Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection


  • This topic is locked This topic is locked
4 replies to this topic

#1 bubbakush

bubbakush

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 22 February 2009 - 05:26 PM

AVG is picking up a *.sys file (it keeps changing the file name) and it can't get rid of it. MBAM says its Rogue.Antivirus2008 and Hijack.DisplayProperties.

DDS will not work for me per the instructions, it says "This tool does not support your operating system". I'm running vista x64.

Other then when windows is loading after a reset its loading slow occasionally, there are no symptoms. So, where shall I start?

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 22 February 2009 - 05:48 PM

Hello.

If you are going to post a Hijackthis log then try running OTViewIT and see if it will work or not, if it does post that log instead.

Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in the HJT-Malware Removal forum:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 bubbakush

bubbakush
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 22 February 2009 - 06:12 PM

OTViewit.txt
OTViewIt logfile created on: 2/22/2009 5:58:34 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\James\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 61.98% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 53.85 Gb Free Space | 38.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MACHINE
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
[2008/10/31 14:22:38 | 00,050,480 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aim6.exe
[2008/10/08 03:16:33 | 01,410,296 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
[2008/02/20 19:58:44 | 00,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CtHelper.exe
[2008/02/20 19:58:46 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
[2009/02/06 08:51:09 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
[2009/02/06 08:51:10 | 00,832,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgam.exe
[2008/02/20 19:55:12 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
[2008/10/02 08:01:27 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
[2008/12/10 18:39:02 | 00,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
[2009/02/06 08:51:10 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe
[2009/02/06 08:51:10 | 00,687,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgcsrvx.exe
[2007/10/08 16:50:56 | 00,041,824 | ---- | M] (AOL LLC) -- C:\Program Files (x86)\AIM6\aolsoftware.exe
[2009/02/06 08:50:09 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
[2008/01/19 02:33:12 | 00,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieuser.exe
[2008/01/19 02:33:12 | 00,625,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2008/10/04 22:16:26 | 00,235,936 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10a.exe
[2009/02/22 17:56:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/03/02 21:37:29 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
[2009/02/06 08:51:10 | 00,903,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
[2009/02/06 08:51:09 | 00,298,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
[2006/02/28 11:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
File not found -- -- (CertPropSvc [Unknown | Running])
[2008/01/05 06:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/01/05 06:25:45 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2008/04/01 04:57:45 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe -- (Creative ALchemy AL1 Licensing Service [On_Demand | Stopped])
[2008/03/07 18:24:18 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService [Auto | Running])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008/01/19 03:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Stopped])
[2008/01/19 03:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
[2008/03/24 23:36:23 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2008/01/05 06:23:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Stopped])
[2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008/01/19 02:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008/01/05 06:23:05 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/09/04 19:31:22 | 00,180,224 | ---- | M] (NVIDIA) -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService [Auto | Running])
File not found -- -- (nvsvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/01/19 02:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2008/10/02 08:01:27 | 00,066,872 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2008/12/10 18:39:02 | 00,107,832 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
File not found -- -- (RichVideo [Auto | Stopped])
File not found -- -- (RpcSs [Unknown | Running])
[2008/01/19 02:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2009/02/06 08:50:09 | 00,316,664 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
[2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
[2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
[2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008/01/19 03:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
[2008/01/19 02:33:28 | 00,302,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008/01/19 03:12:01 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008/01/19 03:11:40 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008/01/19 03:10:01 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008/01/19 03:11:12 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008/02/12 20:20:40 | 00,018,488 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\aliide.sys -- (aliide [Disabled | Stopped])
[2008/01/19 03:09:34 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008/01/19 03:09:37 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (AvgLdx64 [System | Running])
File not found -- -- (AvgMfx64 [System | Running])
File not found -- -- (AvgRkx64 [Boot | Running])
File not found -- -- (AvgTdiA [System | Running])
[2006/09/18 16:30:15 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006/09/18 16:30:15 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2008/02/12 20:20:40 | 00,020,536 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\cmdide.sys -- (cmdide [Disabled | Stopped])
File not found -- -- (CT20XUT.DLL [On_Demand | Running])
File not found -- -- (ctaud2k [On_Demand | Running])
File not found -- -- (CTEXFIFX.DLL [On_Demand | Running])
File not found -- -- (CTHWIUT.DLL [On_Demand | Running])
File not found -- -- (ctprxy2k [On_Demand | Running])
File not found -- -- (ctsfm2k [On_Demand | Running])
[2008/01/05 06:22:47 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008/01/19 03:11:53 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
File not found -- -- (emupia [On_Demand | Running])
File not found -- -- (ha20x2k [On_Demand | Running])
File not found -- -- (hamachi [On_Demand | Running])
[2008/01/19 03:08:42 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2008/01/19 03:11:31 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
[2008/01/19 03:09:57 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008/01/19 03:09:48 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008/01/19 03:09:56 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008/01/19 03:08:18 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2007/10/13 06:53:27 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
[2006/10/13 22:04:34 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2007/09/04 19:26:38 | 00,039,968 | ---- | M] (NVidia Corp.) -- C:\Windows\nvoclk64.sys -- (NVR0Dev [On_Demand | Running])
[2008/01/19 03:10:12 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008/01/19 03:08:50 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
File not found -- -- (ossrv [On_Demand | Running])
File not found -- -- (pavboot [Boot | Running])
[2008/01/19 03:12:10 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (RTL8169 [On_Demand | Running])
[2008/05/21 05:15:31 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Stopped])
[2006/02/16 17:51:08 | 00,004,096 | R--- | M] (SuperAdBlocker, Inc.) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/05/21 05:15:31 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Stopped])
[2006/09/29 18:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008/01/19 03:09:28 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
File not found -- -- (sptd [Boot | Running])
[2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2005/03/30 11:12:38 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort [System | Stopped])
[2007/03/12 17:35:08 | 00,016,080 | ---- | M] (EnTech Taiwan) -- C:\Windows\SysWOW64\drivers\TVicPort64.sys -- (TVicPort64 [System | Running])
[2008/01/19 03:11:28 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006/11/02 06:51:19 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008/02/12 20:20:41 | 00,020,536 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\viaide.sys -- (viaide [Disabled | Stopped])
[2008/01/19 03:10:22 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.comcast.net?cid=NET_mmhpset
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2064403603-432442958-2557595029-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.comcast.net?cid=NET_mmhpset
"StartPageCache"=

[HKEY_USERS\S-1-5-21-2064403603-432442958-2557595029-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2064403603-432442958-2557595029-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files (x86)\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
{7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{A057A204-BACC-4D26-9990-79A187E2698E} (HKLM) -- C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

[HKEY_USERS\S-1-5-21-2064403603-432442958-2557595029-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}" (HKLM) -- C:\Program Files (x86)\AVG\AVG8\avgtoolbar.dll ([[[COMPANYNAME]]]----------------------------)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL (Microsoft Corporation)
"AVG8_TRAY"=C:\PROGRA~2\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
"CTHelper"=CTHELPER.EXE (Creative Technology Ltd)
"CTxfiHlp"=CTXFIHLP.EXE (Creative Technology Ltd)
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"ares"="D:\Program Files\Ares\Ares.exe" -h File not found
"DAEMON Tools"="C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"MsnMsgr"="C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" -silent (Valve Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Universal Installer"="C:\Program Files (x86)\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden (SupportSoft, Inc.)

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2064403603-432442958-2557595029-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (AOL LLC)
"ares"="D:\Program Files\Ares\Ares.exe" -h File not found
"DAEMON Tools"="C:\Program Files (x86)\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
"MsnMsgr"="C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
"NVIDIA nTune"="C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear (NVIDIA)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"Steam"="C:\Program Files (x86)\Steam\Steam.exe" -silent (Valve Corporation)
"SUPERAntiSpyware"=C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
"Universal Installer"="C:\Program Files (x86)\ComcastUI\Universal Installer\uinstaller.exe" /fromrun /starthidden (SupportSoft, Inc.)

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{0CCA191D-13A6-4E29-B746-314DEE697D83}: http://upload.facebook.com/controls/2008.1...toUploader5.cab -- Facebook Photo Uploader 5 Control
{1E54D648-B804-468d-BC78-4AFFED8E262E}: http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab -- System Requirements Lab Class
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{48DD0448-9209-4F81-9F6D-D83562940134}: http://lads.myspace.com/upload/MySpaceUploader1006.cab -- MySpace Uploader Control
{4F1E5B1A-2A80-42CA-8532-2D05CB959537}: http://gfx1.hotmail.com/mail/w2/resources/...NPUplden-us.cab -- MSN Photo Upload Tool
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab -- Shockwave Flash Object
{D6E7CFB5-C074-4D1C-B647-663D1A8D96BF}: http://upload.facebook.com/controls/Facebo...Uploader4_5.cab -- Facebook Photo Uploader 4

========== (O17) DNS Name Servers ==========

{B168FC3B-B0B1-499C-9316-0A9EF123E24F} (Servers: | Description: )
{C0DFA6C8-2630-40CE-AFE8-1FC6685BD776} (Servers: | Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL -- C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008/01/19 02:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008/01/19 02:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c336eac-7b65-11dc-ab33-001a4d5559da}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c336eac-7b65-11dc-ab33-001a4d5559da}\Shell\AutoRun\command]
""=E:\Setup.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/02/22 17:56:18 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTViewIt.exe
[2009/02/22 17:15:09 | 00,368,961 | ---- | C] () -- C:\Users\James\Desktop\dds.scr
[2009/02/21 08:58:44 | 00,811,008 | ---- | C] () -- C:\Users\James\Desktop\gmer.exe
[2009/02/21 08:58:34 | 00,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2009/02/21 08:58:34 | 00,811,008 | ---- | C] () -- C:\Windows\gmer.exe
[2009/02/21 08:58:34 | 00,085,969 | ---- | C] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/21 08:58:34 | 00,000,250 | ---- | C] () -- C:\Windows\gmer.ini
[2009/02/21 08:58:34 | 00,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/21 08:29:10 | 00,000,000 | ---D | C] -- C:\rsit
[2009/02/21 07:44:00 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/21 07:44:00 | 00,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Malwarebytes
[2009/02/21 07:43:59 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/21 07:43:57 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/21 07:43:56 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/02/21 07:43:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/02/21 07:40:54 | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\James\Desktop\RootkitRevealer.exe
[2009/02/21 07:40:54 | 00,102,160 | ---- | C] () -- C:\Users\James\Desktop\RootkitRevealer.chm
[2009/02/21 07:40:09 | 00,231,390 | ---- | C] () -- C:\Users\James\Desktop\RootkitRevealer.zip
[2009/02/19 20:52:39 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/02/15 17:38:46 | 00,001,734 | ---- | C] () -- C:\Users\James\Desktop\Left 4 Dead.lnk
[2009/02/10 19:12:54 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/02/10 19:12:53 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/02/10 19:12:52 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/02/10 19:12:51 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/02/10 19:12:51 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/02/10 19:12:50 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/02/10 19:12:49 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/02/10 19:12:48 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/02/10 19:12:48 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/02/08 15:39:51 | 02,659,236 | -H-- | C] () -- C:\Users\James\AppData\Local\IconCache.db
[2009/02/06 08:56:41 | 42,933,86240 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/06 08:51:25 | 00,001,689 | ---- | C] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/02/02 20:32:39 | 00,026,628 | ---- | C] () -- C:\Users\James\Desktop\bleeptydrawing.jpg
[2009/02/01 08:25:07 | 00,041,803 | ---- | C] () -- C:\Users\James\Desktop\n72103983_30669997_410.jpg

========== Files - Modified Within 30 Days ==========

[18 C:\Windows\System32\*.tmp files]
[2009/02/22 17:56:26 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTViewIt.exe
[2009/02/22 17:19:15 | 00,368,961 | ---- | M] () -- C:\Users\James\Desktop\dds.scr
[2009/02/22 17:06:32 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/02/22 17:06:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/02/22 17:06:16 | 42,933,86240 | -HS- | M] () -- C:\hiberfil.sys
[2009/02/22 15:06:41 | 02,659,236 | -H-- | M] () -- C:\Users\James\AppData\Local\IconCache.db
[2009/02/21 09:00:46 | 00,000,250 | ---- | M] () -- C:\Windows\gmer.ini
[2009/02/21 08:58:34 | 00,884,736 | ---- | M] () -- C:\Windows\gmer.dll
[2009/02/21 08:58:34 | 00,085,969 | ---- | M] (GMER) -- C:\Windows\System32\drivers\gmer.sys
[2009/02/21 08:58:34 | 00,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd
[2009/02/21 07:44:00 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/02/21 07:40:09 | 00,231,390 | ---- | M] () -- C:\Users\James\Desktop\RootkitRevealer.zip
[2009/02/15 17:38:46 | 00,001,734 | ---- | M] () -- C:\Users\James\Desktop\Left 4 Dead.lnk
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/02/06 08:51:25 | 00,001,689 | ---- | M] () -- C:\Users\Public\Desktop\AVG 8.0.lnk
[2009/02/04 07:38:37 | 00,163,328 | ---- | M] () -- C:\Users\James\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/02 20:32:40 | 00,026,628 | ---- | M] () -- C:\Users\James\Desktop\bleeptydrawing.jpg
[2009/02/01 08:23:17 | 00,041,803 | ---- | M] () -- C:\Users\James\Desktop\n72103983_30669997_410.jpg
< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Extras.txt


OTViewIt Extras logfile created on: 2/22/2009 5:58:34 PM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\James\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.48 Gb Available Physical Memory | 61.98% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.73 Gb Total Space | 53.85 Gb Free Space | 38.54% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MACHINE
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] -- C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 02:35:15 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (java script:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/02/06 08:51:10 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/01/19 12:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\MSN Messenger\msgrapp.8.1.0178.00.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/01/19 02:35:15 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009/01/15 01:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009/01/15 01:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}"=Visual C++ 8.0 Runtime Setup Package (x64)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}"=Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}"=Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{1246FF64-3035-4A92-8FE6-A968275495EB}"=Sony Vegas Pro 8.0
"{2C294A0B-DF22-4023-B168-8C7645B10019}"=Adobe Setup
"{3EF79591-BF16-4CF8-8FF0-D8AD968228B1}"=Aliens vs. Predator 2
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}"=Adobe After Effects CS3 Presets
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}"=Adobe Audition 3.0
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{54AE3C08-D7D8-45FF-9348-0B4BE0D5A6CB}"=Comcast Universal Installer v1.2
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}"=Windows Live Messenger
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}"=Ventrilo Client
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}"=Adobe After Effects CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{90850409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Word Viewer 2003
"{90AF0409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office PowerPoint Viewer 2003
"{9763E36A-08E9-4228-BBCE-12989A4EB1A8}"=QuickTime
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9DA735C0-3C3E-4CB3-BC26-BE95E768115F}"=Garmin City Navigator North America NT 2009 Update
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A7E07C2B-2220-4415-87E3-784D5814BC93}"=NVIDIA PhysX v8.09.04
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}"=Intel® Processor ID Utility
"{AC76BA86-7AD7-1033-7B44-A81200000003}"=Adobe Reader 8.1.2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}"=Apple Software Update
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}"=SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1"=Tortun 0.76
"ActiveScan 2.0"=Panda ActiveScan 2.0
"Adobe Audition 3.0"=Adobe Audition 3.0
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf"=Adobe After Effects CS3
"AIM_6"=AIM 6
"ALchemy X-Fi"=Creative ALchemy (X-Fi Edition)
"AudioCS"=Creative Audio Console
"AVG8Uninstall"=AVG 8.0
"AviSynth"=AviSynth 2.5
"BitLord"=BitLord 1.1
"CCleaner"=CCleaner (remove only)
"Console Launcher"=Creative Console Launcher
"Fraps"=Fraps (remove only)
"GameSpotDownloadManager"=GameSpot Download Manager
"GCFScape_is1"=GCFScape 1.6.6
"Half-Life Dedicated Server Update Tool"=Half-Life Dedicated Server Update Tool
"Hamachi"=Hamachi 1.0.2.1
"HijackThis"=HijackThis 2.0.2
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}"=NVIDIA nTune
"Insurgency"=Insurgency ( Remove only)
"KLiteCodecPack_is1"=K-Lite Codec Pack 3.8.5 Full
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"MemSet_is1"=MemSet 3.3
"OpenAL"=OpenAL
"particleIllusion 3.0"=particleIllusion 3.0
"PunkBusterSvc"=PunkBuster Services
"Steam App 205"=Source Dedicated Server
"Steam App 220"=Half-Life 2
"Steam App 320"=Half-Life 2: Deathmatch
"Steam App 380"=Half-Life 2: Episode One
"Steam App 440"=Team Fortress 2
"Steam App 500"=Left 4 Dead
"SWAT 4"=SWAT 4
"SystemRequirementsLab"=System Requirements Lab
"Videora iPod Converter"=Videora iPod Converter 3.07
"ViewpointMediaPlayer"=Viewpoint Media Player
"VLC media player"=VideoLAN VLC media player 0.8.6e
"Warhammer Online - Age of Reckoning"=Warhammer Online - Age of Reckoning
"Winamp"=Winamp
"WinRAR archiver"=WinRAR archiver
"X-Coopmod Beta 2.5"=X-Coopmod Beta 2.5

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2009 2:49:38 PM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x687a7805, process id 0x80c, application start time
0x01c97ac447ae4ec2.

Error - 1/27/2009 10:11:58 AM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6001.18000, time stamp
0x47918f11, faulting module Flash9f.ocx, version 9.0.124.0, time stamp 0x47e8643e,
exception code 0xc0000005, fault offset 0x0006b89f, process id 0x2f0, application
start time 0x01c97bbb1183443d.

Error - 1/31/2009 9:36:57 PM | Computer Name = machine | Source = EventSystem | ID = 4609
Description =

Error - 2/6/2009 9:41:38 AM | Computer Name = machine | Source = EventSystem | ID = 4609
Description =

Error - 2/6/2009 9:45:34 AM | Computer Name = machine | Source = EventSystem | ID = 4609
Description =

Error - 2/6/2009 9:55:17 AM | Computer Name = machine | Source = EventSystem | ID = 4609
Description =

Error - 2/21/2009 8:40:22 AM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application RootkitRevealer.exe, version 1.71.0.0, time stamp
0x44e255aa, faulting module RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa,
exception code 0xc0000005, fault offset 0x000040cd, process id 0x9ac, application
start time 0x01c994218e70da50.

Error - 2/21/2009 8:41:03 AM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application RootkitRevealer.exe, version 1.71.0.0, time stamp
0x44e255aa, faulting module RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa,
exception code 0xc0000005, fault offset 0x000040cd, process id 0x1128, application
start time 0x01c99421a7f8cd70.

Error - 2/21/2009 8:41:07 AM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application RootkitRevealer.exe, version 1.71.0.0, time stamp
0x44e255aa, faulting module RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa,
exception code 0xc0000005, fault offset 0x000040cd, process id 0xd6c, application
start time 0x01c99421aa9b1e70.

Error - 2/21/2009 8:41:23 AM | Computer Name = machine | Source = Application Error | ID = 1000
Description = Faulting application RootkitRevealer.exe, version 1.71.0.0, time stamp
0x44e255aa, faulting module RootkitRevealer.exe, version 1.71.0.0, time stamp 0x44e255aa,
exception code 0xc0000005, fault offset 0x000040cd, process id 0xae4, application
start time 0x01c99421b45cccb0.

[ System Events ]
Error - 2/21/2009 9:23:42 AM | Computer Name = machine | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 2/21/2009 9:23:48 AM | Computer Name = machine | Source = HTTP | ID = 15016
Description =

Error - 2/21/2009 9:25:26 AM | Computer Name = machine | Source = Service Control Manager | ID = 7000
Description =

Error - 2/21/2009 9:25:26 AM | Computer Name = machine | Source = Service Control Manager | ID = 7026
Description =

Error - 2/22/2009 6:05:59 PM | Computer Name = machine | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\TVicPort.sys has been blocked from
loading due to incompatibility with this system. Please contact your software vendor
for a compatible version of the driver.

Error - 2/22/2009 6:06:04 PM | Computer Name = machine | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 2/22/2009 6:06:04 PM | Computer Name = machine | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 2/22/2009 6:06:32 PM | Computer Name = machine | Source = HTTP | ID = 15016
Description =

Error - 2/22/2009 6:07:44 PM | Computer Name = machine | Source = Service Control Manager | ID = 7000
Description =

Error - 2/22/2009 6:07:44 PM | Computer Name = machine | Source = Service Control Manager | ID = 7026
Description =


< End of report >





Do you want a hijackthis log as well? I know that works for me.

Edited by bubbakush, 22 February 2009 - 06:16 PM.


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:23 AM

Posted 22 February 2009 - 09:16 PM

Hello again.

I said do not post it here.. Anyways, I should of been a bit more clear myself.

Two reports will open, copy and paste them in the HJT-Malware Removal forum:


The HJT-Malware Removal forum is located over here: http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Post this log over there and someone soon will take a look at your log. We are very busy so it may take up to a week or more/less. If you do not get a reply by 5 days post it over here letting us know: http://www.bleepingcomputer.com/forums/t/176012/post-in-this-thread-when-you-havent-received-an-answer-in-five-days/

Just a side note for you regarding 64bit machines: Many malware related tools cannot be run on a 64 bit vista machine but many malware have a tough time installing themselves on 64 bit machines as well because their driver cannot be loaded or installed. Usually rootkits are very hard to be installed on 64bit machines but I have seen services installed on them, but it can usually be removed.


Good luck :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:05:23 AM

Posted 27 February 2009 - 11:32 PM

Hello bubbakush,

Now that you have a log posted here: http://www.bleepingcomputer.com/forums/t/205717/rootkit-infection-possibly/ you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the HJT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users