Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hard to Remove Trojan


  • This topic is locked This topic is locked
23 replies to this topic

#1 gwntd

gwntd

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 27 March 2009 - 01:12 PM

My computer was recently infected heavily with Vundo.H and Virtumundo. I think it's the same difference, not too sure. I've usedspyware search & destroy , Malwarebytes and Avira so far to try and have removed most of it. A friend suggested to me to use Vundofix, but the program didn't help too much. Anyways now I'm left with one very hard to remove trojan, as far as I can tell it is the last one left. I've try deleting it several time manually, but no luck. It just restarts it self. And it's on a startup program, where i checked with CClearner. I hope someone can help me fix it. Oh one more thing, I can't automatically update any of my antispyware and antivirus programs, I've been doing it manually so far. Really annoying, lawl.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:05:41 PM, on 3/27/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 0.0.0.0:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [CPM019de83b] Rundll32.exe "c:\windows\system32\nemudodi.dll",a
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{DDD0648D-93A5-41FB-8EAF-925A24718BF0}: NameServer = 68.94.156.1,68.94.157.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6504 bytes

Attached Files


Edited by gwntd, 27 March 2009 - 01:15 PM.


BC AdBot (Login to Remove)

 


#2 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 03 April 2009 - 04:26 PM

I know i shouldn't bump my topic, but it's been 5 days since anyone has responded to me, and I've seen some other threads that are created after mines but got help faster.

This is a new Hijack this log, I think I got rid of the nemudodi.dll, however none of my anti viruses can't automatically update: Avira and malewarebytes. And I cant install spybot search and destroy.

Attached Files


Edited by gwntd, 03 April 2009 - 07:40 PM.


#3 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 04 April 2009 - 03:26 PM

Ok this time I've read through the entire guide, and I've got a DDS log and all that. Hopefully someone well help me now, I fine with being pushed back on the list, as long as i get some help.

Also my problem now is that none of my anti viruses can automatically update, they are blocked from reaching their update servers, and spybot search and destroy cannot install either. But I think I have all or most of my Vundo deleted.


DDS (Ver_09-03-16.01) - NTFSx86
Run by XD at 15:19:23.86 on Sat 04/04/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.520 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Microsoft Reader\MSReader.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\XD\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\xd\appdata\roaming\micros~1\windows\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {DDD0648D-93A5-41FB-8EAF-925A24718BF0} = 68.94.156.1,68.94.157.1
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\xd\appdata\roaming\mozilla\firefox\profiles\5gw4mdhd.default\
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070709.002\IDSvix86.sys [2007-7-10 212280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-1 108289]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-9-11 22784]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2007-9-11 31104]
S3 DBKDRVR54;DBKDRVR54;c:\program files\cheat engine\dbk32.sys [2009-2-8 36096]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2008-10-29 49377]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-23 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-2 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2006-12-14 40832]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-04-01 22:36 506,368 a------- c:\windows\system32\msxml.dll
2009-04-01 21:06 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-01 21:06 <DIR> --d----- c:\programdata\Avira
2009-04-01 21:06 <DIR> --d----- c:\program files\Avira
2009-04-01 21:06 <DIR> --d----- c:\progra~2\Avira
2009-03-30 16:24 <DIR> --d----- c:\users\xd\appdata\roaming\Desktopicon
2009-03-30 16:24 <DIR> --d----- c:\program files\Unlocker
2009-03-28 19:50 <DIR> --d----- C:\bunny
2009-03-28 19:33 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-03-28 19:33 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-03-27 19:11 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-03-27 19:11 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-03-26 16:47 <DIR> --d----- C:\Rooter$
2009-03-25 23:41 <DIR> --d----- C:\VundoFix Backups
2009-03-25 23:29 161,792 a------- c:\windows\SWREG.exe
2009-03-25 23:29 98,816 a------- c:\windows\sed.exe
2009-03-25 16:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-23 17:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-23 17:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 17:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 16:56 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-03-22 14:11 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-22 14:11 <DIR> --d----- c:\program files\Hamachi
2009-03-22 13:06 <DIR> --d----- c:\program files\PokerStars
2009-03-21 18:17 <DIR> --d----- c:\windows\osu!
2009-03-21 18:17 <DIR> --d----- c:\program files\osu!
2009-03-19 17:35 152,088 a------- C:\img2-001.raw
2009-03-15 19:36 2,048 a------- c:\windows\system32\tzres.dll
2009-03-15 19:20 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-15 19:20 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 19:20 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-15 19:20 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-15 19:20 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-15 19:20 11,264 a------- c:\windows\system32\icardres.dll
2009-03-15 19:20 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-15 19:20 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-15 19:12 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-15 19:12 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-15 19:12 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-15 19:12 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-15 19:11 83,968 a------- c:\windows\system32\mscories.dll
2009-03-15 19:03 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-03-15 19:03 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-15 19:02 268,288 a------- c:\windows\system32\schannel.dll
2009-03-15 19:00 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-15 19:00 2,927,104 a------- c:\windows\explorer.exe
2009-03-15 18:58 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-15 18:58 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-15 18:58 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-15 18:58 94,720 a------- c:\windows\system32\logagent.exe
2009-03-15 18:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-15 17:41 <DIR> --d----- c:\program files\common files\Tencent
2009-03-15 17:41 <DIR> --d----- c:\program files\Tencent
2009-03-15 17:36 268 a---h--- C:\sqmdata06.sqm
2009-03-15 17:36 244 a---h--- C:\sqmnoopt06.sqm
2009-03-15 12:47 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-03-15 12:46 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-03-15 12:46 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-03-15 12:46 68,888 a------- c:\windows\system32\xinput1_3.dll
2009-03-15 12:46 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-03-15 12:46 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-03-15 12:46 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-03-15 12:45 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-13 21:22 <DIR> --d----- c:\users\xd\appdata\roaming\Tencent

==================== Find3M ====================

2009-04-01 20:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-01 20:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-01 20:41 51,200 a------- c:\windows\inf\infpub.dat
2009-03-30 21:33 34 a------- c:\users\xd\jagex_runescape_preferences.dat
2009-03-20 16:53 77,384 a------- c:\windows\War3Unin.dat
2009-03-15 23:20 4,704 a------- c:\users\xd\appdata\roaming\wklnhst.dat
2009-02-23 18:35 882,232 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-08 19:55 47,360 a------- c:\users\xd\appdata\roaming\pcouffin.sys
2008-10-30 00:33 25,600 a------- c:\users\xd\usbsermptxp.sys
2008-10-30 00:33 22,768 a------- c:\users\xd\usbsermpt.sys
2008-08-21 12:50 174 a--sh--- c:\program files\desktop.ini
2008-08-21 12:36 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 10:55 87,608 a------- c:\users\xd\appdata\roaming\ezpinst.exe
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-07 00:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 15:21:42.60 ===============

Attached Files



#4 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:11:50 PM

Posted 05 April 2009 - 04:23 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#5 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 05 April 2009 - 12:20 PM

I was infected with Vundo in my original problem. But since then I think I have removed it all. The windows\system32\nemudodi.dll",a was very weird, every time i try deleting it, manually or through malewarebytes it would just reappear in the next scan. However, oddly enough when I ran Malewarebytes soem time later, it was deleted and didn't revive itself.

Now my problem is that Vundo might have done something to my system, or there is something else that is hidden. Cause none of my antivirus and antispyware programs can autoupdate themselves. And I can't install spyware search and destroy. I can't install Kapersky either, or update it.

I tried to winrar the attach file, but it fails upload.

DDS (Ver_09-03-16.01) - NTFSx86
Run by XD at 12:08:58.36 on Sun 04/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.499 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Registry Mechanic\regmech.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\XD\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\xd\appdata\roaming\micros~1\windows\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {DDD0648D-93A5-41FB-8EAF-925A24718BF0} = 68.94.156.1,68.94.157.1
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\xd\appdata\roaming\mozilla\firefox\profiles\5gw4mdhd.default\
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070709.002\IDSvix86.sys [2007-7-10 212280]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-9-11 22784]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2007-9-11 31104]
S3 DBKDRVR54;DBKDRVR54;c:\program files\cheat engine\dbk32.sys [2009-2-8 36096]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2008-10-29 49377]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-23 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-2 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2006-12-14 40832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-04-01 22:36 506,368 a------- c:\windows\system32\msxml.dll
2009-04-01 21:06 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-01 21:06 <DIR> --d----- c:\programdata\Avira
2009-04-01 21:06 <DIR> --d----- c:\program files\Avira
2009-04-01 21:06 <DIR> --d----- c:\progra~2\Avira
2009-03-30 16:24 <DIR> --d----- c:\users\xd\appdata\roaming\Desktopicon
2009-03-30 16:24 <DIR> --d----- c:\program files\Unlocker
2009-03-28 19:50 <DIR> --d----- C:\bunny
2009-03-28 19:33 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-03-28 19:33 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-03-27 19:11 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-03-27 19:11 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-03-26 16:47 <DIR> --d----- C:\Rooter$
2009-03-25 23:41 <DIR> --d----- C:\VundoFix Backups
2009-03-25 23:29 161,792 a------- c:\windows\SWREG.exe
2009-03-25 23:29 98,816 a------- c:\windows\sed.exe
2009-03-25 16:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-23 17:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-23 17:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 17:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 16:56 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-03-22 14:11 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-22 14:11 <DIR> --d----- c:\program files\Hamachi
2009-03-22 13:06 <DIR> --d----- c:\program files\PokerStars
2009-03-21 18:17 <DIR> --d----- c:\windows\osu!
2009-03-21 18:17 <DIR> --d----- c:\program files\osu!
2009-03-19 17:35 152,088 a------- C:\img2-001.raw
2009-03-15 19:36 2,048 a------- c:\windows\system32\tzres.dll
2009-03-15 19:20 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-15 19:20 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 19:20 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-15 19:20 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-15 19:20 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-15 19:20 11,264 a------- c:\windows\system32\icardres.dll
2009-03-15 19:20 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-15 19:20 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-15 19:12 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-15 19:12 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-15 19:12 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-15 19:12 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-15 19:11 83,968 a------- c:\windows\system32\mscories.dll
2009-03-15 19:03 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-03-15 19:03 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-15 19:02 268,288 a------- c:\windows\system32\schannel.dll
2009-03-15 19:00 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-15 19:00 2,927,104 a------- c:\windows\explorer.exe
2009-03-15 18:58 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-15 18:58 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-15 18:58 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-15 18:58 94,720 a------- c:\windows\system32\logagent.exe
2009-03-15 18:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-15 17:41 <DIR> --d----- c:\program files\common files\Tencent
2009-03-15 17:41 <DIR> --d----- c:\program files\Tencent
2009-03-15 17:36 268 a---h--- C:\sqmdata06.sqm
2009-03-15 17:36 244 a---h--- C:\sqmnoopt06.sqm
2009-03-15 12:47 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-03-15 12:46 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-03-15 12:46 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-03-15 12:46 68,888 a------- c:\windows\system32\xinput1_3.dll
2009-03-15 12:46 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-03-15 12:46 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-03-15 12:46 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-03-15 12:45 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-13 21:22 <DIR> --d----- c:\users\xd\appdata\roaming\Tencent

==================== Find3M ====================

2009-04-01 20:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-01 20:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-01 20:41 51,200 a------- c:\windows\inf\infpub.dat
2009-03-30 21:33 34 a------- c:\users\xd\jagex_runescape_preferences.dat
2009-03-20 16:53 77,384 a------- c:\windows\War3Unin.dat
2009-03-15 23:20 4,704 a------- c:\users\xd\appdata\roaming\wklnhst.dat
2009-02-23 18:35 882,232 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-08 19:55 47,360 a------- c:\users\xd\appdata\roaming\pcouffin.sys
2008-10-30 00:33 25,600 a------- c:\users\xd\usbsermptxp.sys
2008-10-30 00:33 22,768 a------- c:\users\xd\usbsermpt.sys
2008-08-21 12:50 174 a--sh--- c:\program files\desktop.ini
2008-08-21 12:36 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 10:55 87,608 a------- c:\users\xd\appdata\roaming\ezpinst.exe
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-07 00:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 12:11:27.75 ===============

Attached Files



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:50 PM

Posted 05 April 2009 - 03:35 PM

Hello, gwntd
We Need to Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

If this tool helped you, please consider a donation to it's author: Posted Image

How to run ComboFix:
  • Please download ComboFix from one of the following mirrors, and save it to your desktop.
  • Disable any running Anti-Virus or Anti-Malware programs. This includes Firewalls, Anti-Virus, Spyware Scanners, etc. Any or all of them may interfere with the running of ComboFix.
  • Double click Posted Image on your desktop.
  • Read and accept (Press Yes) to the disclaimer.
  • For Windows XP Systems: Install the Recovery Console:
    • If you are using Windows XP and do not already have the Recovery Console installed, please ensure your internet connection is active (if possible), and press Yes. If for some reason your internet is not working, please press No. If you are not using Windows XP, you will not be prompted.
    • When prompted to accept the EULA, press OK.
    • Accept Microsoft's EULA (Press Yes).
    • When you are told that the RC is installed correctly, please press YES to continue scanning for malware.
  • ComboFix will run. Simply wait for it to finish.
  • When it finishes, ComboFix will produce a log. Please post that log in your next reply here :thumbup2:
NOTE: If ComboFix will not run, please rename it to GlobRemover.exe and try again!

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#7 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 05 April 2009 - 07:34 PM

I really wanna thank you for helping me with this. Here is the log you requested.

ComboFix 09-04-04.01 - XD 2009-04-05 19:23:10.7 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.455 [GMT -5:00]
Running from: c:\users\XD\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-05 19:18 . 2009-04-05 19:18 <DIR> d-------- C:\bunny
2009-04-01 22:36 . 2004-08-04 07:00 506,368 --a------ c:\windows\System32\msxml.dll
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\users\All Users\Avira
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\programdata\Avira
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\program files\Avira
2009-04-01 21:06 . 2009-02-13 11:31 55,640 --a------ c:\windows\System32\drivers\avgntflt.sys
2009-03-30 16:24 . 2009-03-30 16:24 <DIR> d-------- c:\users\XD\AppData\Roaming\Desktopicon
2009-03-30 16:24 . 2009-03-30 16:33 <DIR> d-------- c:\program files\Unlocker
2009-03-28 19:33 . 2009-04-01 21:15 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2009-03-28 19:33 . 2009-04-01 21:15 <DIR> d-------- c:\programdata\Kaspersky Lab
2009-03-27 19:11 . 2009-03-27 19:11 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-03-27 19:11 . 2009-03-27 19:11 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-03-26 16:47 . 2009-03-26 16:49 <DIR> d-------- C:\Rooter$
2009-03-25 16:13 . 2009-03-25 16:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-23 17:05 . 2009-03-23 17:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 17:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-23 17:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-23 16:56 . 2009-03-23 16:56 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-03-22 14:11 . 2009-03-22 14:13 <DIR> d-------- c:\program files\Hamachi
2009-03-22 14:11 . 2009-03-22 14:11 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-22 13:06 . 2009-03-22 13:11 <DIR> d-------- c:\program files\PokerStars
2009-03-21 18:17 . 2009-03-21 18:17 <DIR> d-------- c:\windows\osu!
2009-03-21 18:17 . 2009-03-31 16:34 <DIR> d-------- c:\program files\osu!
2009-03-19 17:35 . 2009-03-19 17:35 152,088 --a------ C:\img2-001.raw
2009-03-15 19:36 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-03-15 19:20 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-15 19:20 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-15 19:20 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-15 19:20 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 19:20 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-15 19:20 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-15 19:20 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-15 19:20 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-15 19:12 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-15 19:12 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-15 19:12 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-15 19:12 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-15 19:11 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-15 19:03 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-03-15 19:03 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-03-15 19:02 . 2008-11-26 23:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-15 19:00 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2009-03-15 19:00 . 2009-02-08 22:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-15 18:58 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-03-15 18:58 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-03-15 18:58 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-03-15 18:58 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-03-15 18:58 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-03-15 17:41 . 2009-03-15 17:41 <DIR> d-------- c:\program files\Tencent
2009-03-15 17:41 . 2009-03-15 17:41 <DIR> d-------- c:\program files\Common Files\Tencent
2009-03-15 17:36 . 2009-03-15 17:36 268 --ah----- C:\sqmdata06.sqm
2009-03-15 17:36 . 2009-03-15 17:36 244 --ah----- C:\sqmnoopt06.sqm
2009-03-15 12:47 . 2009-03-15 17:36 <DIR> d-------- c:\program files\Microsoft LifeCam
2009-03-15 12:46 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-03-15 12:46 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll
2009-03-15 12:46 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll
2009-03-15 12:46 . 2006-09-28 16:04 68,888 --a------ c:\windows\System32\xinput1_3.dll
2009-03-15 12:46 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll
2009-03-15 12:46 . 2006-09-28 16:03 15,128 --a------ c:\windows\System32\x3daudio1_1.dll
2009-03-15 12:45 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-03-13 21:22 . 2009-03-15 18:06 <DIR> d-------- c:\users\XD\AppData\Roaming\Tencent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-04-06 00:15 --------- d-----w c:\program files\Warcraft III
2009-04-05 18:28 --------- d---a-w c:\programdata\TEMP
2009-04-05 03:39 --------- d-----w c:\program files\Starcraft
2009-04-03 05:53 --------- d-----w c:\users\XD\AppData\Roaming\uTorrent
2009-04-02 00:09 --------- d-----w c:\program files\WinAVI MP4 Converter
2009-03-31 03:41 --------- d-----w c:\users\XD\AppData\Roaming\OpenOffice.org2
2009-03-31 02:33 34 ----a-w c:\users\XD\jagex_runescape_preferences.dat
2009-03-29 01:00 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-29 00:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 00:23 --------- d-----w c:\programdata\Lavasoft
2009-03-28 00:23 --------- d-----w c:\program files\Lavasoft
2009-03-27 05:01 --------- d-----w c:\program files\Java
2009-03-27 04:59 --------- d-----w c:\program files\Pando Networks
2009-03-27 04:58 --------- d-----w c:\program files\Common Files\Common Share
2009-03-25 23:00 --------- d-----w c:\program files\Unity
2009-03-25 22:57 --------- d-----w c:\program files\Magic Video Converter
2009-03-25 22:54 --------- d-----w c:\program files\AutoIt3
2009-03-25 22:52 --------- d-----w c:\program files\AbiSuite2
2009-03-25 21:14 --------- d-----w c:\users\XD\AppData\Roaming\Hamachi
2009-03-16 04:20 4,704 ----a-w c:\users\XD\AppData\Roaming\wklnhst.dat
2009-03-16 00:47 --------- d-----w c:\programdata\Microsoft Help
2009-03-01 05:37 --------- d-----w c:\users\XD\AppData\Roaming\Vso
2009-02-23 23:35 882,232 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-02-18 05:33 --------- d-----w c:\programdata\Google Updater
2009-02-09 05:48 --------- d-----w c:\program files\Cheat Engine
2009-02-07 04:57 --------- d-----w c:\program files\MP3Gain
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-11-09 00:55 47,360 ----a-w c:\users\XD\AppData\Roaming\pcouffin.sys
2008-10-30 05:33 25,600 ----a-w c:\users\XD\usbsermptxp.sys
2008-10-30 05:33 22,768 ----a-w c:\users\XD\usbsermpt.sys
2008-08-21 17:50 174 --sha-w c:\program files\desktop.ini
2008-03-19 15:55 87,608 ----a-w c:\users\XD\AppData\Roaming\ezpinst.exe
2008-12-07 05:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120620081207\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-06 147456]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-08-03 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-06 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 c:\windows\RtHDVCpl.exe]

c:\users\XD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2007-07-19 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\H:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 10:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
--a------ 2006-12-06 14:38 81920 c:\program files\HP\DVDPlay\DPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2006-09-28 08:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 16:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 23:55 13580832 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 23:55 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C47BE193-D343-4655-BB24-4C30EC396559}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6B83F0A2-4BA0-4822-B48C-C8D5417BB439}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{929E58CA-2EEA-4FC9-9DEB-6F292734440C}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{659BBD96-EE0D-4A48-86E0-7C0E9976C412}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F69BAB91-AC17-454C-A321-C77643233868}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{06E840A2-C1F7-4ED0-B552-F701B66ECC72}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{45E9DE34-0322-4CA0-9130-6C27DBCA6832}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{2C0AB7D0-B166-40C8-8A51-52F3C7C51C0E}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{542654E3-6EA8-4977-AC7A-0DF96ACEF212}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{ED887C25-94D6-4DCD-82D2-A1B7DD57D696}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1DB75B89-65D7-4B55-B521-10D62F5F232A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8CB5755E-85D3-429B-8159-75ADD0E3FEB2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E0ACFD0B-88B9-49D1-A5F9-6E3071EBA458}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C0E9B8B4-4F1C-433C-96C5-779C8174E2AB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7728A916-0379-4171-94EE-4E3262F856C1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D734496-55DC-487C-94BE-CE72BDFBF8A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{55A6A74A-409E-4ACC-9621-F7969184F985}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FCD9F63F-331B-4984-BFEC-F0737F6C0C37}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{00E20195-6095-457D-A464-21A0ADBDA0F5}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"TCP Query User{158004C6-F01E-4385-A5B0-326F8F6E5E45}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8B0B5759-93CE-4517-84D5-2C67771B04FA}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{31E7349D-6C4B-4F3F-A474-11AA84AF6EA2}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{F945BA4D-804E-4E28-A16B-6AF9D19B4B62}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{3B65DAFF-CA7F-4DC4-A15B-09534F54F358}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{8842A0E6-3E9C-4744-9C87-409E4059A0F3}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{38C15F7D-86C7-4A57-88F8-4B51007729AE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{894B6C8C-4FCA-45B5-A01B-406D0D25ABC3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{091FFCF3-036E-41E3-8999-9BB24AD9D272}"= Disabled:UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{10EC4C14-2F5F-4ABE-B9F9-97878826BCE2}"= Disabled:TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{B419F0D0-6AEF-455A-918C-87D1826EF0AC}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{431B09BE-D34B-4678-9919-B1A31E03F67E}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{1BD41FED-1DAB-43A4-9E8F-DE3AC7D4F496}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B27D934B-7DAB-48F4-A678-C98DD085177D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8A5C54E5-9E3E-40E6-98EA-790572784100}c:\\users\\xd\\desktop\\lc\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\lc\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{832C5712-C1D7-4DA2-A19F-59B05BC4F06C}c:\\users\\xd\\desktop\\lc\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\lc\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{E6CE1248-7B32-4E74-863C-DBBDF046A1EF}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{8A755DEA-4A29-48A1-A19F-39E0BDCF932E}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"2cc82207-bdd9-4350-9427-95c29f297da5"= %ProgramFiles%\OGPlanet\RumbleFighter\rumblefighter.exe:Rumble fighter
"3b687343-c6d0-4296-8744-9f88c1b61664"= %ProgramFiles%\OGPlanet\RumbleFighter\gemdumploader.exe:RF
"{674002FC-334B-438A-958C-0DE44AF1C179}"= UDP:c:\program files\Garena\Garena.exe:Garena
"{45BBF763-DE40-47F8-B0A9-698627A4D1A9}"= TCP:c:\program files\Garena\Garena.exe:Garena
"{84C067C8-D686-4C48-B63D-011492324C83}"= TCP:1513:1513
"{29DD3234-466D-44BA-BA53-5C69FB59B5C4}"= UDP:c:\program files\OGPlanet\RumbleFighter\gemdumploader.exe:gemdumploader
"{12363E61-E752-4A34-A1D9-92719E7FD34C}"= TCP:c:\program files\OGPlanet\RumbleFighter\gemdumploader.exe:gemdumploader
"TCP Query User{E9B5ADD7-7DA1-4A37-9679-CBAD6FA94AB8}c:\\program files\\steam\\steamapps\\gwntd\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\gwntd\counter-strike source\hl2.exe:hl2
"UDP Query User{596B010E-F36A-4447-8ACC-1D938BB450D5}c:\\program files\\steam\\steamapps\\gwntd\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\gwntd\counter-strike source\hl2.exe:hl2
"{AA2DF614-FEB6-4B96-8C92-D8510E27EDC1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{311B0277-89F7-41AE-88A0-1E4F15AFD3F4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B800BCCE-389E-461B-85CB-F790882A86DD}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{9D0BC567-3043-43A3-86F1-F67CCCF65234}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{28E3FC70-B573-4510-82F9-D1570937A1E4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"23f1599b-c662-464e-82a7-90d25b1e437f"= %ProgramFiles%\Electronic Arts\SPORE\Sporebin\SporeApp.exe:spore inbound block
"{5D541060-CB32-4515-AAD8-19E94135A0A2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{383472D6-56E9-4BD2-9DFA-5339DFE77CB9}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{6F5F9F9C-1149-4AC4-9F49-DEE562B0C35D}c:\\users\\xd\\desktop\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{16209892-B3F2-42F5-8E3A-81549B27B5EB}c:\\users\\xd\\desktop\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{98BBFBE1-531C-4D9B-8266-FFDF56BCF058}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{DED8F1DF-DC9F-43F2-875C-4DD7FC316A6E}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{6B26A0BD-26FE-43DF-A7DD-6BE94AD4E1E2}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{0DC1A733-0B13-4870-A330-26833E5727B0}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{36740296-62E8-47DA-9741-35A3A3D49130}c:\\users\\xd\\desktop\\pokemon_world_online_9021\\pokemon game.exe"= UDP:c:\users\xd\desktop\pokemon_world_online_9021\pokemon game.exe:Pokemon Game
"UDP Query User{FC4E157F-BE7A-4BE4-B83C-2C333F136998}c:\\users\\xd\\desktop\\pokemon_world_online_9021\\pokemon game.exe"= TCP:c:\users\xd\desktop\pokemon_world_online_9021\pokemon game.exe:Pokemon Game
"{424931C1-DA14-4F37-B111-E00AA0EE63D2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2AF5236D-1A19-4ADB-AA3D-CB3043E55A32}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{630EB547-94DA-44DA-AA7F-8FE971B9E66A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4CE23E13-9C61-4716-9DDF-6F3FCDFA4FC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C715D3CA-6BBA-40B1-9C28-D8EA8E5667F1}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{C7C3CB01-6114-4408-BA30-3C9D9648E375}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{6B34339F-166D-4CA7-9F06-02785D53DD64}c:\\program files\\netgame\\ghost\\game.exe"= UDP:c:\program files\netgame\ghost\game.exe:Game
"UDP Query User{CCB160E9-E583-460F-8B95-6467C4482C1C}c:\\program files\\netgame\\ghost\\game.exe"= TCP:c:\program files\netgame\ghost\game.exe:Game
"{801F780F-7F90-4038-8311-A1B39EE853BA}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{29CD25AF-3FA2-4F90-BAB6-000062320331}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{0E841596-DFFD-4090-BB5A-E9C43D60D88B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{729E53B1-6A51-4C34-B7EA-0945DA3BCC27}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{562575E0-A45D-4600-9185-543726796D70}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{CCA02F0D-C279-4198-9A79-3F7DE3CFF34D}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{6CBC6AFD-D882-4E16-9D53-61BB96349BB6}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{4E539C5F-D23F-41EE-8366-E1019733B105}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{AF2C69D8-E530-46BB-A482-06AC7D17DFE0}"= UDP:c:\windows\explorer.exe:Explorer
"{C0D510F1-A61B-441F-A3AF-FF39397E2B32}"= UDP:c:\windows\explorer.exe:Explorer
"{69E4F09D-8984-4374-A705-E34C1385C5BB}"= TCP:c:\windows\explorer.exe:Explorer
"{1099AE29-115D-437B-AC00-AAF1125D6AA8}"= TCP:c:\windows\explorer.exe:Explorer
"{7BE60036-969A-406B-B0A2-0A0FE3F2D8C9}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{A55502B7-9773-4171-A538-3F45C879A1ED}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{71B19928-801F-4316-918C-F44E4DFA712F}"= UDP:c:\windows\explorer.exe:Explorer
"{07C89D2F-74D6-483B-8D92-E9BCD611C57E}"= TCP:c:\windows\explorer.exe:Explorer
"{E7C2DE28-17E9-4E3D-9127-2428930E6972}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{6B05A4CB-E914-4979-970C-596922207945}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{50CB6CAB-F0BC-42C6-B22C-C56EA852AFC4}"= TCP:c:\windows\System32\spoolsv.exe:spoolsv
"{5C644FBF-C09D-4650-BBB1-0780D917005E}"= TCP:c:\windows\System32\spoolsv.exe:spoolsv
"{496249A3-55C7-47BB-B212-B5F720F42EB8}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{4DD80B55-64FF-4D1A-BE0E-0A5294C09F0F}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{B5CF540B-EE45-4743-A90D-90CD581A5732}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{DF321BF0-7262-4CC3-BD1E-DBA03B305DC1}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{E17904DB-C90F-4F01-A0D4-D8A1E58D9541}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{3F0C429D-5E12-4495-94F4-D4A9CB8CA09F}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{ADD7D23C-BCD4-4323-8C86-3E9D085EA1D7}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{6E392DF5-B124-4DB6-BC96-8A3AD2210CFB}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{46B52C88-DC59-48A4-92E7-34CED594E387}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C959C214-C071-4D0A-8D00-BBB467A7722E}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{FE496DCB-648F-4D33-912A-FE0A0E83B379}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{9E840503-3686-4ED7-8D93-D3E1B409D8F9}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"6599aa4b-8b96-4ae5-ba46-8033a5356b43"= %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe:Malwwarebytes allow
"954b5183-6ae6-42fe-bc5d-24313769bf1d"= %ProgramFiles%\Hamachi\hamachi.exe:Hamachi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"Game.exe"= Game.exe:*:Enabled:GostSoul

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070709.002\IDSvix86.sys [2007-07-10 212280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [2007-09-11 22784]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\System32\drivers\CYUSB.sys [2007-09-11 31104]
S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [2009-02-08 36096]
S3 mamotou;mamotou;c:\windows\System32\drivers\mamotou.sys [2008-10-29 49377]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-23 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [2006-12-14 40832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c82cb52-b4ac-11dc-aff2-001921d30077}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943c5d7f-46da-11dd-baaf-001921d30077}]
\shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Customize Menu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
TCP: {DDD0648D-93A5-41FB-8EAF-925A24718BF0} = 68.94.156.1,68.94.157.1
FF - ProfilePath - c:\users\XD\AppData\Roaming\Mozilla\Firefox\Profiles\5gw4mdhd.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
.
------- File Associations -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 19:27:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000004E54C0FFFD55C5D004 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
Completion time: 2009-04-05 19:31:41
ComboFix-quarantined-files.txt 2009-04-06 00:31:34
ComboFix2.txt 2009-03-29 00:59:56

Pre-Run: 31,720,857,600 bytes free
Post-Run: 31,691,554,816 bytes free

344 --- E O F --- 2009-03-16 00:48:05

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:50 PM

Posted 05 April 2009 - 09:43 PM

Hello, gwntd
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
I recomend you remove either Kaspersky, Avira, Symantec.

Unless otherwise listed below, you can remove these AV programs from Add/Remove Programs.

Instructions for removing Norton can be found here: Symantec's Norton Removal Tool website

You appear to have a Registry Cleaner installed!
The following is referring to RegistryMechanic
Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:
  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.
This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.

We need to re-run ComboFix with some additonal directives.
  • Please disable any running anti-virus programs.

    If you are unsure how to do this, see this topic: http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:
    registry::
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00
    DDS::
    TCP: {DDD0648D-93A5-41FB-8EAF-925A24718BF0} = 68.94.156.1,68.94.157.1
  • Save this as CFScript.txt, in the same location as ComboFix.exe
  • Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at "C:\ComboFix.txt". Please copy and paste that report here.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Also, please let me know how things are running in your next reply.

In your next reply, please include the following:
  • ComboFix.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 06 April 2009 - 11:55 AM

I'm just running Avira now. I performed the task with combofix but Avira still can't autoupdate. Here is the new combofix log.

ComboFix 09-04-04.01 - XD 2009-04-06 11:42:17.8 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.531 [GMT -5:00]
Running from: c:\users\XD\Desktop\ComboFix.exe
Command switches used :: c:\users\XD\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-01 22:36 . 2004-08-04 07:00 506,368 --a------ c:\windows\System32\msxml.dll
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\users\All Users\Avira
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\programdata\Avira
2009-04-01 21:06 . 2009-04-01 21:06 <DIR> d-------- c:\program files\Avira
2009-04-01 21:06 . 2009-02-13 11:31 55,640 --a------ c:\windows\System32\drivers\avgntflt.sys
2009-03-30 16:24 . 2009-03-30 16:24 <DIR> d-------- c:\users\XD\AppData\Roaming\Desktopicon
2009-03-30 16:24 . 2009-03-30 16:33 <DIR> d-------- c:\program files\Unlocker
2009-03-28 19:33 . 2009-04-01 21:15 <DIR> d-------- c:\users\All Users\Kaspersky Lab
2009-03-28 19:33 . 2009-04-01 21:15 <DIR> d-------- c:\programdata\Kaspersky Lab
2009-03-27 19:11 . 2009-03-27 19:11 <DIR> d-------- c:\users\All Users\Kaspersky Lab Setup Files
2009-03-27 19:11 . 2009-03-27 19:11 <DIR> d-------- c:\programdata\Kaspersky Lab Setup Files
2009-03-26 16:47 . 2009-03-26 16:49 <DIR> d-------- C:\Rooter$
2009-03-25 16:13 . 2009-03-25 16:13 <DIR> d-------- c:\program files\Trend Micro
2009-03-23 17:05 . 2009-03-23 17:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 17:05 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-23 17:05 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-23 16:56 . 2009-03-23 16:56 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-03-22 14:11 . 2009-03-22 14:13 <DIR> d-------- c:\program files\Hamachi
2009-03-22 14:11 . 2009-03-22 14:11 25,280 --a------ c:\windows\System32\drivers\hamachi.sys
2009-03-22 13:06 . 2009-03-22 13:11 <DIR> d-------- c:\program files\PokerStars
2009-03-21 18:17 . 2009-03-21 18:17 <DIR> d-------- c:\windows\osu!
2009-03-21 18:17 . 2009-03-31 16:34 <DIR> d-------- c:\program files\osu!
2009-03-19 17:35 . 2009-03-19 17:35 152,088 --a------ C:\img2-001.raw
2009-03-15 19:36 . 2008-10-21 20:22 2,048 --a------ c:\windows\System32\tzres.dll
2009-03-15 19:20 . 2008-06-19 20:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-03-15 19:20 . 2008-06-19 20:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-03-15 19:20 . 2008-06-19 20:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-03-15 19:20 . 2008-06-19 20:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 19:20 . 2008-06-19 20:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-03-15 19:20 . 2008-06-19 20:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-03-15 19:20 . 2008-06-19 20:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-03-15 19:20 . 2008-06-19 20:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-03-15 19:12 . 2008-07-27 13:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-03-15 19:12 . 2008-07-27 13:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-03-15 19:12 . 2008-07-27 13:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-03-15 19:12 . 2008-07-27 13:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-03-15 19:11 . 2008-07-27 13:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-03-15 19:03 . 2008-10-21 00:25 296,960 --a------ c:\windows\System32\gdi32.dll
2009-03-15 19:03 . 2008-08-26 20:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2009-03-15 19:02 . 2008-11-26 23:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-15 19:00 . 2008-10-29 01:29 2,927,104 --a------ c:\windows\explorer.exe
2009-03-15 19:00 . 2009-02-08 22:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-15 18:58 . 2008-06-22 20:59 2,868,736 --a------ c:\windows\System32\mf.dll
2009-03-15 18:58 . 2008-09-09 22:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2009-03-15 18:58 . 2008-06-22 20:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll
2009-03-15 18:58 . 2008-08-11 22:39 443,392 --a------ c:\windows\System32\win32spl.dll
2009-03-15 18:58 . 2008-06-22 20:58 94,720 --a------ c:\windows\System32\logagent.exe
2009-03-15 17:41 . 2009-03-15 17:41 <DIR> d-------- c:\program files\Tencent
2009-03-15 17:41 . 2009-03-15 17:41 <DIR> d-------- c:\program files\Common Files\Tencent
2009-03-15 17:36 . 2009-03-15 17:36 268 --ah----- C:\sqmdata06.sqm
2009-03-15 17:36 . 2009-03-15 17:36 244 --ah----- C:\sqmnoopt06.sqm
2009-03-15 12:47 . 2009-03-15 17:36 <DIR> d-------- c:\program files\Microsoft LifeCam
2009-03-15 12:46 . 2006-09-28 16:05 2,414,360 --a------ c:\windows\System32\d3dx9_31.dll
2009-03-15 12:46 . 2006-09-28 16:05 237,848 --a------ c:\windows\System32\xactengine2_4.dll
2009-03-15 12:46 . 2006-07-28 09:30 236,824 --a------ c:\windows\System32\xactengine2_3.dll
2009-03-15 12:46 . 2006-09-28 16:04 68,888 --a------ c:\windows\System32\xinput1_3.dll
2009-03-15 12:46 . 2006-07-28 09:30 62,744 --a------ c:\windows\System32\xinput1_2.dll
2009-03-15 12:46 . 2006-09-28 16:03 15,128 --a------ c:\windows\System32\x3daudio1_1.dll
2009-03-15 12:45 . 2005-05-26 15:34 2,297,552 --a------ c:\windows\System32\d3dx9_26.dll
2009-03-13 21:22 . 2009-03-15 18:06 <DIR> d-------- c:\users\XD\AppData\Roaming\Tencent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-06 13:39 --------- d---a-w c:\programdata\TEMP
2009-04-06 03:45 --------- d-----w c:\program files\Warcraft III
2009-04-05 03:39 --------- d-----w c:\program files\Starcraft
2009-04-03 05:53 --------- d-----w c:\users\XD\AppData\Roaming\uTorrent
2009-04-02 00:09 --------- d-----w c:\program files\WinAVI MP4 Converter
2009-03-31 03:41 --------- d-----w c:\users\XD\AppData\Roaming\OpenOffice.org2
2009-03-31 02:33 34 ----a-w c:\users\XD\jagex_runescape_preferences.dat
2009-03-29 01:00 --------- d-----w c:\programdata\Spybot - Search & Destroy
2009-03-29 00:32 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-28 00:23 --------- d-----w c:\programdata\Lavasoft
2009-03-28 00:23 --------- d-----w c:\program files\Lavasoft
2009-03-27 05:01 --------- d-----w c:\program files\Java
2009-03-27 04:59 --------- d-----w c:\program files\Pando Networks
2009-03-27 04:58 --------- d-----w c:\program files\Common Files\Common Share
2009-03-25 23:00 --------- d-----w c:\program files\Unity
2009-03-25 22:57 --------- d-----w c:\program files\Magic Video Converter
2009-03-25 22:54 --------- d-----w c:\program files\AutoIt3
2009-03-25 22:52 --------- d-----w c:\program files\AbiSuite2
2009-03-25 21:14 --------- d-----w c:\users\XD\AppData\Roaming\Hamachi
2009-03-16 04:20 4,704 ----a-w c:\users\XD\AppData\Roaming\wklnhst.dat
2009-03-16 00:47 --------- d-----w c:\programdata\Microsoft Help
2009-03-01 05:37 --------- d-----w c:\users\XD\AppData\Roaming\Vso
2009-02-23 23:35 882,232 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-02-18 05:33 --------- d-----w c:\programdata\Google Updater
2009-02-09 05:48 --------- d-----w c:\program files\Cheat Engine
2009-02-07 04:57 --------- d-----w c:\program files\MP3Gain
2009-01-15 06:11 827,392 ----a-w c:\windows\System32\wininet.dll
2008-11-09 00:55 47,360 ----a-w c:\users\XD\AppData\Roaming\pcouffin.sys
2008-10-30 05:33 25,600 ----a-w c:\users\XD\usbsermptxp.sys
2008-10-30 05:33 22,768 ----a-w c:\users\XD\usbsermpt.sys
2008-08-21 17:50 174 --sha-w c:\program files\desktop.ini
2008-03-19 15:55 87,608 ----a-w c:\users\XD\AppData\Roaming\ezpinst.exe
2008-12-07 05:48 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008120620081207\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-04-05_19.28.54.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-05 18:28:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-06 13:38:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-05 18:28:17 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-04-06 13:38:36 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-04-05 18:30:01 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-06 13:40:33 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-04-06 13:40:33 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2009-04-05 18:29:56 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-06 13:40:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-04-06 13:40:27 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RMTray.exe" [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2006-11-20 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-06 147456]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 271936]
"DeathAdder"="c:\program files\Razer\DeathAdder\razerhid.exe" [2007-08-03 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-06 131072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-01 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 c:\windows\RtHDVCpl.exe]

c:\users\XD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2007-07-19 238080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Compaq Connections.lnk]
backup=c:\windows\pss\Compaq Connections.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-08-06 10:21 50472 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DPService]
--a------ 2006-12-06 14:38 81920 c:\program files\HP\DVDPlay\DPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-17 02:11 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 2006-09-28 08:42 65536 c:\hp\support\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2007-05-17 16:45 279912 c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2008-09-17 23:55 13580832 c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2008-09-17 23:55 92704 c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2009-03-05 16:07 2260480 c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C47BE193-D343-4655-BB24-4C30EC396559}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6B83F0A2-4BA0-4822-B48C-C8D5417BB439}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{929E58CA-2EEA-4FC9-9DEB-6F292734440C}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{659BBD96-EE0D-4A48-86E0-7C0E9976C412}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F69BAB91-AC17-454C-A321-C77643233868}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{06E840A2-C1F7-4ED0-B552-F701B66ECC72}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{45E9DE34-0322-4CA0-9130-6C27DBCA6832}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{2C0AB7D0-B166-40C8-8A51-52F3C7C51C0E}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{542654E3-6EA8-4977-AC7A-0DF96ACEF212}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{ED887C25-94D6-4DCD-82D2-A1B7DD57D696}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1DB75B89-65D7-4B55-B521-10D62F5F232A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{8CB5755E-85D3-429B-8159-75ADD0E3FEB2}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E0ACFD0B-88B9-49D1-A5F9-6E3071EBA458}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C0E9B8B4-4F1C-433C-96C5-779C8174E2AB}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7728A916-0379-4171-94EE-4E3262F856C1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2D734496-55DC-487C-94BE-CE72BDFBF8A5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{55A6A74A-409E-4ACC-9621-F7969184F985}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FCD9F63F-331B-4984-BFEC-F0737F6C0C37}"= UDP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{00E20195-6095-457D-A464-21A0ADBDA0F5}"= TCP:c:\program files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"TCP Query User{158004C6-F01E-4385-A5B0-326F8F6E5E45}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{8B0B5759-93CE-4517-84D5-2C67771B04FA}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{31E7349D-6C4B-4F3F-A474-11AA84AF6EA2}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{F945BA4D-804E-4E28-A16B-6AF9D19B4B62}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{3B65DAFF-CA7F-4DC4-A15B-09534F54F358}"= UDP:c:\program files\Steam\Steam.exe:Steam Client
"{8842A0E6-3E9C-4744-9C87-409E4059A0F3}"= TCP:c:\program files\Steam\Steam.exe:Steam Client
"{38C15F7D-86C7-4A57-88F8-4B51007729AE}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{894B6C8C-4FCA-45B5-A01B-406D0D25ABC3}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{091FFCF3-036E-41E3-8999-9BB24AD9D272}"= Disabled:UDP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{10EC4C14-2F5F-4ABE-B9F9-97878826BCE2}"= Disabled:TCP:c:\program files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"TCP Query User{B419F0D0-6AEF-455A-918C-87D1826EF0AC}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{431B09BE-D34B-4678-9919-B1A31E03F67E}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{1BD41FED-1DAB-43A4-9E8F-DE3AC7D4F496}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC
"UDP Query User{B27D934B-7DAB-48F4-A678-C98DD085177D}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC
"TCP Query User{8A5C54E5-9E3E-40E6-98EA-790572784100}c:\\users\\xd\\desktop\\lc\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\lc\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{832C5712-C1D7-4DA2-A19F-59B05BC4F06C}c:\\users\\xd\\desktop\\lc\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\lc\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{E6CE1248-7B32-4E74-863C-DBBDF046A1EF}c:\\program files\\valve\\hl.exe"= UDP:c:\program files\valve\hl.exe:Half-Life Launcher
"UDP Query User{8A755DEA-4A29-48A1-A19F-39E0BDCF932E}c:\\program files\\valve\\hl.exe"= TCP:c:\program files\valve\hl.exe:Half-Life Launcher
"2cc82207-bdd9-4350-9427-95c29f297da5"= %ProgramFiles%\OGPlanet\RumbleFighter\rumblefighter.exe:Rumble fighter
"3b687343-c6d0-4296-8744-9f88c1b61664"= %ProgramFiles%\OGPlanet\RumbleFighter\gemdumploader.exe:RF
"{674002FC-334B-438A-958C-0DE44AF1C179}"= UDP:c:\program files\Garena\Garena.exe:Garena
"{45BBF763-DE40-47F8-B0A9-698627A4D1A9}"= TCP:c:\program files\Garena\Garena.exe:Garena
"{84C067C8-D686-4C48-B63D-011492324C83}"= TCP:1513:1513
"{29DD3234-466D-44BA-BA53-5C69FB59B5C4}"= UDP:c:\program files\OGPlanet\RumbleFighter\gemdumploader.exe:gemdumploader
"{12363E61-E752-4A34-A1D9-92719E7FD34C}"= TCP:c:\program files\OGPlanet\RumbleFighter\gemdumploader.exe:gemdumploader
"TCP Query User{E9B5ADD7-7DA1-4A37-9679-CBAD6FA94AB8}c:\\program files\\steam\\steamapps\\gwntd\\counter-strike source\\hl2.exe"= UDP:c:\program files\steam\steamapps\gwntd\counter-strike source\hl2.exe:hl2
"UDP Query User{596B010E-F36A-4447-8ACC-1D938BB450D5}c:\\program files\\steam\\steamapps\\gwntd\\counter-strike source\\hl2.exe"= TCP:c:\program files\steam\steamapps\gwntd\counter-strike source\hl2.exe:hl2
"{AA2DF614-FEB6-4B96-8C92-D8510E27EDC1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{311B0277-89F7-41AE-88A0-1E4F15AFD3F4}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{B800BCCE-389E-461B-85CB-F790882A86DD}"= UDP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{9D0BC567-3043-43A3-86F1-F67CCCF65234}"= TCP:c:\program files\FrostWire\FrostWire.exe:FrostWire
"{28E3FC70-B573-4510-82F9-D1570937A1E4}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"23f1599b-c662-464e-82a7-90d25b1e437f"= %ProgramFiles%\Electronic Arts\SPORE\Sporebin\SporeApp.exe:spore inbound block
"{5D541060-CB32-4515-AAD8-19E94135A0A2}"= UDP:c:\program files\DNA\btdna.exe:DNA
"{383472D6-56E9-4BD2-9DFA-5339DFE77CB9}"= TCP:c:\program files\DNA\btdna.exe:DNA
"TCP Query User{6F5F9F9C-1149-4AC4-9F49-DEE562B0C35D}c:\\users\\xd\\desktop\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{16209892-B3F2-42F5-8E3A-81549B27B5EB}c:\\users\\xd\\desktop\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{98BBFBE1-531C-4D9B-8266-FFDF56BCF058}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{DED8F1DF-DC9F-43F2-875C-4DD7FC316A6E}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"TCP Query User{6B26A0BD-26FE-43DF-A7DD-6BE94AD4E1E2}c:\\program files\\starcraft\\starcraft.exe"= UDP:c:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{0DC1A733-0B13-4870-A330-26833E5727B0}c:\\program files\\starcraft\\starcraft.exe"= TCP:c:\program files\starcraft\starcraft.exe:StarCraft
"TCP Query User{36740296-62E8-47DA-9741-35A3A3D49130}c:\\users\\xd\\desktop\\pokemon_world_online_9021\\pokemon game.exe"= UDP:c:\users\xd\desktop\pokemon_world_online_9021\pokemon game.exe:Pokemon Game
"UDP Query User{FC4E157F-BE7A-4BE4-B83C-2C333F136998}c:\\users\\xd\\desktop\\pokemon_world_online_9021\\pokemon game.exe"= TCP:c:\users\xd\desktop\pokemon_world_online_9021\pokemon game.exe:Pokemon Game
"{424931C1-DA14-4F37-B111-E00AA0EE63D2}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2AF5236D-1A19-4ADB-AA3D-CB3043E55A32}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{630EB547-94DA-44DA-AA7F-8FE971B9E66A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4CE23E13-9C61-4716-9DDF-6F3FCDFA4FC2}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{C715D3CA-6BBA-40B1-9C28-D8EA8E5667F1}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{C7C3CB01-6114-4408-BA30-3C9D9648E375}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{6B34339F-166D-4CA7-9F06-02785D53DD64}c:\\program files\\netgame\\ghost\\game.exe"= UDP:c:\program files\netgame\ghost\game.exe:Game
"UDP Query User{CCB160E9-E583-460F-8B95-6467C4482C1C}c:\\program files\\netgame\\ghost\\game.exe"= TCP:c:\program files\netgame\ghost\game.exe:Game
"{801F780F-7F90-4038-8311-A1B39EE853BA}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{29CD25AF-3FA2-4F90-BAB6-000062320331}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{0E841596-DFFD-4090-BB5A-E9C43D60D88B}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{729E53B1-6A51-4C34-B7EA-0945DA3BCC27}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{562575E0-A45D-4600-9185-543726796D70}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{CCA02F0D-C279-4198-9A79-3F7DE3CFF34D}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{6CBC6AFD-D882-4E16-9D53-61BB96349BB6}c:\\program files\\warcraft iii\\war3.exe"= UDP:c:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{4E539C5F-D23F-41EE-8366-E1019733B105}c:\\program files\\warcraft iii\\war3.exe"= TCP:c:\program files\warcraft iii\war3.exe:Warcraft III
"{AF2C69D8-E530-46BB-A482-06AC7D17DFE0}"= UDP:c:\windows\explorer.exe:Explorer
"{C0D510F1-A61B-441F-A3AF-FF39397E2B32}"= UDP:c:\windows\explorer.exe:Explorer
"{69E4F09D-8984-4374-A705-E34C1385C5BB}"= TCP:c:\windows\explorer.exe:Explorer
"{1099AE29-115D-437B-AC00-AAF1125D6AA8}"= TCP:c:\windows\explorer.exe:Explorer
"{7BE60036-969A-406B-B0A2-0A0FE3F2D8C9}"= UDP:c:\windows\System32\LogonUI.exe:LogonUI
"{A55502B7-9773-4171-A538-3F45C879A1ED}"= TCP:c:\windows\System32\LogonUI.exe:LogonUI
"{71B19928-801F-4316-918C-F44E4DFA712F}"= UDP:c:\windows\explorer.exe:Explorer
"{07C89D2F-74D6-483B-8D92-E9BCD611C57E}"= TCP:c:\windows\explorer.exe:Explorer
"{E7C2DE28-17E9-4E3D-9127-2428930E6972}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{6B05A4CB-E914-4979-970C-596922207945}"= UDP:c:\windows\System32\spoolsv.exe:spoolsv
"{50CB6CAB-F0BC-42C6-B22C-C56EA852AFC4}"= TCP:c:\windows\System32\spoolsv.exe:spoolsv
"{5C644FBF-C09D-4650-BBB1-0780D917005E}"= TCP:c:\windows\System32\spoolsv.exe:spoolsv
"{496249A3-55C7-47BB-B212-B5F720F42EB8}"= UDP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{4DD80B55-64FF-4D1A-BE0E-0A5294C09F0F}"= TCP:c:\windows\System32\SearchIndexer.exe:SearchIndexer
"{B5CF540B-EE45-4743-A90D-90CD581A5732}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{DF321BF0-7262-4CC3-BD1E-DBA03B305DC1}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{E17904DB-C90F-4F01-A0D4-D8A1E58D9541}"= UDP:c:\windows\System32\winlogon.exe:winlogon
"{3F0C429D-5E12-4495-94F4-D4A9CB8CA09F}"= TCP:c:\windows\System32\winlogon.exe:winlogon
"{ADD7D23C-BCD4-4323-8C86-3E9D085EA1D7}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{6E392DF5-B124-4DB6-BC96-8A3AD2210CFB}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"TCP Query User{46B52C88-DC59-48A4-92E7-34CED594E387}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{C959C214-C071-4D0A-8D00-BBB467A7722E}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"TCP Query User{FE496DCB-648F-4D33-912A-FE0A0E83B379}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= UDP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"UDP Query User{9E840503-3686-4ED7-8D93-D3E1B409D8F9}c:\\users\\xd\\desktop\\listchecker\\pickup.listchecker.exe"= TCP:c:\users\xd\desktop\listchecker\pickup.listchecker.exe:pickup.listchecker
"6599aa4b-8b96-4ae5-ba46-8033a5356b43"= %ProgramFiles%\Malwarebytes' Anti-Malware\mbam.exe:Malwwarebytes allow
"954b5183-6ae6-42fe-bc5d-24313769bf1d"= %ProgramFiles%\Hamachi\hamachi.exe:Hamachi

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"Game.exe"= Game.exe:*:Enabled:GostSoul

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20070709.002\IDSvix86.sys [2007-07-10 212280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-04-01 108289]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\System32\drivers\dadder.sys [2007-09-11 22784]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\System32\drivers\CYUSB.sys [2007-09-11 31104]
S3 DBKDRVR54;DBKDRVR54;c:\program files\Cheat Engine\dbk32.sys [2009-02-08 36096]
S3 mamotou;mamotou;c:\windows\System32\drivers\mamotou.sys [2008-10-29 49377]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [2009-03-23 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [2007-04-02 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [2007-01-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [2006-12-14 40832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\System32\drivers\npf.sys [2007-11-06 34064]

--- Other Services/Drivers In Memory ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c82cb52-b4ac-11dc-aff2-001921d30077}]
\shell\AutoRun\command - G:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{943c5d7f-46da-11dd-baaf-001921d30077}]
\shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
IE: Customize Menu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
FF - ProfilePath - c:\users\XD\AppData\Roaming\Mozilla\Firefox\Profiles\5gw4mdhd.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-06 11:46:14
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3368)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
.
Completion time: 2009-04-06 11:49:34
ComboFix-quarantined-files.txt 2009-04-06 16:49:26
ComboFix2.txt 2009-04-06 00:31:42
ComboFix3.txt 2009-03-29 00:59:56

Pre-Run: 31,529,971,712 bytes free
Post-Run: 31,496,556,544 bytes free

354 --- E O F --- 2009-03-16 00:48:05

#10 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:50 PM

Posted 06 April 2009 - 08:12 PM

Hello, gwntd
We Need to Repair Your Internet Connection
  • Please download WinsockXPFix from a working machine and copy it to a CD or flash media.
  • Copy the file to the desktop on the non working machine.
  • Double Click on Posted Image on your desktop.
  • Push the Posted Image button.
  • Allow your system to reboot.
Please let me know if your connection is restored in your next reply

In your next reply, please include the following:
  • A new DDS.txt

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#11 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 07 April 2009 - 11:06 PM

Heres my dds log, there nothing wrong with my internet, it's just that none of the antiviruses can update automatically, nor can I install Spybot search and Destroy anymore.


DDS (Ver_09-03-16.01) - NTFSx86
Run by XD at 23:02:01.93 on Tue 04/07/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_07
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.392 [GMT -5:00]


============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Razer\DeathAdder\razerhid.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
C:\Program Files\Razer\DeathAdder\razertra.exe
C:\Program Files\Razer\DeathAdder\razerofa.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Registry Mechanic\regmech.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\update.exe
C:\Users\XD\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = 0.0.0.0:80
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hewlett-packard\smart web printing\hpswp_framework.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
uRun: [RegistryMechanic] c:\program files\registry mechanic\RMTray.exe /H
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe
mRun: [DeathAdder] c:\program files\razer\deathadder\razerhid.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\users\xd\appdata\roaming\micros~1\windows\startm~1\programs\startup\my_aut~1.lnk - c:\program files\warkeys\autowarkey\autohotkey\AutoHotkey.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms
IE: RoboForm Toolbar
IE: Save Forms
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\npjpi160_07.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hewlett-packard\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\xd\appdata\roaming\mozilla\firefox\profiles\5gw4mdhd.default\
FF - plugin: c:\program files\google\google updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20070709.002\IDSvix86.sys [2007-7-10 212280]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-1 108289]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-9-11 22784]
S3 CyUsb;Cypress Generic USB Driver;c:\windows\system32\drivers\CYUSB.sys [2007-9-11 31104]
S3 DBKDRVR54;DBKDRVR54;c:\program files\cheat engine\dbk32.sys [2009-2-8 36096]
S3 mamotou;mamotou;c:\windows\system32\drivers\mamotou.sys [2008-10-29 49377]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-23 38496]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2007-4-2 17920]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2007-1-23 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2006-12-14 40832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

============== File Associations ===============

txtfile=c:\windows\notepad.exe %1

=============== Created Last 30 ================

2009-04-06 11:40 <DIR> --d----- C:\ComboFix
2009-04-05 19:21 161,792 a------- c:\windows\SWREG.exe
2009-04-05 19:21 98,816 a------- c:\windows\sed.exe
2009-04-01 22:36 506,368 a------- c:\windows\system32\msxml.dll
2009-04-01 21:06 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-04-01 21:06 <DIR> --d----- c:\programdata\Avira
2009-04-01 21:06 <DIR> --d----- c:\program files\Avira
2009-04-01 21:06 <DIR> --d----- c:\progra~2\Avira
2009-03-30 16:24 <DIR> --d----- c:\users\xd\appdata\roaming\Desktopicon
2009-03-30 16:24 <DIR> --d----- c:\program files\Unlocker
2009-03-28 19:33 <DIR> --d----- c:\programdata\Kaspersky Lab
2009-03-28 19:33 <DIR> --d----- c:\progra~2\Kaspersky Lab
2009-03-27 19:11 <DIR> --d----- c:\programdata\Kaspersky Lab Setup Files
2009-03-27 19:11 <DIR> --d----- c:\progra~2\Kaspersky Lab Setup Files
2009-03-26 16:47 <DIR> --d----- C:\Rooter$
2009-03-25 16:13 <DIR> --d----- c:\program files\Trend Micro
2009-03-23 17:05 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-23 17:05 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-23 17:05 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-23 16:56 2,560 a------- c:\windows\_MSRSTRT.EXE
2009-03-22 14:11 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-03-22 14:11 <DIR> --d----- c:\program files\Hamachi
2009-03-22 13:06 <DIR> --d----- c:\program files\PokerStars
2009-03-21 18:17 <DIR> --d----- c:\windows\osu!
2009-03-21 18:17 <DIR> --d----- c:\program files\osu!
2009-03-19 17:35 152,088 a------- C:\img2-001.raw
2009-03-15 19:36 2,048 a------- c:\windows\system32\tzres.dll
2009-03-15 19:20 97,800 a------- c:\windows\system32\infocardapi.dll
2009-03-15 19:20 105,016 a------- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-03-15 19:20 622,080 a------- c:\windows\system32\icardagt.exe
2009-03-15 19:20 43,544 a------- c:\windows\system32\PresentationHostProxy.dll
2009-03-15 19:20 37,384 a------- c:\windows\system32\infocardcpl.cpl
2009-03-15 19:20 11,264 a------- c:\windows\system32\icardres.dll
2009-03-15 19:20 781,344 a------- c:\windows\system32\PresentationNative_v0300.dll
2009-03-15 19:20 326,160 a------- c:\windows\system32\PresentationHost.exe
2009-03-15 19:12 96,760 a------- c:\windows\system32\dfshim.dll
2009-03-15 19:12 282,112 a------- c:\windows\system32\mscoree.dll
2009-03-15 19:12 41,984 a------- c:\windows\system32\netfxperf.dll
2009-03-15 19:12 158,720 a------- c:\windows\system32\mscorier.dll
2009-03-15 19:11 83,968 a------- c:\windows\system32\mscories.dll
2009-03-15 19:03 212,480 a------- c:\windows\system32\drivers\mrxsmb10.sys
2009-03-15 19:03 296,960 a------- c:\windows\system32\gdi32.dll
2009-03-15 19:02 268,288 a------- c:\windows\system32\schannel.dll
2009-03-15 19:00 2,033,152 a------- c:\windows\system32\win32k.sys
2009-03-15 19:00 2,927,104 a------- c:\windows\explorer.exe
2009-03-15 18:58 443,392 a------- c:\windows\system32\win32spl.dll
2009-03-15 18:58 2,868,736 a------- c:\windows\system32\mf.dll
2009-03-15 18:58 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-03-15 18:58 94,720 a------- c:\windows\system32\logagent.exe
2009-03-15 18:58 1,334,272 a------- c:\windows\system32\msxml6.dll
2009-03-15 17:41 <DIR> --d----- c:\program files\common files\Tencent
2009-03-15 17:41 <DIR> --d----- c:\program files\Tencent
2009-03-15 17:36 268 a---h--- C:\sqmdata06.sqm
2009-03-15 17:36 244 a---h--- C:\sqmnoopt06.sqm
2009-03-15 12:47 <DIR> --d----- c:\program files\Microsoft LifeCam
2009-03-15 12:46 2,414,360 a------- c:\windows\system32\d3dx9_31.dll
2009-03-15 12:46 237,848 a------- c:\windows\system32\xactengine2_4.dll
2009-03-15 12:46 68,888 a------- c:\windows\system32\xinput1_3.dll
2009-03-15 12:46 15,128 a------- c:\windows\system32\x3daudio1_1.dll
2009-03-15 12:46 236,824 a------- c:\windows\system32\xactengine2_3.dll
2009-03-15 12:46 62,744 a------- c:\windows\system32\xinput1_2.dll
2009-03-15 12:45 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2009-03-13 21:22 <DIR> --d----- c:\users\xd\appdata\roaming\Tencent

==================== Find3M ====================

2009-04-07 20:49 4,832 a------- c:\users\xd\appdata\roaming\wklnhst.dat
2009-04-07 11:58 34 a------- c:\users\xd\jagex_runescape_preferences.dat
2009-04-01 20:41 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-01 20:41 86,016 a------- c:\windows\inf\infstor.dat
2009-04-01 20:41 51,200 a------- c:\windows\inf\infpub.dat
2009-03-20 16:53 77,384 a------- c:\windows\War3Unin.dat
2009-02-23 18:35 882,232 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-15 01:11 827,392 a------- c:\windows\system32\wininet.dll
2008-11-08 19:55 47,360 a------- c:\users\xd\appdata\roaming\pcouffin.sys
2008-10-30 00:33 25,600 a------- c:\users\xd\usbsermptxp.sys
2008-10-30 00:33 22,768 a------- c:\users\xd\usbsermpt.sys
2008-08-21 12:50 174 a--sh--- c:\program files\desktop.ini
2008-08-21 12:36 665,600 a------- c:\windows\inf\drvindex.dat
2008-03-19 10:55 87,608 a------- c:\users\xd\appdata\roaming\ezpinst.exe
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 07:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 07:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-07 00:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008120620081207\index.dat

============= FINISH: 23:04:39.88 ===============

#12 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:50 PM

Posted 08 April 2009 - 11:31 PM

Hello, gwntd

Heres my dds log, there nothing wrong with my internet, it's just that none of the antiviruses can update automatically, nor can I install Spybot search and Destroy anymore.

I understand that. WinsockXPFix restores much more than just internet function. Often it can repair those kind of issues. Did running that tool help or did you not run it?

When your AntiVirus fails to update, what error does it return?

What error message does Spybot throw when you attempt to install it?

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#13 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 10 April 2009 - 11:49 AM

The WinSocket tool came across an error at the end "Runtime Error '53' File not found" I'm don't know if it's compatible with Vista or not though. So it didn't fix the updating issue.

When Avira trys to update itself, a message comes across on the updater . " An error occurred during the file download."

When Spybot trys to install, I get this message on the file download part, "Error sending request" "A connection with the server could not be established"

Edited by gwntd, 10 April 2009 - 11:49 AM.


#14 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:50 PM

Posted 10 April 2009 - 02:23 PM

Hello, gwntd
Ah.. Sorry about that :thumbup2:

Please go to start -> and type in cmd.

Go up in the start menu, right click on cmd.exe, and select "Run as Administrator".

Then type in the following:
netsh winsock reset

Press enter.

Then reboot.

Also please reset your hosts file:

We need to repair your Hosts file
  • Download HostsXpert.zip
  • Extract (unzip) HostsXpert.zip to a a permanent folder on your hard drive such as C:\HostsXpert
  • Double-click HostsXpert.exe to run the program.
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click "Restore Microsoft's Hosts file" and then click "OK".
  • Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

If that does not help, please post an OTListIt2 log:

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTListIt.txt (If it's not fixed yet)
  • Extra.txt (If it's not fixed yet)

Billy3

Edited by Billy O'Neal, 10 April 2009 - 02:23 PM.

Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#15 gwntd

gwntd
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:50 PM

Posted 11 April 2009 - 10:54 AM

I have the scan logs, my antiviruses still can't update.
thxs billy

Otlist

OTListIt logfile created on: 4/11/2009 10:49:36 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Users\XD\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.64 Mb Total Physical Memory | 443.75 Mb Available Physical Memory | 43.39% Memory free
2.25 Gb Paging File | 1.56 Gb Available in Paging File | 69.43% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.96 Gb Total Space | 22.74 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive D: | 7.09 Gb Total Space | 0.31 Gb Free Space | 4.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XD-PC
Current User Name: XD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe
PRC - [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Explorer.EXE
PRC - [2006/11/20 06:34:52 | 00,155,648 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2007/10/25 05:52:08 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/19 12:33:01 | 00,271,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2007/08/03 10:47:26 | 00,159,744 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razerhid.exe
PRC - [2008/05/01 23:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/08/29 11:32:21 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/07/19 09:05:22 | 00,238,080 | ---- | M] () -- C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe
PRC - [2006/11/24 15:24:16 | 00,143,360 | ---- | M] () -- C:\Program Files\Razer\DeathAdder\razertra.exe
PRC - [2007/05/07 15:35:14 | 00,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\DeathAdder\razerofa.exe
PRC - [2008/07/08 16:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\regmech.exe
PRC - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\unsecapp.exe
PRC - [2008/01/19 02:33:39 | 00,245,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\wbem\wmiprvse.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2009/01/30 10:33:40 | 00,469,761 | ---- | M] (Avira GmbH) -- C:\program files\avira\antivir desktop\avcenter.exe
PRC - [2009/03/27 21:09:52 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 10:37:09 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Users\XD\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/05 16:17:24 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/03/02 12:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/08/29 11:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/27 13:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - File not found -- -- (CLTNetCnService [Auto | Stopped])
SRV - [2008/05/26 12:59:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/06/19 20:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/20 00:29:06 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
SRV - [2007/03/11 22:24:50 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/03/11 23:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2004/10/22 06:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/06/19 20:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2006/12/14 20:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- c:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Disabled | Stopped])
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc [Auto | Running])
SRV - [2007/12/03 14:21:24 | 00,869,672 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Disabled | Stopped])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZinw12.dll -- (Net Driver HPZ12 [On_Demand | Stopped])
SRV - [2008/06/19 20:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/12/13 19:10:56 | 00,447,784 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2008/09/17 23:55:00 | 00,196,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\nvvsvc.exe -- (nvsvc [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\Windows\system32\HPZipm12.dll -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2006/11/01 22:18:32 | 00,887,544 | ---- | M] (Sonic Solutions) -- c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2007/11/06 15:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/08/17 21:27:15 | 00,087,288 | ---- | M] (Valve Corporation) -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
SRV - [2006/11/01 14:58:02 | 00,078,752 | R--- | M] (MicroVision Development, Inc.) -- c:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [Disabled | Stopped])
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2008/01/19 02:33:39 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Running])
SRV - [2007/10/18 07:37:04 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.exe -- (XAudioService [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx [Disabled | Stopped])
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m [Disabled | Stopped])
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320 [Disabled | Stopped])
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas [Disabled | Stopped])
DRV - [2009/02/13 11:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/02/13 11:31:26 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\Windows\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/02/13 14:22:54 | 00,095,576 | ---- | M] (Avira GmbH) -- C:\Windows\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo [On_Demand | Stopped])
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp [On_Demand | Stopped])
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm [Disabled | Stopped])
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer [On_Demand | Stopped])
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide [Disabled | Stopped])
DRV - [2005/03/03 19:47:42 | 00,031,104 | ---- | M] (Cypress Semiconductor) -- C:\Windows\System32\Drivers\CyUsb.sys -- (CyUsb [On_Demand | Stopped])
DRV - [2007/08/02 17:32:26 | 00,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\system32\drivers\dadder.sys -- (DAdderFltr [On_Demand | Running])
DRV - [2009/01/27 19:43:54 | 00,036,096 | ---- | M] () -- C:\Program Files\Cheat Engine\dbk32.sys -- (DBKDRVR54 [On_Demand | Stopped])
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\E1G60I32.sys -- (E1G60 [On_Demand | Stopped])
DRV - [2007/08/07 14:48:33 | 00,025,160 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [System | Running])
DRV - [2007/02/15 19:56:49 | 00,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\Windows\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor [Disabled | Stopped])
DRV - [2008/04/17 14:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\Windows\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/22 14:11:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\system32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Running])
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs [Disabled | Stopped])
DRV - [2008/05/08 05:03:18 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2008/05/08 05:05:18 | 00,266,752 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSXHWBS2.sys -- (HSXHWBS2 [On_Demand | Running])
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV [Disabled | Stopped])
DRV - [2007/05/30 16:53:21 | 00,212,280 | ---- | M] (Symantec Corporation) -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070709.002\IDSvix86.sys -- (IDSvix86 [System | Running])
DRV - [2007/03/06 11:24:06 | 01,666,048 | ---- | M] (Intel Corporation) -- C:\Windows\system32\DRIVERS\igdkmd32.sys -- (igfx [On_Demand | Stopped])
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp [Disabled | Stopped])
DRV - [2007/10/25 06:26:10 | 02,015,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi [Disabled | Stopped])
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid [Disabled | Stopped])
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
DRV - [2007/02/02 16:57:16 | 00,049,377 | ---- | M] (Mobile Action Technology Inc.) -- C:\Windows\system32\DRIVERS\mamotou.sys -- (mamotou [On_Demand | Stopped])
DRV - [2007/01/16 11:44:46 | 00,011,986 | ---- | M] (Mobile Action Technology Inc.) -- C:\Windows\system32\DRIVERS\MaVc2K.sys -- (MaVctrl [Auto | Running])
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas [Disabled | Stopped])
DRV - [2007/04/02 22:13:46 | 00,017,920 | ---- | M] (Motorola) -- C:\Windows\system32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2007/01/23 20:03:44 | 00,007,680 | ---- | M] (Motorola) -- C:\Windows\system32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2006/12/14 11:27:18 | 00,040,832 | ---- | M] (Motorola Inc) -- C:\Windows\system32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/04/02 22:13:46 | 00,021,632 | ---- | M] (Motorola) -- C:\Windows\system32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x [Disabled | Stopped])
DRV - [2007/01/19 12:53:42 | 00,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2007/01/19 12:53:43 | 00,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960 [Disabled | Stopped])
DRV - [2007/11/06 15:22:06 | 00,034,064 | ---- | M] (CACE Technologies) -- C:\Windows\system32\drivers\npf.sys -- (NPF [On_Demand | Stopped])
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi [Disabled | Stopped])
DRV - [2008/09/17 23:55:00 | 07,379,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid [Disabled | Stopped])
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor [Disabled | Stopped])
DRV - [2008/03/19 10:14:44 | 00,047,360 | ---- | M] (VSO Software) -- C:\Windows\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2005/12/12 11:27:00 | 00,019,072 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\DRIVERS\PS2.sys -- (Ps2 [On_Demand | Running])
DRV - [2007/03/07 18:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300 [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx [Disabled | Stopped])
DRV - [2008/06/10 10:54:36 | 00,123,904 | ---- | M] (Realtek Corporation ) -- C:\Windows\system32\DRIVERS\Rtlh86.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/01/20 02:07:58 | 00,033,292 | ---- | M] (PowerISO Computing, Inc.) -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv [Auto | Running])
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2 [Disabled | Stopped])
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
DRV - [2008/06/30 14:26:16 | 00,717,296 | ---- | M] () -- C:\Windows\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/02/13 11:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\Windows\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2008/01/19 01:14:10 | 00,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx [Disabled | Stopped])
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi [Disabled | Stopped])
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3 [Disabled | Stopped])
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci [Disabled | Stopped])
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata [Disabled | Stopped])
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
DRV - [2008/01/19 00:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide [Disabled | Stopped])
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid [Disabled | Stopped])
DRV - [2007/04/10 16:46:48 | 01,966,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\DRIVERS\VX3000.sys -- (VX3000 [On_Demand | Stopped])
DRV - [2008/05/08 05:04:16 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\HSX_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2007/10/18 07:36:54 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\system32\DRIVERS\xaudio.sys -- (XAudio [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\S-1-5-21-989894868-678703554-3328094974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-989894868-678703554-3328094974-1000\S-1-5-21-989894868-678703554-3328094974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {761a54f1-8ccf-4112-9e48-dbf72adf6244}:1.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/15 19:26:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/03 00:34:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/27 21:09:54 | 00,000,000 | ---D | M]

[2008/08/27 19:51:12 | 00,000,000 | ---D | M] -- C:\Users\XD\AppData\Roaming\mozilla\Extensions
[2008/08/27 19:51:12 | 00,000,000 | ---D | M] -- C:\Users\XD\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/10 10:55:43 | 00,000,000 | ---D | M] -- C:\Users\XD\AppData\Roaming\mozilla\Firefox\Profiles\5gw4mdhd.default\extensions
[2008/06/18 23:10:01 | 00,000,000 | ---D | M] -- C:\Users\XD\AppData\Roaming\mozilla\Firefox\Profiles\5gw4mdhd.default\extensions\{761a54f1-8ccf-4112-9e48-dbf72adf6244}
[2009/03/22 10:13:15 | 00,000,000 | ---D | M] -- C:\Users\XD\AppData\Roaming\mozilla\Firefox\Profiles\5gw4mdhd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/06/30 14:29:42 | 00,002,921 | ---- | M] () -- C:\Users\XD\AppData\Roaming\Mozilla\FireFox\Profiles\5gw4mdhd.default\searchplugins\daemon-search.xml
[2009/04/10 10:55:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/27 21:09:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/05/13 08:29:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/11/03 17:32:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/08/04 10:05:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/27 21:09:52 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/27 21:09:52 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/11/14 15:05:49 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/11/14 15:05:49 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/14 15:05:49 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/14 15:05:49 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/11/14 15:05:49 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/11/14 15:05:49 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/11/14 15:05:49 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (698 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-989894868-678703554-3328094974-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (Google Inc.)
O3 - HKU\S-1-5-21-989894868-678703554-3328094974-1000\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" ()
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-989894868-678703554-3328094974-1000..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe /H (PC Tools)
O4 - HKU\S-1-5-21-989894868-678703554-3328094974-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-989894868-678703554-3328094974-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-989894868-678703554-3328094974-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - Reg Error: Value error. File not found
O8 - Extra context menu item: RoboForm Toolbar - Reg Error: Value error. File not found
O8 - Extra context menu item: Save Forms - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-989894868-678703554-3328094974-1000\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\system32\igfxdev.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{5c82cb52-b4ac-11dc-aff2-001921d30077}\Shell - "" = AutoRun
O33 - MountPoints2\{5c82cb52-b4ac-11dc-aff2-001921d30077}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{943c5d7f-46da-11dd-baaf-001921d30077}\Shell - "" = AutoRun
O33 - MountPoints2\{943c5d7f-46da-11dd-baaf-001921d30077}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\Windows\*.tmp files]
[2009/04/11 10:37:12 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\HostsXpert
[2009/04/11 10:37:00 | 00,500,736 | ---- | C] (OldTimer Tools) -- C:\Users\XD\Desktop\OTListIt2.exe
[2009/04/11 10:36:01 | 00,353,485 | ---- | C] () -- C:\Users\XD\Desktop\HostsXpert.zip
[2009/04/08 21:54:26 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\Joe Abercrombie
[2009/04/06 22:12:00 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Users\XD\Desktop\WinsockxpFix.exe
[2009/04/06 11:49:36 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/04/06 11:40:19 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/04/05 19:21:26 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/04/05 19:21:26 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/04/05 19:21:26 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/04/05 19:21:26 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/04/05 19:21:26 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\Windows\fdsv.exe
[2009/04/05 19:21:26 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/04/05 19:21:26 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/04/05 19:21:26 | 00,049,152 | ---- | C] () -- C:\Windows\VFIND.exe
[2009/04/05 19:21:26 | 00,029,696 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/04/05 19:21:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/04/05 19:19:51 | 03,067,803 | R--- | C] () -- C:\Users\XD\Desktop\ComboFix.exe
[2009/04/04 15:23:15 | 00,003,278 | ---- | C] () -- C:\Users\XD\Desktop\Attach.rar
[2009/04/04 15:16:52 | 00,360,002 | ---- | C] () -- C:\Users\XD\Desktop\dds.pif
[2009/04/04 15:16:34 | 00,360,002 | ---- | C] () -- C:\Users\XD\Desktop\dds.scr
[2009/04/02 18:06:19 | 02,028,760 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\XD\Desktop\mbam-rules.exe
[2009/04/01 22:36:56 | 00,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/04/01 22:36:55 | 00,506,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml.dll
[2009/04/01 22:36:55 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\STKIT432.DLL
[2009/04/01 22:36:51 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/04/01 22:01:26 | 06,641,432 | ---- | C] (PC Tools ) -- C:\Users\XD\Desktop\rminstall.exe
[2009/04/01 21:56:03 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\XD\Desktop\spybotsd162.exe
[2009/04/01 21:24:56 | 07,493,808 | ---- | C] () -- C:\Users\XD\Desktop\Floola-win.zip
[2009/04/01 21:07:01 | 00,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/04/01 21:06:50 | 00,095,576 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2009/04/01 21:06:50 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/04/01 21:06:50 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2009/04/01 21:06:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2009/04/01 21:06:47 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/04/01 20:40:41 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/04/01 19:09:32 | 00,000,878 | ---- | C] () -- C:\Users\XD\Desktop\WinAVI MP4 Converter.lnk
[2009/03/31 22:46:46 | 00,003,020 | ---- | C] () -- C:\Users\XD\Documents\Vocab 3.rtf
[2009/03/30 22:40:29 | 00,055,808 | ---- | C] () -- C:\Users\XD\Desktop\POW_28.doc
[2009/03/30 16:24:20 | 00,000,000 | ---D | C] -- C:\Users\XD\AppData\Roaming\Desktopicon
[2009/03/30 16:24:16 | 00,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2009/03/28 23:46:37 | 03,176,918 | -H-- | C] () -- C:\Users\XD\AppData\Local\IconCache.db
[2009/03/28 19:33:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2009/03/27 19:11:33 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2009/03/26 16:47:44 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/25 23:28:59 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/03/25 16:13:38 | 00,001,880 | ---- | C] () -- C:\Users\XD\Desktop\HijackThis.lnk
[2009/03/25 16:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/23 17:05:10 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/03/23 17:05:10 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/23 17:05:08 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/03/23 17:05:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/23 16:56:43 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/03/22 21:04:51 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\George_R_R_Martin_-_A_Song_of_Ice_and_Fire__lit_
[2009/03/22 21:03:13 | 03,943,459 | ---- | C] () -- C:\Users\XD\Desktop\George_R_R_Martin_-_A_Song_of_Ice_and_Fire__lit_.rar
[2009/03/22 14:11:31 | 00,025,280 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/03/22 14:11:30 | 00,000,760 | ---- | C] () -- C:\Users\Public\Desktop\hamachi.lnk
[2009/03/22 14:11:29 | 00,000,000 | ---D | C] -- C:\Program Files\Hamachi
[2009/03/22 13:09:37 | 00,000,000 | ---D | C] -- C:\Users\XD\AppData\Local\PokerStars
[2009/03/22 13:08:07 | 00,000,864 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2009/03/22 13:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\PokerStars
[2009/03/21 18:17:35 | 00,001,666 | ---- | C] () -- C:\Users\XD\Desktop\osu!.lnk
[2009/03/21 18:17:15 | 00,000,000 | ---D | C] -- C:\Windows\osu!
[2009/03/21 18:17:14 | 00,000,000 | ---D | C] -- C:\Program Files\osu!
[2009/03/19 23:27:19 | 00,146,913 | ---- | C] () -- C:\Users\XD\Desktop\0087.jpg
[2009/03/19 17:35:19 | 00,152,088 | ---- | C] () -- C:\img2-001.raw
[2009/03/18 20:30:14 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\rOTL vol5 pg25- 38
[2009/03/15 23:10:57 | 00,000,000 | R--D | C] -- C:\Users\XD\Documents\LifeCam Files
[2009/03/15 19:36:50 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/03/15 19:20:42 | 00,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2009/03/15 19:20:41 | 00,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2009/03/15 19:20:39 | 00,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2009/03/15 19:20:39 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2009/03/15 19:20:39 | 00,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2009/03/15 19:20:39 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2009/03/15 19:20:36 | 00,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2009/03/15 19:20:34 | 00,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2009/03/15 19:12:27 | 00,096,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dfshim.dll
[2009/03/15 19:12:19 | 00,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscoree.dll
[2009/03/15 19:12:16 | 00,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2009/03/15 19:12:02 | 00,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2009/03/15 19:11:56 | 00,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2009/03/15 19:04:36 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/03/15 19:04:35 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/03/15 19:04:34 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/03/15 19:04:34 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/03/15 19:04:34 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/03/15 19:04:33 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/03/15 19:04:32 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/03/15 19:04:32 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/03/15 19:04:31 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/03/15 19:04:21 | 00,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv.sys
[2009/03/15 19:04:16 | 11,580,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
[2009/03/15 19:04:08 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/03/15 19:04:07 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/03/15 19:04:01 | 10,622,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/03/15 19:04:00 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/03/15 19:04:00 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/03/15 19:04:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/03/15 19:04:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/03/15 19:03:53 | 00,212,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2009/03/15 19:03:05 | 00,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
[2009/03/15 19:02:27 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/03/15 19:00:39 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/03/15 19:00:36 | 02,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2009/03/15 18:58:20 | 00,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2009/03/15 18:58:16 | 02,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/03/15 18:58:16 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/03/15 18:58:15 | 00,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2009/03/15 18:58:15 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2009/03/15 18:58:12 | 01,334,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml6.dll
[2009/03/15 17:42:55 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Tencent
[2009/03/15 17:41:54 | 00,002,030 | ---- | C] () -- C:\Users\XD\Desktop\Tencent QQ.lnk
[2009/03/15 17:41:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Tencent
[2009/03/15 17:41:44 | 00,000,000 | ---D | C] -- C:\Program Files\Tencent
[2009/03/15 17:41:39 | 00,000,000 | ---D | C] -- C:\Users\XD\Documents\Tencent Files
[2009/03/15 17:36:30 | 00,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2009/03/15 17:36:30 | 00,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2009/03/15 12:48:34 | 00,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2009/03/15 12:47:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2009/03/15 12:46:34 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2009/03/15 12:46:34 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2009/03/15 12:46:34 | 00,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2009/03/15 12:46:34 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2009/03/15 12:46:33 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2009/03/15 12:46:33 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2009/03/15 12:46:32 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2009/03/15 12:46:32 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2009/03/15 12:46:32 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2009/03/15 12:46:02 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2009/03/15 12:46:02 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2009/03/15 12:46:02 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2009/03/15 12:45:58 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2009/03/15 12:45:57 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2009/03/15 12:45:56 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2009/03/14 15:30:51 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\rOTL vol5 pg 5 - 24
[2009/03/13 21:22:02 | 00,000,000 | ---D | C] -- C:\Users\XD\AppData\Roaming\Tencent
[2009/03/13 20:53:26 | 14,898,496 | ---- | C] () -- C:\Users\XD\Desktop\QQ2009Beta_en.exe
[2009/03/13 00:09:48 | 00,000,000 | ---D | C] -- C:\Users\XD\Desktop\A_misc_Music
[2009/02/08 23:06:43 | 01,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/02/02 23:03:06 | 00,000,316 | ---- | C] () -- C:\Windows\wininit.ini
[2008/12/24 14:53:16 | 00,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2008/12/24 14:53:10 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/24 14:53:10 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/24 14:53:09 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/12/24 14:53:07 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/12/24 14:53:06 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/10/27 21:47:39 | 00,002,528 | ---- | C] () -- C:\Windows\FCIC.INI
[2008/10/23 01:36:33 | 00,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2008/06/30 14:36:22 | 00,000,231 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2008/06/30 14:26:15 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/05/26 11:41:34 | 02,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/04/17 11:34:03 | 00,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2008/03/19 14:31:35 | 00,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2008/03/18 21:19:50 | 00,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007/04/10 16:46:48 | 00,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2007/03/06 11:49:42 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1227.dll
[2007/02/08 05:30:43 | 00,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom24.dll
[2007/02/08 05:30:43 | 00,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes24.dll
[2007/02/08 05:22:16 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1132.dll
[2007/02/08 05:22:15 | 00,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/01/10 06:56:34 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 05:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:31 | 00,000,179 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/11 02:00:40 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/08/11 02:00:40 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2002/10/15 17:54:04 | 00,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll

========== Files - Modified Within 30 Days ==========

[3 C:\Windows\*.tmp files]
[2009/04/11 10:43:14 | 00,000,698 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2009/04/11 10:40:44 | 00,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/04/11 10:40:44 | 00,005,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/04/11 10:40:10 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/04/11 10:40:06 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/04/11 10:39:00 | 03,176,918 | -H-- | M] () -- C:\Users\XD\AppData\Local\IconCache.db
[2009/04/11 10:37:09 | 00,500,736 | ---- | M] (OldTimer Tools) -- C:\Users\XD\Desktop\OTListIt2.exe
[2009/04/11 10:36:10 | 00,353,485 | ---- | M] () -- C:\Users\XD\Desktop\HostsXpert.zip
[2009/04/09 22:37:52 | 00,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2009/04/09 10:54:44 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/04/09 10:54:44 | 00,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/04/09 10:54:44 | 00,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/04/07 20:49:27 | 00,004,832 | ---- | M] () -- C:\Users\XD\AppData\Roaming\wklnhst.dat
[2009/04/06 22:12:10 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Users\XD\Desktop\WinsockxpFix.exe
[2009/04/06 18:04:10 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009/04/06 11:46:18 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/04/05 19:20:20 | 03,067,803 | R--- | M] () -- C:\Users\XD\Desktop\ComboFix.exe
[2009/04/05 12:12:35 | 00,003,278 | ---- | M] () -- C:\Users\XD\Desktop\Attach.rar
[2009/04/05 11:35:45 | 00,360,002 | ---- | M] () -- C:\Users\XD\Desktop\dds.pif
[2009/04/04 15:16:41 | 00,360,002 | ---- | M] () -- C:\Users\XD\Desktop\dds.scr
[2009/04/02 18:06:57 | 02,028,760 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\XD\Desktop\mbam-rules.exe
[2009/04/01 22:36:56 | 00,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Registry Mechanic.lnk
[2009/04/01 22:02:13 | 06,641,432 | ---- | M] (PC Tools ) -- C:\Users\XD\Desktop\rminstall.exe
[2009/04/01 21:57:47 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\XD\Desktop\spybotsd162.exe
[2009/04/01 21:26:16 | 07,493,808 | ---- | M] () -- C:\Users\XD\Desktop\Floola-win.zip
[2009/04/01 21:07:01 | 00,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2009/04/01 19:09:32 | 00,000,878 | ---- | M] () -- C:\Users\XD\Desktop\WinAVI MP4 Converter.lnk
[2009/03/31 22:47:54 | 00,003,020 | ---- | M] () -- C:\Users\XD\Documents\Vocab 3.rtf
[2009/03/30 21:10:01 | 00,055,808 | ---- | M] () -- C:\Users\XD\Desktop\POW_28.doc
[2009/03/28 19:17:44 | 00,001,356 | ---- | M] () -- C:\Users\XD\AppData\Local\d3d9caps.dat
[2009/03/27 15:21:52 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2009/03/25 16:13:38 | 00,001,880 | ---- | M] () -- C:\Users\XD\Desktop\HijackThis.lnk
[2009/03/23 17:05:10 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/23 16:56:43 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2009/03/22 21:03:48 | 03,943,459 | ---- | M] () -- C:\Users\XD\Desktop\George_R_R_Martin_-_A_Song_of_Ice_and_Fire__lit_.rar
[2009/03/22 20:00:34 | 00,166,912 | ---- | M] () -- C:\Users\XD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 16:11:02 | 00,011,168 | -H-- | M] () -- C:\Windows\System32\jasaropo
[2009/03/22 14:11:31 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\drivers\hamachi.sys
[2009/03/22 14:11:30 | 00,000,760 | ---- | M] () -- C:\Users\Public\Desktop\hamachi.lnk
[2009/03/22 13:08:07 | 00,000,864 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.lnk
[2009/03/22 11:20:34 | 00,000,316 | ---- | M] () -- C:\Windows\wininit.ini
[2009/03/22 10:04:39 | 00,001,676 | ---- | M] () -- C:\Users\XD\Desktop\CCleaner.lnk
[2009/03/21 18:17:35 | 00,001,666 | ---- | M] () -- C:\Users\XD\Desktop\osu!.lnk
[2009/03/20 16:53:16 | 00,077,384 | ---- | M] () -- C:\Windows\War3Unin.dat
[2009/03/19 23:27:22 | 00,146,913 | ---- | M] () -- C:\Users\XD\Desktop\0087.jpg
[2009/03/19 17:35:19 | 00,152,088 | ---- | M] () -- C:\img2-001.raw
[2009/03/15 20:30:38 | 00,391,472 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/03/15 17:41:54 | 00,002,030 | ---- | M] () -- C:\Users\XD\Desktop\Tencent QQ.lnk
[2009/03/15 17:36:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/03/15 17:36:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/03/15 12:48:34 | 00,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft LifeCam.lnk
[2009/03/13 20:55:58 | 14,898,496 | ---- | M] () -- C:\Users\XD\Desktop\QQ2009Beta_en.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:FB1B13D8
< End of report >







Extras



OTListIt Extras logfile created on: 4/11/2009 10:49:36 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.12.2 Folder = C:\Users\XD\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.64 Mb Total Physical Memory | 443.75 Mb Available Physical Memory | 43.39% Memory free
2.25 Gb Paging File | 1.56 Gb Available in Paging File | 69.43% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.96 Gb Total Space | 22.74 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive D: | 7.09 Gb Total Space | 0.31 Gb Free Space | 4.31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XD-PC
Current User Name: XD
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\notepad.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"UpdatesDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications" = 0
"EnableFirewall" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"Game.exe" = Game.exe:*:Enabled:GostSoul

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}" = Tencent QQ2009
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2D7F4B72-F97F-4502-A35A-B57BCA04CAB8}" = Ghost
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = DVD Play
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FCCD531-1B38-4A94-924C-127F722F1033}" = Nero 8
"{6102D63A-9387-4FC8-98E4-181121F8C0BA}" = MPlugin_USA
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6CB9AF08-79AE-4020-84A8-29CF15C67BD5}" = Audition
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{706BB40A-4102-4c89-8107-DC68C4EBD19B}" = HP Deskjet All-In-One Software 9.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75E71ADD-042C-4F30-BFAC-A9EC42351313}" = Python 2.4.3
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.0.96
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{83C03FBE-4492-4133-BBAB-421CD88ADA32}" = OpenOffice.org 2.3
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{89C89156-A70F-4C6D-9CAE-2EA71F1396FE}" = Garena
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A9C365A3-06C0-43b4-A2DB-EDF0A6079AA9}" = DJ_AIO_Software
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4B1F18B-5CED-4f8f-8A8F-1BD0503C222E}" = DJ_AIO_ProductContext
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{B6B69D92-6CD8-4086-8D1D-7945BDA4AE5A}" = F4100_Help
"{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.14.223
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C9D88AF8-7B0A-4200-BFBC-7827A7535096}" = F4100_doccd
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E4A02A3F-4F8A-4D94-BB99-68BC1D1CF6DB}" = Roxio MyDVD Basic v9
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder™ Mouse
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F56D6F46-1D62-4734-BF12-6457A1ED17BD}" = DJ_AIO_Software_min
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8FED11D-3584-4a72-8B26-E0951B655797}" = F4100
"{F94234DB-FD06-42C3-B88D-6FC4DC9F988C}" = HP Easy Setup - Core
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FFC1ADE3-944B-4231-894E-3903C37271D2}" = Adobe Setup
"7-Zip" = 7-Zip 4.42
"ABC Amber LIT Converter" = ABC Amber LIT Converter
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_c3c7fe8b09d497ab2b3fd91c9353390" = Adobe Flash CS3 Professional
"Advanced Batch Converter" = Advanced Batch Converter
"AIM_6" = AIM 6
"AT&T Self Support Tool" = AT&T Self Support Tool
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"CDisplay_is1" = CDisplay 1.8
"Cheat Engine 5.5_is1" = Cheat Engine 5.5
"CloneDVD2" = CloneDVD2
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"Colorizer 1.0.0.1" = Colorizer 1.0.0.1
"CPS FirstClass Client v9.012f" = CPS FirstClass Client v9.012f
"Google Updater" = Google Updater
"Hamachi" = Hamachi 1.0.3.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPOOVClient-3572475 Uninstaller" = Compaq Connections (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.4.2 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"NVIDIA Drivers" = NVIDIA Drivers
"OsdMaestro" = HP On-Screen Caps/Num/Scroll Lock Indicator
"osu!" = osu!
"PokerStars" = PokerStars
"PowerISO" = PowerISO
"QuicktimeAlt_is1" = QuickTime Alternative 1.47
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"RumbleFighter" = Rumble Fighter
"SciTE4AutoIt3" = SciTE4AutoIt3 20-2-2008
"Starcraft" = Starcraft
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Tag&Rename_is1" = Tag&Rename 3.4.6
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"Warcraft III" = Warcraft III
"Warkeys" = Warkeys 1.5.2.0b
"Winamp" = Winamp
"WinAVI Video Converter 9.09.0" = WinAVI Video Converter 9.0
"WinPatrol" = WinPatrol 2007
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 240" = Counter-Strike: Source
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-989894868-678703554-3328094974-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Steam App 240" = Counter-Strike: Source
"uTorrent" = µTorrent
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >







I don't know if this might be useful or not, this is the avira report to when the update fails.



Avira AntiVir Personal - Free Antivirus Updater

Creation time: Sat Apr 11 10:58:01 2009


Operating system:
Windows Vista (Service Pack 1) [6.0.6001]

Product information:
Product version: 9.0.0.386
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 09.00.00.42
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 09.00.00.06

Temp Directory: C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\ProgramData\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\ProgramData\Avira\AntiVir Desktop\


[UPD] [INFO] Checking whether newer files are available.
[UPD] [INFO] Select update server 'http://80.190.143.236/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.178/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.235/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.182/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.230/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.179/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.181/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.239/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.183/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.182/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.182/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.182/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.183/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.183/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.183/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.178/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.178/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.178/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.230/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.230/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.230/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.181/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.181/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.181/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.239/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.239/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.239/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.235/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.235/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.235/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.179/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.179/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.179/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://80.190.143.236/update'.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://80.190.143.236/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://80.190.143.236/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://62.146.66.184/update'.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://62.146.66.184/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Select update server 'http://perspeak.avira-update.com/update'.
[UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPD] [INFO] Downloading of 'http://perspeak.avira-update.com/update/idx/master.idx' to 'C:\ProgramData\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
[UPDLIB] [ERROR] Download manager: The function WinINet::InternetOpenUrl() 'http://perspeak.avira-update.com/update/idx/master.idx' failed. Error: A connection with the server could not be established
[UPDLIB] [ERROR] Download manager: An error occurred inside the WinINet library.
[UPDLIB] [ERROR] No other server available.
[UPD] [ERROR] Generation of update structure failed. UpdateLib delivers error 8.

Summary:
********
0 Files downloaded
0 Files installed

10:58:07 The update failed!

Edited by gwntd, 11 April 2009 - 11:01 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users