Khost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&vv=450&lc=2057
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\Khost.exe -all
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139245816920
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24386D77-2348-45CE-A544-879FC7D94024}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6820 bytes

#10 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 15 October 2008 - 05:29 PM

Hello bewley.

Looks like that infection was actually active.

Download and Run Lop S&D
This tool will first take a log. After I check to make sure no legitimate items are being targeted, we will run the fix.
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Please download Lop S&D by Eric_71 to your desktop, if you have not already or you lost your copy.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Type 1, to select option 1, Search.
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.
With Regards,
The Panda

#11 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 15 October 2008 - 07:32 PM

Hmm, when you say "Looks like that infection was actually active", does that mean you've spotted something, or does it just mean the bug is hijacking me successfully?! It all remains a mystery to me... :thumbsup:



Here is the LopSD report:



--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A00
USER : Tim ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 52 Go Free : 27 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 16/10/2008| 1:23 )

--------------------\\ Listing folders in APPLIC~1

[23/09/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/02/2005|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/04/2007|00:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/05/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[05/03/2007|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BARB GRAM PROXY LOAD
[16/01/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[26/11/2004|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/03/2007|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Documents
[26/05/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[16/10/2008|01:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[28/06/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/10/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/03/2005|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[28/06/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/12/2005|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Newsoft
[22/09/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[09/04/2005|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[28/12/2004|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[26/11/2004|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/01/2005|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[15/10/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[09/05/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[06/02/2006|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/11/2004|01:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26/11/2004|02:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[26/11/2004|01:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/11/2004|02:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[26/11/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[26/11/2004|02:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[27/01/2007|17:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[10/12/2004|22:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[30/11/2004|18:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
[26/11/2004|01:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[26/11/2004|01:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/04/2006|19:00] C:\DOCUME~1\Owner\APPLIC~1\You've Got Pictures Screensaver

[22/09/2008|19:07] C:\DOCUME~1\Tim\APPLIC~1\Adobe
[07/05/2008|23:49] C:\DOCUME~1\Tim\APPLIC~1\AdobeUM
[31/03/2007|16:14] C:\DOCUME~1\Tim\APPLIC~1\Apple Computer
[22/09/2008|19:07] C:\DOCUME~1\Tim\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[25/12/2004|23:54] C:\DOCUME~1\Tim\APPLIC~1\CyberLink
[26/12/2004|19:39] C:\DOCUME~1\Tim\APPLIC~1\Help
[26/11/2004|01:43] C:\DOCUME~1\Tim\APPLIC~1\Identities
[26/11/2004|02:14] C:\DOCUME~1\Tim\APPLIC~1\Jasc Software Inc
[28/06/2008|20:10] C:\DOCUME~1\Tim\APPLIC~1\Lavasoft
[02/01/2005|19:36] C:\DOCUME~1\Tim\APPLIC~1\Leadertech
[30/11/2004|19:40] C:\DOCUME~1\Tim\APPLIC~1\Macromedia
[14/10/2008|18:31] C:\DOCUME~1\Tim\APPLIC~1\Malwarebytes
[30/11/2004|17:15] C:\DOCUME~1\Tim\APPLIC~1\McAfee.com Personal Firewall
[08/11/2006|22:27] C:\DOCUME~1\Tim\APPLIC~1\Microsoft
[03/07/2008|00:00] C:\DOCUME~1\Tim\APPLIC~1\Mozilla
[28/06/2007|21:11] C:\DOCUME~1\Tim\APPLIC~1\NCH Swift Sound
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\NetMedia Providers
[14/08/2008|23:21] C:\DOCUME~1\Tim\APPLIC~1\NewSoft
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\Publish Providers
[14/02/2005|20:52] C:\DOCUME~1\Tim\APPLIC~1\Real
[26/11/2004|02:18] C:\DOCUME~1\Tim\APPLIC~1\Sonic
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\Sonic Foundry
[09/04/2005|21:09] C:\DOCUME~1\Tim\APPLIC~1\Sony
[02/01/2005|15:29] C:\DOCUME~1\Tim\APPLIC~1\Sony Corporation
[10/03/2005|21:01] C:\DOCUME~1\Tim\APPLIC~1\Steinberg
[26/11/2004|02:08] C:\DOCUME~1\Tim\APPLIC~1\Sun
[30/11/2004|19:05] C:\DOCUME~1\Tim\APPLIC~1\Template
[30/01/2008|12:03] C:\DOCUME~1\Tim\APPLIC~1\WinRAR
[26/11/2004|02:17] C:\DOCUME~1\Tim\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[16/10/2008 01:00][--ah-----] C:\WINDOWS\tasks\A3AC4AAA91A7C206.job
[15/10/2008 21:31][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 06:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

( A3AC4AAA91A7C206.job )=( c:\docume~1\tim\applic~1\drvsur~1\forkfordanti.exe )

--------------------\\ Listing Folders in C:\Program Files

[14/02/2005|21:00] C:\Program Files\_ArcadeDownloadFolder
[23/09/2008|17:53] C:\Program Files\Adobe
[09/05/2008|22:06] C:\Program Files\AltoMP3 Gold
[14/02/2005|20:49] C:\Program Files\aod
[05/02/2005|18:07] C:\Program Files\AOL 9.0
[26/11/2004|02:17] C:\Program Files\AOL Companion
[10/01/2007|22:06] C:\Program Files\Apoint
[11/03/2008|15:22] C:\Program Files\ATI Technologies
[26/05/2008|22:26] C:\Program Files\AVG
[26/11/2004|02:10] C:\Program Files\Broadcom
[03/09/2005|15:10] C:\Program Files\BT Yahoo! Internet
[26/11/2004|02:13] C:\Program Files\BTOW
[08/03/2007|00:11] C:\Program Files\Channel4
[15/10/2008|21:05] C:\Program Files\Common Files
[26/11/2004|01:43] C:\Program Files\ComPlus Applications
[26/11/2004|01:57] C:\Program Files\CONEXANT
[26/11/2004|02:12] C:\Program Files\CyberLink
[26/11/2004|02:11] C:\Program Files\Dell
[26/11/2004|02:14] C:\Program Files\Dell Computer
[26/11/2004|02:09] C:\Program Files\Digital Line Detect
[09/04/2005|21:29] C:\Program Files\DigitalSoundPlanet
[27/12/2006|19:36] C:\Program Files\drv surf
[16/01/2007|20:47] C:\Program Files\ffdshow
[18/03/2005|21:01] C:\Program Files\Finale NotePad 2005a
[11/11/2007|16:47] C:\Program Files\Finale SongWriter 2005
[29/09/2008|18:35] C:\Program Files\FLV Player
[14/02/2005|21:04] C:\Program Files\Google
[26/05/2008|22:27] C:\Program Files\Grisoft
[11/03/2008|15:22] C:\Program Files\InstallShield Installation Information
[26/11/2004|02:08] C:\Program Files\Intel
[14/08/2008|19:27] C:\Program Files\Internet Explorer
[16/01/2007|18:38] C:\Program Files\IVT Corporation
[26/11/2004|02:14] C:\Program Files\Jasc Software Inc
[17/07/2008|16:24] C:\Program Files\Java
[08/03/2007|00:11] C:\Program Files\Kontiki
[28/06/2008|20:09] C:\Program Files\Lavasoft
[26/11/2004|02:17] C:\Program Files\Learn2.com
[02/05/2005|18:58] C:\Program Files\LP Recorder
[14/10/2008|18:32] C:\Program Files\Malwarebytes' Anti-Malware
[11/03/2005|14:07] C:\Program Files\McAfee.com
[14/08/2008|19:31] C:\Program Files\Messenger
[31/12/2004|18:35] C:\Program Files\Microsoft ActiveSync
[26/11/2004|01:43] C:\Program Files\microsoft frontpage
[31/12/2004|18:35] C:\Program Files\Microsoft Office
[26/11/2004|02:12] C:\Program Files\Microsoft Works
[31/12/2004|18:35] C:\Program Files\Microsoft.NET
[16/01/2007|21:01] C:\Program Files\MIKSOFT
[26/11/2004|02:09] C:\Program Files\Modem Helper
[26/11/2004|01:43] C:\Program Files\Movie Maker
[15/10/2008|22:39] C:\Program Files\Mozilla Firefox
[02/01/2007|23:43] C:\Program Files\MSConfig CleanUp
[26/11/2004|01:43] C:\Program Files\MSN
[26/11/2004|01:43] C:\Program Files\MSN Gaming Zone
[15/10/2006|21:01] C:\Program Files\MSXML 4.0
[28/06/2007|21:11] C:\Program Files\NCH Swift Sound
[26/11/2004|01:43] C:\Program Files\NetMeeting
[26/11/2004|02:09] C:\Program Files\NetWaiting
[27/12/2005|20:01] C:\Program Files\NewSoft
[15/10/2006|21:51] C:\Program Files\Nokia
[22/09/2008|18:48] C:\Program Files\NOS
[02/01/2005|00:03] C:\Program Files\OfficeUpdate11
[02/05/2005|18:57] C:\Program Files\Online Services
[13/06/2007|10:21] C:\Program Files\Outlook Express
[27/09/2007|22:54] C:\Program Files\QuickTime
[14/02/2005|21:04] C:\Program Files\Real
[29/09/2008|18:46] C:\Program Files\Replay Converter 3
[29/09/2008|18:52] C:\Program Files\Replay Media Catcher
[26/11/2004|01:57] C:\Program Files\Sigmatel
[26/11/2004|02:11] C:\Program Files\Sonic
[09/04/2005|21:14] C:\Program Files\Sonic Foundry
[09/04/2005|21:13] C:\Program Files\Sonic Foundry Setup
[09/04/2005|21:09] C:\Program Files\Sony
[09/04/2005|21:07] C:\Program Files\Sony Setup
[02/10/2008|18:20] C:\Program Files\Spybot - Search & Destroy
[09/04/2005|21:20] C:\Program Files\Steinberg
[26/11/2004|02:08] C:\Program Files\Tiscali
[02/10/2008|19:08] C:\Program Files\Trend Micro
[26/11/2004|01:43] C:\Program Files\Uninstall Information
[03/01/2006|21:11] C:\Program Files\Virgin Net Broadband
[02/05/2005|18:59] C:\Program Files\VOB
[27/12/2006|00:15] C:\Program Files\Windows Media Connect 2
[16/01/2007|21:01] C:\Program Files\Windows Media Player
[26/11/2004|01:43] C:\Program Files\Windows NT
[26/11/2004|01:43] C:\Program Files\WindowsUpdate
[30/01/2008|12:03] C:\Program Files\WinRAR
[26/11/2004|01:43] C:\Program Files\XEROX
[26/11/2004|02:17] C:\Program Files\Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[23/09/2008|17:53] C:\Program Files\Common Files\Adobe
[22/09/2008|19:06] C:\Program Files\Common Files\Adobe AIR
[26/11/2004|02:17] C:\Program Files\Common Files\AOL
[26/11/2004|02:17] C:\Program Files\Common Files\aolshare
[31/12/2004|18:35] C:\Program Files\Common Files\DESIGNER
[26/11/2004|02:10] C:\Program Files\Common Files\InstallShield
[26/11/2004|02:08] C:\Program Files\Common Files\Java
[03/08/2008|00:28] C:\Program Files\Common Files\Microsoft Shared
[26/11/2004|01:43] C:\Program Files\Common Files\MSSoap
[27/12/2005|20:00] C:\Program Files\Common Files\NewSoft
[26/11/2004|02:16] C:\Program Files\Common Files\Nullsoft
[26/11/2004|01:43] C:\Program Files\Common Files\ODBC
[08/01/2006|17:33] C:\Program Files\Common Files\Real
[26/11/2004|01:43] C:\Program Files\Common Files\Services
[26/11/2004|02:10] C:\Program Files\Common Files\Sonic Shared
[02/01/2005|15:24] C:\Program Files\Common Files\Sony Shared
[26/11/2004|01:43] C:\Program Files\Common Files\SpeechEngines
[13/06/2007|10:21] C:\Program Files\Common Files\System
[28/06/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard
[08/01/2006|17:33] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\Program Files\drvsur~1
C:\DOCUME~1\Tim\Cookies\tim@adverts.digitalspy.co[2].txt
C:\DOCUME~1\Tim\Cookies\tim@advertstream[1].txt
C:\DOCUME~1\Tim\Cookies\tim@imagevenue.advertserve[2].txt
C:\DOCUME~1\Tim\Cookies\tim@monstersandcritics.advertserve[1].txt
C:\DOCUME~1\Tim\Cookies\tim@adultfriendfinder[2].txt
C:\DOCUME~1\Tim\Cookies\tim@advertising[1].txt
C:\DOCUME~1\Tim\Cookies\tim@ero-advertising[2].txt
C:\DOCUME~1\Tim\Cookies\tim@adopt.euroclick[2].txt
C:\DOCUME~1\Tim\Cookies\tim@partygaming.122.2o7[1].txt
C:\DOCUME~1\Tim\Cookies\tim@partypoker[1].txt
C:\WINDOWS\Tasks\A3AC4AAA91A7C206.job

--------------------\\ Searching within the Registry

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BALM USER BEEP]
"DisplayName"="CiD Help"
"UninstallString"="C:\\DOCUME~1\\Tim\\APPLIC~1\\DRVSUR~1\\Gram vga.exe -uninstall"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

--------------------\\ Checking the Hosts file

Hosts file MODIFIED

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

-> 9236 [ 70 ## added by CiD ]

--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 01:24:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:4][D:3]-> C:\DOCUME~1\Tim\LOCALS~1\Temp
[F:2869][D:0]-> C:\DOCUME~1\Tim\Cookies
[F:324][D:8]-> C:\DOCUME~1\Tim\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/10/2008| 1:25 - Option : [1]

--------------------\\ Scan completed at 1:25:59

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 15 October 2008 - 07:53 PM

Hello.

Spotted something, maybe. I don't see what is making it "work" though. :thumbsup: . Sorry about being a bit unclear.

Run Lop S&D
  • Disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Double click LopSD.exe to run it. If you are using Windows Vista, right-click on LopSD.exe icon and select Run as administrator.
  • Choose the language by typing of the corresponding letter and pressing Enter.
  • Click OK at the prompt.
  • At this point, close all windows.
  • Option 2 : Delete with Hosts File Restore, by typing 2, and hiting Enter.
  • When the scan is finished, a report (C:\lopR.txt) will be generated, post the contents of it in your next reply.
Please also include a new OTViewIt and HijackThis log.

Are those popups gone now?

With Regards,
The Panda

Edited by PropagandaPanda, 15 October 2008 - 07:54 PM.


#13 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 16 October 2008 - 12:46 PM

Yep, pop-ups till there.


Here is the new LopS&D report



--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel® Pentium® M processor 1.70GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A00
USER : Tim ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Not Activated)
C:\ (Local Disk) - NTFS - Total : 52 Go Free : 27 Go
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [2] ( 16/10/2008|18:28 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Tim\Cookies\tim@adverts.digitalspy.co[2].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@advertstream[1].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@imagevenue.advertserve[2].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@monstersandcritics.advertserve[1].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@adultfriendfinder[2].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@advertising[1].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@ero-advertising[2].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@adopt.euroclick[2].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@partygaming.122.2o7[1].txt
Deleted! - C:\DOCUME~1\Tim\Cookies\tim@partypoker[1].txt
Deleted! - C:\WINDOWS\Tasks\A3AC4AAA91A7C206.job
Deleted! - C:\Program Files\drvsur~1
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in APPLIC~1

[23/09/2008|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[05/02/2005|18:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[01/04/2007|00:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[26/05/2008|22:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
[05/03/2007|19:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BARB GRAM PROXY LOAD
[16/01/2007|18:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
[26/11/2004|02:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[26/03/2007|12:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Documents
[26/05/2008|22:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[16/10/2008|18:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kontiki
[28/06/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/10/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[11/03/2005|14:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee.com
[28/06/2008|20:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[27/12/2005|19:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Newsoft
[22/09/2008|18:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[09/04/2005|21:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
[28/12/2004|21:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[26/11/2004|01:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[02/01/2005|15:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[15/10/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[09/05/2008|22:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[06/02/2006|18:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage

[26/11/2004|01:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[26/11/2004|02:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Jasc Software Inc
[26/11/2004|01:43] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[26/11/2004|02:18] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sonic
[26/11/2004|02:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
[26/11/2004|02:17] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[27/01/2007|17:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Help
[10/12/2004|22:39] C:\DOCUME~1\LOCALS~1\APPLIC~1\Macromedia
[30/11/2004|18:23] C:\DOCUME~1\LOCALS~1\APPLIC~1\McAfee.com Personal Firewall
[26/11/2004|01:43] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[26/11/2004|01:43] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[22/04/2006|19:00] C:\DOCUME~1\Owner\APPLIC~1\You've Got Pictures Screensaver

[22/09/2008|19:07] C:\DOCUME~1\Tim\APPLIC~1\Adobe
[07/05/2008|23:49] C:\DOCUME~1\Tim\APPLIC~1\AdobeUM
[31/03/2007|16:14] C:\DOCUME~1\Tim\APPLIC~1\Apple Computer
[22/09/2008|19:07] C:\DOCUME~1\Tim\APPLIC~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[25/12/2004|23:54] C:\DOCUME~1\Tim\APPLIC~1\CyberLink
[26/12/2004|19:39] C:\DOCUME~1\Tim\APPLIC~1\Help
[26/11/2004|01:43] C:\DOCUME~1\Tim\APPLIC~1\Identities
[26/11/2004|02:14] C:\DOCUME~1\Tim\APPLIC~1\Jasc Software Inc
[28/06/2008|20:10] C:\DOCUME~1\Tim\APPLIC~1\Lavasoft
[02/01/2005|19:36] C:\DOCUME~1\Tim\APPLIC~1\Leadertech
[30/11/2004|19:40] C:\DOCUME~1\Tim\APPLIC~1\Macromedia
[14/10/2008|18:31] C:\DOCUME~1\Tim\APPLIC~1\Malwarebytes
[30/11/2004|17:15] C:\DOCUME~1\Tim\APPLIC~1\McAfee.com Personal Firewall
[08/11/2006|22:27] C:\DOCUME~1\Tim\APPLIC~1\Microsoft
[03/07/2008|00:00] C:\DOCUME~1\Tim\APPLIC~1\Mozilla
[28/06/2007|21:11] C:\DOCUME~1\Tim\APPLIC~1\NCH Swift Sound
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\NetMedia Providers
[14/08/2008|23:21] C:\DOCUME~1\Tim\APPLIC~1\NewSoft
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\Publish Providers
[14/02/2005|20:52] C:\DOCUME~1\Tim\APPLIC~1\Real
[26/11/2004|02:18] C:\DOCUME~1\Tim\APPLIC~1\Sonic
[02/05/2005|18:58] C:\DOCUME~1\Tim\APPLIC~1\Sonic Foundry
[09/04/2005|21:09] C:\DOCUME~1\Tim\APPLIC~1\Sony
[02/01/2005|15:29] C:\DOCUME~1\Tim\APPLIC~1\Sony Corporation
[10/03/2005|21:01] C:\DOCUME~1\Tim\APPLIC~1\Steinberg
[26/11/2004|02:08] C:\DOCUME~1\Tim\APPLIC~1\Sun
[30/11/2004|19:05] C:\DOCUME~1\Tim\APPLIC~1\Template
[30/01/2008|12:03] C:\DOCUME~1\Tim\APPLIC~1\WinRAR
[26/11/2004|02:17] C:\DOCUME~1\Tim\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[16/10/2008 18:20][--ah-----] C:\WINDOWS\tasks\SA.DAT
[04/08/2004 06:00][-r-h-----] C:\WINDOWS\tasks\DESKTOP.INI

--------------------\\ Listing Folders in C:\Program Files

[14/02/2005|21:00] C:\Program Files\_ArcadeDownloadFolder
[23/09/2008|17:53] C:\Program Files\Adobe
[09/05/2008|22:06] C:\Program Files\AltoMP3 Gold
[14/02/2005|20:49] C:\Program Files\aod
[05/02/2005|18:07] C:\Program Files\AOL 9.0
[26/11/2004|02:17] C:\Program Files\AOL Companion
[10/01/2007|22:06] C:\Program Files\Apoint
[11/03/2008|15:22] C:\Program Files\ATI Technologies
[26/05/2008|22:26] C:\Program Files\AVG
[26/11/2004|02:10] C:\Program Files\Broadcom
[03/09/2005|15:10] C:\Program Files\BT Yahoo! Internet
[26/11/2004|02:13] C:\Program Files\BTOW
[08/03/2007|00:11] C:\Program Files\Channel4
[15/10/2008|21:05] C:\Program Files\Common Files
[26/11/2004|01:43] C:\Program Files\ComPlus Applications
[26/11/2004|01:57] C:\Program Files\CONEXANT
[26/11/2004|02:12] C:\Program Files\CyberLink
[26/11/2004|02:11] C:\Program Files\Dell
[26/11/2004|02:14] C:\Program Files\Dell Computer
[26/11/2004|02:09] C:\Program Files\Digital Line Detect
[09/04/2005|21:29] C:\Program Files\DigitalSoundPlanet
[16/01/2007|20:47] C:\Program Files\ffdshow
[18/03/2005|21:01] C:\Program Files\Finale NotePad 2005a
[11/11/2007|16:47] C:\Program Files\Finale SongWriter 2005
[29/09/2008|18:35] C:\Program Files\FLV Player
[14/02/2005|21:04] C:\Program Files\Google
[26/05/2008|22:27] C:\Program Files\Grisoft
[11/03/2008|15:22] C:\Program Files\InstallShield Installation Information
[26/11/2004|02:08] C:\Program Files\Intel
[16/10/2008|01:38] C:\Program Files\Internet Explorer
[16/01/2007|18:38] C:\Program Files\IVT Corporation
[26/11/2004|02:14] C:\Program Files\Jasc Software Inc
[17/07/2008|16:24] C:\Program Files\Java
[08/03/2007|00:11] C:\Program Files\Kontiki
[28/06/2008|20:09] C:\Program Files\Lavasoft
[26/11/2004|02:17] C:\Program Files\Learn2.com
[02/05/2005|18:58] C:\Program Files\LP Recorder
[14/10/2008|18:32] C:\Program Files\Malwarebytes' Anti-Malware
[11/03/2005|14:07] C:\Program Files\McAfee.com
[14/08/2008|19:31] C:\Program Files\Messenger
[31/12/2004|18:35] C:\Program Files\Microsoft ActiveSync
[26/11/2004|01:43] C:\Program Files\microsoft frontpage
[31/12/2004|18:35] C:\Program Files\Microsoft Office
[26/11/2004|02:12] C:\Program Files\Microsoft Works
[31/12/2004|18:35] C:\Program Files\Microsoft.NET
[16/01/2007|21:01] C:\Program Files\MIKSOFT
[26/11/2004|02:09] C:\Program Files\Modem Helper
[26/11/2004|01:43] C:\Program Files\Movie Maker
[15/10/2008|22:39] C:\Program Files\Mozilla Firefox
[02/01/2007|23:43] C:\Program Files\MSConfig CleanUp
[26/11/2004|01:43] C:\Program Files\MSN
[26/11/2004|01:43] C:\Program Files\MSN Gaming Zone
[15/10/2006|21:01] C:\Program Files\MSXML 4.0
[28/06/2007|21:11] C:\Program Files\NCH Swift Sound
[26/11/2004|01:43] C:\Program Files\NetMeeting
[26/11/2004|02:09] C:\Program Files\NetWaiting
[27/12/2005|20:01] C:\Program Files\NewSoft
[15/10/2006|21:51] C:\Program Files\Nokia
[22/09/2008|18:48] C:\Program Files\NOS
[02/01/2005|00:03] C:\Program Files\OfficeUpdate11
[02/05/2005|18:57] C:\Program Files\Online Services
[13/06/2007|10:21] C:\Program Files\Outlook Express
[27/09/2007|22:54] C:\Program Files\QuickTime
[14/02/2005|21:04] C:\Program Files\Real
[29/09/2008|18:46] C:\Program Files\Replay Converter 3
[29/09/2008|18:52] C:\Program Files\Replay Media Catcher
[26/11/2004|01:57] C:\Program Files\Sigmatel
[26/11/2004|02:11] C:\Program Files\Sonic
[09/04/2005|21:14] C:\Program Files\Sonic Foundry
[09/04/2005|21:13] C:\Program Files\Sonic Foundry Setup
[09/04/2005|21:09] C:\Program Files\Sony
[09/04/2005|21:07] C:\Program Files\Sony Setup
[02/10/2008|18:20] C:\Program Files\Spybot - Search & Destroy
[09/04/2005|21:20] C:\Program Files\Steinberg
[26/11/2004|02:08] C:\Program Files\Tiscali
[02/10/2008|19:08] C:\Program Files\Trend Micro
[26/11/2004|01:43] C:\Program Files\Uninstall Information
[03/01/2006|21:11] C:\Program Files\Virgin Net Broadband
[02/05/2005|18:59] C:\Program Files\VOB
[27/12/2006|00:15] C:\Program Files\Windows Media Connect 2
[16/01/2007|21:01] C:\Program Files\Windows Media Player
[26/11/2004|01:43] C:\Program Files\Windows NT
[26/11/2004|01:43] C:\Program Files\WindowsUpdate
[30/01/2008|12:03] C:\Program Files\WinRAR
[26/11/2004|01:43] C:\Program Files\XEROX
[26/11/2004|02:17] C:\Program Files\Your Company Name

--------------------\\ Listing Folders in C:\Program Files\Common Files

[23/09/2008|17:53] C:\Program Files\Common Files\Adobe
[22/09/2008|19:06] C:\Program Files\Common Files\Adobe AIR
[26/11/2004|02:17] C:\Program Files\Common Files\AOL
[26/11/2004|02:17] C:\Program Files\Common Files\aolshare
[31/12/2004|18:35] C:\Program Files\Common Files\DESIGNER
[26/11/2004|02:10] C:\Program Files\Common Files\InstallShield
[26/11/2004|02:08] C:\Program Files\Common Files\Java
[03/08/2008|00:28] C:\Program Files\Common Files\Microsoft Shared
[26/11/2004|01:43] C:\Program Files\Common Files\MSSoap
[27/12/2005|20:00] C:\Program Files\Common Files\NewSoft
[26/11/2004|02:16] C:\Program Files\Common Files\Nullsoft
[26/11/2004|01:43] C:\Program Files\Common Files\ODBC
[08/01/2006|17:33] C:\Program Files\Common Files\Real
[26/11/2004|01:43] C:\Program Files\Common Files\Services
[26/11/2004|02:10] C:\Program Files\Common Files\Sonic Shared
[02/01/2005|15:24] C:\Program Files\Common Files\Sony Shared
[26/11/2004|01:43] C:\Program Files\Common Files\SpeechEngines
[13/06/2007|10:21] C:\Program Files\Common Files\System
[28/06/2008|20:07] C:\Program Files\Common Files\Wise Installation Wizard
[08/01/2006|17:33] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 43 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 18:29:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


No other infections found !

[F:4][D:3]-> C:\DOCUME~1\Tim\LOCALS~1\Temp
[F:2858][D:0]-> C:\DOCUME~1\Tim\Cookies
[F:359][D:8]-> C:\DOCUME~1\Tim\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 16/10/2008| 1:25 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 16/10/2008|18:30 - Option : [2]

--------------------\\ Scan completed at 18:30:53
















Here is the new OTViewIt report:


OTViewIt logfile created on: 16/10/2008 18:36:23 - Run 3
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 579.77 Mb Available Physical Memory | 56.66% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 27.45 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2004/01/12 07:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2004/03/04 16:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2004/01/09 11:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
[2004/08/21 19:04:48 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/29 17:12:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2006/11/08 18:32:42 | 01,040,832 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2004/08/19 10:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2008/07/03 17:43:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/09/03 15:10:44 | 00,136,344 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\Watchdog.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2004/08/04 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe -- (BT Modem Lock [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
File not found -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/04/29 15:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2001/09/27 23:26:40 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
[2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMDAGP.SYS -- (amdagp [Boot | Running])
[2004/08/06 15:32:44 | 00,104,735 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
[2002/04/17 20:27:02 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2005/08/04 00:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/08/28 22:50:10 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 17:43:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2003/09/26 11:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2005/05/31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2005/04/30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BtNetDrv.sys -- (BT [On_Demand | Running])
[2005/05/31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
[2005/04/30 15:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2005/04/30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 17:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B [On_Demand | Stopped])
[2008/10/15 18:19:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\SYSTEM32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2004/06/17 16:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 16:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/11/26 02:09:10 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2001/12/11 19:17:14 | 00,037,087 | ---- | M] (Sony Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2004/03/03 03:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Running])
[2004/01/09 10:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/16 16:52:10 | 00,270,136 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2004/10/19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
[2005/03/25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2004/01/13 03:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Running])
[2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/06/17 16:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004/11/19 15:01:20 | 00,013,184 | R--- | M] (YAMAHA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{3BFFE033-BF43-11D5-A271-00A024A51325}: https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab -- iNotes6 Class
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1139245816920 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}: http://www.trendmicro.com/spyware-scan/as4web.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}: https://register.btinternet.com/templates/b...bcontrol024.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{099E7AF1-56D0-4C82-BF85-670A68F8145B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{6EE545E9-52D6-4553-BE6F-50B88BB7D6D1} (Servers: | Description: )
{7DECC29D-2E0D-4CA0-9EDE-876F4302F4BF} (Servers: | Description: 1394 Net Adapter)
{9217ECE7-51DA-4341-8AAC-EE3A09542904} (Servers: | Description: Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{C52626EB-BB95-4E39-987B-617B0B54BAF9} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 17:43:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\SYSTEM32\ati2evxx.dll (ATI Technologies Inc.)
Sebring: "DllName" = C:\WINDOWS\system32\LgNotify.dll -- C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/16 01:22:58 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/10/16 01:19:30 | 00,522,214 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\LopSD.exe
[2008/10/15 21:29:17 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/15 21:01:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/15 21:01:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/15 21:01:19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/15 20:59:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/15 20:59:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/15 20:59:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/15 20:59:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/15 20:59:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/15 20:59:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/15 20:59:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/15 20:59:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/15 20:59:37 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/15 20:59:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/15 20:59:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/15 18:19:06 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/15 18:19:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/15 18:19:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/15 18:19:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 18:19:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 18:18:39 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\gmer.zip
[2008/10/15 18:05:09 | 04,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2008/10/15 17:59:11 | 02,985,733 | R--- | C] () -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2008/10/14 18:31:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Malwarebytes
[2008/10/14 18:31:38 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:31:37 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/14 18:31:37 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/14 18:30:28 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 00:45:52 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/14 00:13:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\New Folder
[2008/10/08 19:54:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/02 19:08:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:49:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/09/30 18:41:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/29 18:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2008/09/29 18:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2008/09/29 18:50:42 | 08,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Converter 3
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter 3
[2008/09/29 18:36:00 | 21,205,200 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2008/09/22 19:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/22 19:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/22 18:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/22 18:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/10/16 18:28:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2008/10/16 18:22:37 | 28,901,209 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/16 18:22:37 | 00,043,628 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/16 18:21:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/16 18:20:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/16 18:20:43 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/16 18:20:36 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/16 18:20:36 | 00,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 01:38:44 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/16 01:37:47 | 00,000,757 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/10/16 01:19:37 | 00,522,214 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\LopSD.exe
[2008/10/15 22:34:07 | 00,000,537 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/10/15 21:12:51 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/15 21:05:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/15 21:01:32 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2008/10/15 18:19:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/15 18:19:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 18:19:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 18:18:40 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\gmer.zip
[2008/10/15 18:05:09 | 04,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2008/10/15 17:59:11 | 02,985,733 | R--- | M] () -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2008/10/14 21:38:39 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/14 18:31:38 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:30:32 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/09 22:20:21 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 19:54:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 19:08:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:34:31 | 00,072,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/23 23:40:58 | 00,412,018 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/23 23:40:58 | 00,065,964 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/23 23:40:57 | 00,482,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >


















Here is the new OTViewIt Extras report


OTViewIt Extras logfile created on: 16/10/2008 18:36:23 - Run 3
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 579.77 Mb Available Physical Memory | 56.66% Memory free
2.40 Gb Paging File | 2.04 Gb Available in Paging File | 85.07% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 27.45 Gb Free Space | 52.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url [@ = InternetShortcut] -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall"=1
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2004/08/04 06:00:00 | 00,140,800 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2006/01/08 17:32:54 | 00,208,941 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
[2006/10/10 13:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2005/06/06 14:23:08 | 01,183,744 | ---- | M] (IVT Corporation) -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service
[2008/08/28 17:28:14 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 17:43:25 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2004/07/01 10:32:38 | 00,073,728 | ---- | M] () C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll application/x-internet-signup:{A173B69A-1F9B-4823-9FDA-412F641E65D6} (HKLM) [INSMimeFilterPP Class]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI Control Panel
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA
"{1C877DA0-5EFF-11D4-9254-0000F460E7A9}"=OpenMG Jukebox
"{21657574-BD54-48A2-9450-EB03B2C7FC29}"=Sonic MyDVD
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}"=Dell Media Experience
"{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"{2C351DB8-E088-41A2-9BF0-113727FBB697}"=Intel® PROSet
"{2C9241DC-E141-4BB9-99F2-0BC54D81862F}"=Smart Start UP
"{2CB511DF-AD50-4087-8934-8ACE54DE4FC1}"=BT Openworld Dell Signup
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}"=Internet Explorer Default Page
"{36235A3F-92C7-4F90-84E7-3697C59AD369}"=Sony ACID 4.0f
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}"=NetWaiting
"{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"{4B0A96C1-2C2D-4C84-81B0-B87EB2522837}"=Sony Sound Forge 7.0
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}"=Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}"=Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}"=Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD 5.1
"{68D88FD1-C7BA-4BC9-B6A6-9685FAECD7EE}"=4oD
"{7148F0A8-6813-11D6-A77B-00B0D0142030}"=Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}"=Dell System Restore
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}"=Microsoft Works 7.0
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{783033B0-D8E6-11D5-9293-0050BA073EEC}"=Presto! ImageFolio 4.2
"{7F142D56-3326-11D5-B229-002078017FBF}"=Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}"=Jasc Paint Shop Pro 8 Dell Edition
"{91120409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}"=Sonic RecordNow!
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=ALPS Touch Pad Driver
"{A228A09C-4826-42E0-A3D8-95B2BAAB5049}"=OpenMG Secure Module 3.0.01
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}"=BlueSoleil
"{BDD8B3C0-0877-418D-ACC9-2AB0064B901A}"=Presto! Mr. Photo 3
"{C5074CC4-0E26-4716-A307-960272A90040}"=QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}"=Jasc Paint Shop Photo Album
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}"=getPlus® for Adobe
"{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}"=SpeedTouch USB Software
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}"=Digital Line Detect
"{F6BECFE0-74CE-11D5-B8A3-00B0D0D26B88}"=Sony Net MD Help
"4oD"=4oD
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"All ATI Software"=ATI - Software Uninstall Utility
"AltoMP3 Gold"=AltoMP3 Gold 5.20
"America Online uk"=AOL UK (Choose which version to remove)
"AOL Connectivity Services"=AOL Connectivity Services
"AOL Spyware Protection"=AOL Spyware Protection
"AOL YGP Screensaver"=AOL You've Got Pictures Screensaver
"AOLCoach uk"=AOL Coach Version 1.0(Build:20040201.2 uk)
"Applian FLV Player2.0.24"=Applian FLV Player
"ASAPI Update"=ASAPI Update
"ATI Display Driver"=ATI Display Driver
"AVG8Uninstall"=AVG Free 8.0
"BTopenworld"=BT Yahoo! Internet Connection Manager 6.0
"CCleaner"=CCleaner (remove only)
"CleanUp!"=CleanUp!
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1"=Conexant D110 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Dell Photo Printer 720"=Dell Photo Printer 720
"ExpressBurn"=Express Burn
"ffdshow_is1"=ffdshow [rev 780] [2007-01-15]
"Finale NotePad 2005a"=Finale NotePad 2005a
"Finale SongWriter 2005"=Finale SongWriter 2005
"getPlus®_ocx"=getPlus®_ocx
"HijackThis"=HijackThis 2.0.2
"IDNMitigationAPIs"=Microsoft Internationalized Domain Names Mitigation APIs
"ie7"=Windows Internet Explorer 7
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}"=Broadcom Management Programs
"InstallShield_{4AD35E01-9BA9-4F0C-B6B7-09C6C8F20D15}"=Nokia Connectivity Cable Driver
"Lavasoft VX2 Cleaner"=Lavasoft VX2 Cleaner
"LP Recorder"=LP Recorder
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Messenger Control Plugin for Ad-aware"=Messenger Control Plugin for Ad-aware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"MIKSOFT Mobile 3GP converter_is1"=MIKSOFT Mobile 3GP converter
"Mozilla Firefox (3.0.3)"=Mozilla Firefox (3.0.3)
"MSCompPackV1"=Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1"=MSConfig CleanUp 1.2
"NLSDownlevelMapping"=Microsoft National Language Support Downlevel APIs
"OpenMG HotFix3.0.01-01-12-03-01"=OpenMG Limited Patch 3.0.01-01-12-17-01
"OpenMG HotFix3.0.01-01-12-10-01"=OpenMG Limited Patch 3.0.01-01-12-10-01
"Quartz AudioMaster Freeware"=Quartz AudioMaster Freeware
"QuickTime"=QuickTime
"RealArcade 1.2"=RealArcade
"RealPlayer 6.0"=RealPlayer
"Replay Converter 3"=Replay Converter 3
"Replay Media Catcher 3.01"=Replay Media Catcher 3.01
"Slice"=Slice Uninstall
"SoundTap"=SoundTap Uninstall
"Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20
"Steinberg Cubase SX v2.01"=Steinberg Cubase SX v2.01
"Steinberg WaveLab 5.01a"=Steinberg WaveLab 5.01a
"StreetPlugin"=Learn2 Player (Uninstall Only)
"Switch"=Switch
"WavePad"=WavePad Uninstall
"Windows Media Format Runtime"=Windows Media Format 11 runtime
"Windows Media Player"=Windows Media Player 11
"WinRAR archiver"=WinRAR archiver
"WMFDist11"=Windows Media Format 11 runtime
"wmp11"=Windows Media Player 11
"Wudf01000"=Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 30/09/2008 13:34:19 | Computer Name = MONKEY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD APPDRV AvgLdx86 AvgMfx86 Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 30/09/2008 13:40:35 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 30/09/2008 13:40:52 | Computer Name = MONKEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30/09/2008 13:42:14 | Computer Name = MONKEY | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1553C77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 01/10/2008 12:49:18 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 03/10/2008 19:00:05 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:14:00 | Computer Name = MONKEY | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 12/10/2008 08:37:25 | Computer Name = MONKEY | Source = PSched | ID = 14103
Description = QoS [Adapter {9217ECE7-51DA-4341-8AAC-EE3A09542904}]: The netcard driver
failed the query for OID_GEN_LINK_SPEED.

Error - 13/10/2008 17:22:35 | Computer Name = MONKEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 000CF1553C77 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 16/10/2008 13:21:02 | Computer Name = MONKEY | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF1553C77. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >



Here is the new HijackThis report

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:45:45, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\1XConfig.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\BT Yahoo! Internet\ModemLock.exe
C:\Program Files\Kontiki\KService.exe
C:\WINDOWS\system32\RegSrvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kontiki\Khost.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\BT Yahoo! Internet\Watchdog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.live.com/login.srf?id=2&vv=450&lc=2057
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\Khost.exe -all
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://bt.yahoo.com
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1139245816920
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - https://register.btinternet.com/templates/b...bcontrol024.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{24386D77-2348-45CE-A544-879FC7D94024}: NameServer = 194.168.4.100 194.168.8.100
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: BT Modem Lock - British Telecommunications plc - C:\Program Files\BT Yahoo! Internet\ModemLock.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6701 bytes

#14 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:47 PM

Posted 16 October 2008 - 02:45 PM

Hello bewley.

Can't find what is causing that still. Let's see what these online scanners can pick up.

Submit File to Online Scanner
There is an unidentified file that I would like you to check out for me using Jotti/VirusTotal.
  • Open Jotti Online Scanner, or VirusTotal Online Scanner. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • C:\Program Files\QuickTime 4.exe
  • C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Run Scan with Kaspersky
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer Only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

This scanner will only scan. It does not remove any malware it finds.


F-Secure Online Scan
Please run F-Secure Online Scanner.
This scan is for Internet Explorer only.
  • It is suggested that you disable security programs and close any other windows during the scan. While your security is disabled, please refrain from surfing on other sites. Refer to this page if you are unsure how.
  • Go to F-Secure Online Scanner
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan
  • Once the download completes, the scan will begin automatically. The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy the entire report in your next reply.
  • Be sure to re-enable any security programs.


Post back with:
-the Jotti results (if they came clean then there is no need to post them)
-the Kaspersky log
-the F-Secure log
-a new OTViewIt log (only OTViewIt.txt will be fine)

With Regards,
The Panda

Edited by PropagandaPanda, 16 October 2008 - 02:45 PM.


#15 bewley

bewley
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:47 PM

Posted 17 October 2008 - 02:12 PM

Hi there.

I have included the Jotti Scanner reports, just out of interest. Both the files were clear, but I noticed the Statistics sections at the bottom of the page both suggested there was something found, so I thought I'd copy them in case it was relevant.

I couldn't run Kaspersky. It stated I needed to install Java 1.5 or higher before it could run, but Java insisted I already have Java 6.7 and that no further updates were available. So I got stuck at the Kaspersky intro page - tried a few times but it didn't change so I gave up.


Here is the first Jotti Scanner report for Quicktime 4:

C:\Program Files\QuickTime 4.exe


Scan taken on 17 Oct 2008 16:21:32 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing



Statistics
Last file scanned at least one scanner reported something about: 2500.3000.EXE (MD5: 21908f22613eb8e4b7775d596ae72904, size: 8192 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir BDS/Poisonivy.E.3
ArcaVir X
Avast Win32:PoisonIvy-HX
AVG Antivirus X
BitDefender X
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA Win32:PoisonIvy-HX
Ikarus X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X















Here is the second Jotti Scanner report for Apfiltr.sys

C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys


Scanner results
Scan taken on 17 Oct 2008 19:08:17 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
G DATA Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing


Statistics
Last file scanned at least one scanner reported something about: ffxibuddy.zip (MD5: aace3c87392d8400b91afaf2c1baf95b, size: 80060 bytes), detected by:

Scanner Malware name
A-Squared X
AntiVir HEUR/Crypted
ArcaVir X
Avast X
AVG Antivirus X
BitDefender DeepScan:Generic.Malware.P!Pk!.4C9C675C
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
G DATA DeepScan:Generic.Malware.P!Pk!.4C9C675C
Ikarus Backdoor.Win32.Bifrose.rlm
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 X














Here is the F-Secure report


Scanning Report
Friday, October 17, 2008 17:50:01 - 20:00:22
Computer name: MONKEY
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 16 malware found
TrackingCookie.2o7 (spyware)
System
TrackingCookie.Adbrite (spyware)
System
TrackingCookie.Adform (spyware)
System
TrackingCookie.Adinterax (spyware)
System
TrackingCookie.Adtech (spyware)
System
TrackingCookie.Atdmt (spyware)
System
TrackingCookie.Atwola (spyware)
System
TrackingCookie.Emediate (spyware)
System
TrackingCookie.Instadia (spyware)
System
TrackingCookie.Questionmarket (spyware)
System
TrackingCookie.Revsci (spyware)
System
TrackingCookie.Specificclick (spyware)
System
TrackingCookie.Webtrends (spyware)
System
TrackingCookie.Xiti (spyware)
System
TrackingCookie.Yieldmanager (spyware)
System
TrackingCookie.Zanox (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 53687
System: 4239
Not scanned: 9
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 16
Submitted: 0
Files not scanned:
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\TIM\LOCAL SETTINGS\TEMP\ETILQS_4CPGOZDCKENOG6PIJLTF
C:\DOCUMENTS AND SETTINGS\TIM\LOCAL SETTINGS\TEMP\HSPERFDATA_TIM\568

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-10-17
F-Secure AVP: 7.0.171, 2008-10-17
F-Secure Pegasus: 1.20.0, 2008-09-02
F-Secure Blacklight: 1.0.68
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------















Here is the new OTViewIt report:



OTViewIt logfile created on: 17/10/2008 20:09:43 - Run 4
OTViewIt by OldTimer - Version 1.0.11.0 Folder = C:\Documents and Settings\Tim\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1023.23 Mb Total Physical Memory | 433.89 Mb Available Physical Memory | 42.40% Memory free
2.40 Gb Paging File | 1.94 Gb Available in Paging File | 80.61% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.32 Gb Total Space | 27.39 Gb Free Space | 52.34% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEY
Current User Name: Tim
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe
[2004/01/12 07:53:30 | 00,360,448 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\ZCfgSvc.exe
[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
[2004/01/09 11:12:08 | 00,184,320 | ---- | M] (Intel) -- C:\WINDOWS\SYSTEM32\1XConfig.exe
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE
[2004/03/04 16:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXPPS.EXE
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
[2004/08/21 19:04:48 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe
[2005/08/05 22:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe
[2008/06/10 04:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2008/09/29 17:12:09 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe
[2004/08/19 10:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
[2006/11/08 18:32:42 | 01,040,832 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KHost.exe
[2008/07/03 17:43:17 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
[2005/09/03 15:10:44 | 00,136,344 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\Watchdog.exe
[2008/07/18 22:10:42 | 00,053,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wuauclt.exe
[2004/08/04 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
[2008/10/02 23:59:08 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/08/23 06:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/06/28 20:10:39 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2004/02/25 11:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
[2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2005/08/04 00:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2008/08/28 22:50:11 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2005/04/06 17:03:28 | 00,110,592 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe -- (BlueSoleil Hid Service [Auto | Running])
[2005/09/03 15:10:44 | 00,173,208 | ---- | M] (British Telecommunications plc) -- C:\Program Files\BT Yahoo! Internet\ModemLock.exe -- (BT Modem Lock [Auto | Running])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/08/29 10:00:30 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
File not found -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/11/08 18:32:42 | 03,068,352 | ---- | M] () -- C:\Program Files\Kontiki\KService.exe -- (KService [Auto | Running])
[2004/03/04 16:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\SYSTEM32\LEXBCES.EXE -- (LexBceS [Auto | Running])
[2003/04/29 15:29:54 | 00,139,264 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
[2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2004/01/09 11:10:00 | 00,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\RegSrvc.exe -- (RegSrvc [Auto | Running])
[2004/01/09 11:11:36 | 00,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\SYSTEM32\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
[2001/09/27 23:26:40 | 00,065,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
[2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2003/12/08 12:53:48 | 00,053,600 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcan5wn.sys -- (alcan5wn [On_Demand | Running])
[2003/12/08 12:53:46 | 00,070,688 | ---- | M] (THOMSON) -- C:\WINDOWS\SYSTEM32\DRIVERS\alcaudsl.sys -- (alcaudsl [On_Demand | Running])
[2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS -- (AliIde [Boot | Running])
[2004/08/04 00:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\AMDAGP.SYS -- (amdagp [Boot | Running])
[2004/08/06 15:32:44 | 00,104,735 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2004/06/30 11:39:36 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
[2002/04/17 20:27:02 | 00,011,264 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
[2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS -- (asc [Boot | Running])
[2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS -- (asc3550 [Boot | Running])
[2005/08/04 00:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
[2008/08/28 22:50:10 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgldx86.sys -- (AvgLdx86 [System | Running])
[2008/07/03 17:43:16 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\DRIVERS\avgmfx86.sys -- (AvgMfx86 [System | Running])
[2003/09/26 11:41:10 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2005/05/31 16:40:20 | 00,020,480 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\blueletaudio.sys -- (BlueletAudio [On_Demand | Running])
[2005/04/30 15:48:58 | 00,010,804 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BtNetDrv.sys -- (BT [On_Demand | Running])
[2005/05/31 10:42:28 | 00,023,000 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\btcusb.sys -- (Btcsrusb [On_Demand | Stopped])
[2005/04/30 15:50:20 | 00,011,860 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\vbtenum.sys -- (BTHidEnum [On_Demand | Running])
[2005/04/30 15:50:10 | 00,028,271 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\BTHidMgr.sys -- (BTHidMgr [Boot | Running])
[2004/12/16 17:32:54 | 00,013,304 | ---- | M] () -- C:\WINDOWS\SYSTEM32\DRIVERS\BTNetFilter.sys -- (BTNetFilter [On_Demand | Stopped])
File not found -- C:\ComboFix\catchme.sys -- (catchme [On_Demand | Stopped])
[2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS -- (CmdIde [Boot | Running])
[2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS -- (dac2w2k [Boot | Running])
[2004/02/13 04:21:00 | 00,086,160 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys -- (drvmcdb [Boot | Running])
[2004/02/27 03:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm [Auto | Running])
[2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\E100B325.SYS -- (E100B [On_Demand | Stopped])
[2008/10/15 18:19:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\SYSTEM32\DRIVERS\gmer.sys -- (gmer [System | Running])
[2004/06/17 16:57:02 | 00,200,064 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWICH.sys -- (HSFHWICH [On_Demand | Running])
[2004/06/17 16:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
[2004/11/26 02:09:10 | 00,014,037 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
[2004/03/17 13:04:14 | 00,013,059 | ---- | M] (Conexant) -- C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
[2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS -- (mraid35x [Boot | Running])
[2001/12/11 19:17:14 | 00,037,087 | ---- | M] (Sony Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NETMDUSB.sys -- (NETMDUSB [On_Demand | Stopped])
[2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv [On_Demand | Stopped])
[2004/02/13 11:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci [System | Running])
[2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS -- (Ptilink [On_Demand | Running])
[2004/03/03 03:02:00 | 00,020,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS -- (ql1080 [Boot | Running])
[2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS -- (ql12160 [Boot | Running])
[2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS -- (ql1280 [Boot | Running])
[2004/08/04 06:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ROOTMDM.SYS -- (ROOTMODEM [On_Demand | Running])
[2004/01/09 10:49:52 | 00,010,970 | ---- | M] (Intel Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
[2004/08/04 06:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SDBUS.SYS -- (sdbus [On_Demand | Running])
[2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2004/08/04 00:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\SISAGP.SYS -- (sisagp [Boot | Running])
[2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS -- (Sparrow [Boot | Running])
[2004/01/14 20:18:16 | 00,005,621 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5 [System | Running])
[2004/01/14 20:18:04 | 00,023,219 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln [System | Running])
[2004/08/16 16:52:10 | 00,270,136 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\STAC97.sys -- (STAC97 [On_Demand | Running])
[2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS -- (symc810 [Boot | Running])
[2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS -- (symc8xx [Boot | Running])
[2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS -- (sym_hi [Boot | Running])
[2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS -- (sym_u3 [Boot | Running])
[2004/03/15 02:04:00 | 00,025,685 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
[2004/03/15 02:04:00 | 00,034,837 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
[2004/03/15 02:04:00 | 00,004,117 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
[2004/03/15 02:04:00 | 00,002,233 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
[2004/03/15 02:04:00 | 00,085,972 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
[2004/03/15 02:04:00 | 00,014,229 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
[2004/03/15 02:04:00 | 00,006,357 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
[2004/03/15 02:04:00 | 00,098,580 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
[2004/03/15 02:04:00 | 00,100,597 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
[2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS -- (ultra [Boot | Running])
[2004/10/19 14:37:38 | 00,061,312 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VComm.sys -- (VComm [On_Demand | Running])
[2005/03/25 18:18:48 | 00,082,148 | ---- | M] (IVT Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\VcommMgr.sys -- (VcommMgr [On_Demand | Running])
[2004/01/13 03:41:46 | 02,482,176 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\w70n51.sys -- (w70n51 [On_Demand | Running])
[2003/01/10 17:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])
[2004/06/17 16:55:38 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
[2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\WS2IFSL.SYS -- (WS2IFSL [Disabled | Stopped])
[2004/11/19 15:01:20 | 00,013,184 | R--- | M] (YAMAHA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\ymidusb.sys -- (YMIDUSB [On_Demand | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www.dell.co.uk/myway
"First Home Page"=http://www.dell.co.uk/myway
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\windows\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://login.live.com/login.srf?id=2&vv=450&lc=2057

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\SearchURL]
""=http://home.microsoft.com/access/autosearch.asp?p=%s

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\SYSTEM32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O3) Toolbars ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"Apoint"=C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\Khost.exe -all (Kontiki Inc.)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"=0
"NoDriveTypeAutoRun"=227
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0
"HideStartupScripts"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDrives"=0

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"HideLegacyLogonScripts"=0
"HideLogoffScripts"=0
"HideStartupScripts"=0
"RunLogonScriptSync"=1
"RunStartupScriptSync"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\Software\Microsoft\Internet Explorer\MenuExt\]
E&xport to Microsoft Excel: Reg Error: Key does not exist or could not be opened. File not found

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} [HKLM] -> [Reg Error: Value MenuText does not exist or could not be read.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2004/10/13 17:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1438698352-2152867725-2636471215-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
45 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/3/9...heckControl.cab -- Windows Genuine Advantage Validation Tool
{3BFFE033-BF43-11D5-A271-00A024A51325}: https://aapelon4l01.eu.ogilvy.com/iNotes6W.cab -- iNotes6 Class
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc.cab -- Office Update Installation Engine
{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}: http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab -- Reg Error: Key does not exist or could not be opened.
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1139245816920 -- MUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{B1826A9F-4AA0-4510-BA77-9013E74E4B9B}: http://www.trendmicro.com/spyware-scan/as4web.cab -- Reg Error: Key does not exist or could not be opened.
{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}: http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab -- Reg Error: Key does not exist or could not be opened.
{BDBDE413-7B1C-4C68-A8FF-C5B2B4090876}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.3
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}: http://java.sun.com/products/plugin/autodl...indows-i586.cab -- Java Plug-in 1.4.2_03
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab -- get_atlcom Class
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object
{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}: https://register.btinternet.com/templates/b...bcontrol024.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{099E7AF1-56D0-4C82-BF85-670A68F8145B} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)
{6EE545E9-52D6-4553-BE6F-50B88BB7D6D1} (Servers: | Description: )
{7DECC29D-2E0D-4CA0-9EDE-876F4302F4BF} (Servers: | Description: 1394 Net Adapter)
{9217ECE7-51DA-4341-8AAC-EE3A09542904} (Servers: | Description: Intel® PRO/Wireless LAN 2100 3A Mini PCI Adapter)
{C52626EB-BB95-4E39-987B-617B0B54BAF9} (Servers: | Description: )

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=avgrsstx.dll
>[2008/07/03 17:43:17 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\SYSTEM32\avgrsstx.dll

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\SYSTEM32\ati2evxx.dll (ATI Technologies Inc.)
Sebring: "DllName" = C:\WINDOWS\system32\LgNotify.dll -- C:\WINDOWS\SYSTEM32\LgNotify.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2004/08/10 14:04:08 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2008/10/17 17:45:23 | 00,000,000 | ---D | C] -- C:\fsaua.data
[2008/10/17 17:29:13 | 00,001,369 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\scanner results 08-10-17 Apfiltr.sys
[2008/10/16 01:22:58 | 00,000,000 | ---D | C] -- C:\Lop SD
[2008/10/16 01:19:30 | 00,522,214 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\LopSD.exe
[2008/10/15 21:29:17 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/10/15 21:01:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008/10/15 21:01:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008/10/15 21:01:19 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2008/10/15 20:59:37 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008/10/15 20:59:37 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008/10/15 20:59:37 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008/10/15 20:59:37 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008/10/15 20:59:37 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008/10/15 20:59:37 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008/10/15 20:59:37 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/10/15 20:59:37 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008/10/15 20:59:37 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/10/15 20:59:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008/10/15 20:59:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008/10/15 18:19:06 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2008/10/15 18:19:04 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2008/10/15 18:19:04 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2008/10/15 18:19:04 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 18:19:04 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 18:18:39 | 00,747,873 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\gmer.zip
[2008/10/15 18:05:09 | 04,614,888 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2008/10/15 17:59:11 | 02,985,733 | R--- | C] () -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2008/10/14 18:31:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\Malwarebytes
[2008/10/14 18:31:38 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:31:37 | 00,038,528 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/10/14 18:31:37 | 00,017,200 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/10/14 18:31:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/10/14 18:30:28 | 02,182,784 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 00:45:52 | 00,421,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/14 00:13:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Desktop\New Folder
[2008/10/08 19:54:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2008/10/02 19:08:09 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:49:03 | 00,000,000 | ---D | C] -- C:\VundoFix Backups
[2008/09/30 18:41:47 | 10,730,00448 | -HS- | C] () -- C:\hiberfil.sys
[2008/09/29 18:52:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Media Catcher
[2008/09/29 18:52:21 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Media Catcher
[2008/09/29 18:50:42 | 08,320,728 | ---- | C] () -- C:\Program Files\FLV PlayerRCATSetup.exe
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\Replay Converter 3
[2008/09/29 18:46:20 | 00,000,000 | ---D | C] -- C:\Program Files\Replay Converter 3
[2008/09/29 18:36:00 | 21,205,200 | ---- | C] () -- C:\Program Files\FLV PlayerRCSetup.exe
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Applian FLV Player
[2008/09/29 18:35:14 | 00,000,000 | ---D | C] -- C:\Program Files\FLV Player
[2008/09/22 19:07:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/09/22 19:06:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/09/22 18:48:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/09/22 18:48:18 | 00,000,000 | ---D | C] -- C:\Program Files\NOS

========== Files - Modified Within 30 Days ==========

[7 C:\WINDOWS\System32\*.tmp files]
[2008/10/17 17:29:13 | 00,001,369 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\scanner results 08-10-17 Apfiltr.sys
[2008/10/17 17:19:06 | 28,962,379 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2008/10/17 17:17:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2008/10/17 17:16:59 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/10/17 17:16:44 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2008/10/17 17:16:41 | 10,730,00448 | -HS- | M] () -- C:\hiberfil.sys
[2008/10/16 18:28:41 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2008/10/16 18:22:37 | 00,043,628 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2008/10/16 18:20:36 | 00,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/16 01:38:44 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/10/16 01:37:47 | 00,000,757 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2008/10/16 01:19:37 | 00,522,214 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\LopSD.exe
[2008/10/15 22:34:07 | 00,000,537 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2008/10/15 21:12:51 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2008/10/15 21:05:50 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/10/15 21:01:32 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2008/10/15 18:19:04 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2008/10/15 18:19:04 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2008/10/15 18:19:04 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2008/10/15 18:18:40 | 00,747,873 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\gmer.zip
[2008/10/15 18:05:09 | 04,614,888 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tim\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[2008/10/15 17:59:11 | 02,985,733 | R--- | M] () -- C:\Documents and Settings\Tim\Desktop\ComboFix.exe
[2008/10/14 21:38:39 | 00,100,864 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/14 18:31:38 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008/10/14 18:30:32 | 02,182,784 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Tim\Desktop\mbam-setup.exe
[2008/10/14 00:46:04 | 00,421,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim\Desktop\OTViewIt.exe
[2008/10/09 22:20:21 | 00,307,238 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2008/10/08 19:54:52 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2008/10/08 19:54:52 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2008/10/07 20:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/10/03 18:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/10/02 19:08:09 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\HijackThis.lnk
[2008/10/02 18:12:44 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Tim\Desktop\Spybot - Search & Destroy.lnk
[2008/09/30 18:34:31 | 00,072,184 | ---- | M] () -- C:\Documents and Settings\Tim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/09/23 23:40:58 | 00,412,018 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2008/09/23 23:40:58 | 00,065,964 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2008/09/23 23:40:57 | 00,482,994 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users