Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help I have the rootkit.agent.odg virus


  • Please log in to reply
15 replies to this topic

#1 damo1992

damo1992

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 19 May 2009 - 03:17 AM

i recently was infected with the rootkit.agent.odg trojan virus, and eset and ccleaner would not remove it, so i searched the net to find a solution, and alot of people said they had found a solution in combofix, so i tried it. the tutorial said to post here the log of the scan, so here it is

thank you very much for any help in advance...


ComboFix 09-05-18.04 - Damian 19/05/2009 18:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1637 [GMT 10:00]
Running from: c:\documents and settings\Damian\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\drivers\gxvxcabwwejxjlkixlthqoawemppbpfairrmc.sys
c:\windows\system32\drivers\gxvxcevxfmuiqaklrxhoowbomyxidmixomagk.sys
c:\windows\system32\drivers\gxvxcwbitudjtapmyltexrcmoqvdnkbwwcgvm.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcyxrkkrjexgfviespxnsjovbwucbqkfpj.dll

----- BITS: Possible infected sites -----

hxxp://download.linksys.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-19 to 2009-05-19 )))))))))))))))))))))))))))))))
.

2009-05-18 06:02 . 2009-05-18 06:02 -------- d-----w c:\program files\PlayAllDVD
2009-05-16 07:38 . 2009-05-16 07:38 -------- d-----w c:\documents and settings\foo.UGOV.013
2009-05-13 09:02 . 2009-05-13 09:02 -------- d-----w c:\program files\Armadillo Run
2009-05-13 08:52 . 2009-05-13 08:52 -------- d-----w c:\program files\Lame for Audacity
2009-05-13 08:50 . 2009-05-17 07:00 -------- d-----w c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-16 07:48 . 2007-12-26 23:33 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-05-09 06:56 . 2007-12-27 00:54 -------- d-----w c:\program files\ESET
2009-05-08 08:36 . 2007-12-26 23:23 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-08 05:59 . 2008-01-01 00:59 -------- d-----w c:\program files\Electronic Arts
2009-05-04 20:57 . 2008-08-22 09:02 -------- d-----w c:\program files\LimeWire
2009-04-19 05:44 . 2008-01-01 01:15 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-04-19 01:49 . 2008-04-09 06:45 -------- d-----w c:\program files\Safari
2009-04-19 01:47 . 2009-04-19 01:38 -------- d-----w c:\program files\NDSROM Player
2009-04-19 01:45 . 2009-04-19 01:45 -------- d-----w c:\program files\UO GPPSP Kai 3.3
2009-04-09 05:53 . 2007-12-30 07:57 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-04-08 07:26 . 2009-03-16 19:54 -------- d-----w c:\program files\iTunes
2009-04-08 07:25 . 2009-04-08 07:25 -------- d-----w c:\program files\iPod
2009-04-08 07:25 . 2007-12-26 23:59 -------- d-----w c:\program files\Common Files\Apple
2009-03-19 06:32 . 2008-01-29 02:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 01:45 . 2009-03-19 01:45 55768 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 01:45 . 2009-03-19 01:45 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-19 01:45 . 2009-03-19 01:45 131976 ----a-w c:\windows\system32\drivers\epfw.sys
2009-03-19 01:44 . 2009-03-19 01:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 01:41 . 2009-03-19 01:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-10 04:19 . 2008-03-10 06:51 35336 ----a-w c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 01:54 . 2008-10-12 20:48 34 ----a-w c:\documents and settings\Damian\jagex_runescape_preferences.dat
2009-03-06 14:22 . 2007-07-27 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2008-09-11 06:37 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2007-12-26 23:59 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-20 08:10 . 2007-07-27 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2007-07-27 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 05:20 . 2007-12-30 03:45 35336 ----a-w c:\documents and settings\Damian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-18 09:17 . 2009-02-18 08:59 40672 ------w c:\windows\system32\drivers\CESG502.SYS
2007-12-27 04:20 . 2007-12-27 04:16 48 --sh--w c:\windows\S5E476866.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-07-17 691656]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-11 380928]
"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-15 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andrew\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-11 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Maxis\\SimCity 4\\Apps\\SimCity 4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"46312:TCP"= 46312:TCP:UTorrent

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 AM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 AM 731840]
R2 U3sHlpDr;U3sHlpDr;c:\windows\system32\drivers\U3sHlpDr.sys [27/12/2007 10:50 AM 7551]
S2 gupdate1c99f8628ef336e;Google Update Service (gupdate1c99f8628ef336e);c:\program files\Google\Update\GoogleUpdate.exe [8/03/2009 10:38 AM 133104]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Damian\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Damian\LOCALS~1\Temp\bDMusicb.sys [?]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [18/02/2009 6:59 PM 40672]
.
Contents of the 'Scheduled Tasks' folder

2009-04-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2009-05-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 02:08]

2009-05-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 00:38]

2009-05-15 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]

2009-05-19 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKLM-Run-iPodVideoConverter_upgrade - c:\program files\E-Zsoft\iPodVideoConverter\iPodVideoConverter.exe
HKLM-Run-YouTubeDownloader_upgrade - c:\program files\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Damian\Application Data\Mozilla\Firefox\Profiles\3dv7rnl0.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-19 18:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,d4,a8,54,64,80,75,53,0a,cb,ab,b7,a8,f1,76,21,7c,41,9a,ac,27,
35,c4,62,5d,74,f9,3f,f7,70,5b,83,3f,04,9a,66,42,72,19,2c,a2,d6,ca,5d,53,15,\
"rkeysecu"=hex:67,fc,41,9c,7d,b2,77,27,8b,b3,31,06,0a,29,3c,de

[HKEY_USERS\S-1-5-21-1214440339-616249376-839522115-1003\Software\Zepter Software\RegLib*fca13038\CloneDVDmobile/1]
"1"=dword:4772f855
"2"=dword:4773218b
.
Completion time: 2009-05-19 18:04
ComboFix-quarantined-files.txt 2009-05-19 08:04

Pre-Run: 216,347,512,832 bytes free
Post-Run: 217,873,301,504 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

199 --- E O F --- 2009-05-12 23:27




thanks again

BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 31 May 2009 - 09:51 AM

Hello damo1992

Welcome to Welcome to BleepingComputer :thumbup2:
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 01 June 2009 - 03:39 AM

OTL logfile created on: 1/06/2009 6:34:02 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Damian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 75.81% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 195.25 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UGOV
Current User Name: Damian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\GameFace Messenger\GameFace.exe (AceGain Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Damian\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (ATKKeyboardService [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (gupdate1c99f8628ef336e [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpdj [Auto | Stopped]) -- File not found
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (asusgsb [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt [System | Running]) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (ASUSVRC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (eamon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (EIO [System | Running]) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (epfw [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\epfw.sys (ESET)
DRV - (Epfwndis [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (ESET)
DRV - (epfwtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (ESET)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Maplom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (nmwcdcj [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdcm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (PVUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (U3sHlpDr [Auto | Running]) -- C:\WINDOWS\System32\Drivers\U3sHlpDr.sys ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Video3D [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/24 08:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/24 08:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2009/05/09 16:56:17 | 00,000,000 | ---D | M]

[2009/03/07 14:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions
[2008/08/30 10:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/07 14:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/31 14:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Firefox\Profiles\3dv7rnl0.default\extensions
[2009/06/01 17:01:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/24 08:58:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/27 11:10:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/28 15:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/05 16:17:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/18 07:15:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/24 08:58:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/24 08:58:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/24 08:59:02 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/24 08:59:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/24 08:59:02 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/24 08:59:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/24 08:59:02 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/24 08:59:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/24 08:59:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/24 08:59:02 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (100 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\E-Zsoft\YouTubeDownloader\VDTB.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\E-Zsoft\YouTubeDownloader\VDTB.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe (AceGain Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 09:13:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell - "" = Autorun
O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com g:\
O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell\Open\command - "" = G:\RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/01 18:32:25 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2009/06/01 18:32:00 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Damian\Desktop\OTL.exe
[2009/05/27 07:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\iPod_converter
[2009/05/27 07:32:38 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\DVDVideoSoft Free Studio.lnk
[2009/05/27 07:32:38 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/05/27 07:32:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\My Documents\DVDVideoSoft
[2009/05/27 07:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2009/05/27 07:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009/05/27 07:19:06 | 03,916,701 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\iPod_converter.zip
[2009/05/24 14:47:46 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/05/24 14:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\PSPDocMakerGUI
[2009/05/20 07:06:00 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/19 19:19:40 | 73,424,4864 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Meet Dave.avi
[2009/05/19 19:19:27 | 93,770,5472 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Johnny.Dangerously.1984.DVDRip.XviD.ph2.avi
[2009/05/19 19:18:50 | 52,195,7326 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Clive.Barkers.Book.of.Blood.DVDrip.Xvid.TFE.avi
[2009/05/19 18:04:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/05/19 18:04:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Local Settings\temp
[2009/05/19 17:55:54 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/19 17:55:52 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/19 17:55:51 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/19 17:53:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/19 17:53:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/19 17:53:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/19 17:53:40 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/19 17:53:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/19 17:53:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/19 17:53:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/19 17:53:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/19 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/19 17:53:34 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/05/19 17:53:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/19 17:34:57 | 00,000,000 | ---D | C] -- C:\Avenger
[2009/05/18 16:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\PlayAllDVD
[2009/05/16 12:55:29 | 01,408,961 | ---- | C] ( ) -- C:\Documents and Settings\Damian\Desktop\DesktopTowerDefense.exe
[2009/05/13 19:02:12 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Armadillo Run.lnk
[2009/05/13 19:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Armadillo Run
[2009/05/13 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/05/13 18:50:16 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Audacity.lnk
[2009/05/13 18:50:14 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/05/09 17:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\PSP Stuff
[2009/05/08 15:59:57 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Warhammer Online - Age of Reckoning.lnk
[2009/05/06 07:03:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\Supernatural 4
[2009/05/05 06:57:52 | 00,001,578 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\LimeWire 5.1.2.lnk
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/18 13:48:19 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/10 18:28:18 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/16 20:09:45 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2008/06/22 17:28:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/19 15:45:14 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/01/19 14:25:48 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/01 10:51:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/30 18:39:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/12/28 14:44:51 | 00,001,815 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/12/27 14:01:55 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/12/27 10:50:35 | 00,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys
[2007/12/27 09:33:57 | 00,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2007/12/27 09:33:57 | 00,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2007/12/27 09:33:56 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007/12/27 09:33:56 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007/12/27 09:33:55 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007/07/27 22:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/27 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/06/29 02:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 02:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/06/28 20:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 20:52:18 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/19 07:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 06:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/10/11 10:19:00 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/06/01 18:32:38 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Damian\Desktop\OTL.exe
[2009/06/01 18:14:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/01 17:56:12 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/06/01 17:56:07 | 00,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/01 17:25:52 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Damian\Local Settings\desktop.ini
[2009/06/01 16:51:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/01 16:51:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/06/01 16:51:29 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/01 16:39:01 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/01 16:38:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/01 16:38:41 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/01 07:15:58 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/01 06:27:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/01 06:27:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/05/31 14:11:31 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Armadillo Run.lnk
[2009/05/31 12:04:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/05/31 12:04:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/31 12:00:54 | 00,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009/05/31 11:37:43 | 00,000,175 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/31 10:32:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/31 10:32:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/05/31 10:01:44 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Microsoft Office Word 2003.lnk
[2009/05/31 06:19:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/05/30 17:58:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/30 17:58:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/29 05:57:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/29 05:57:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/27 18:16:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/27 18:16:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/27 17:55:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/05/27 17:55:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/27 07:41:49 | 03,916,701 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\iPod_converter.zip
[2009/05/27 07:32:38 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\DVDVideoSoft Free Studio.lnk
[2009/05/25 15:09:02 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Damian\My Documents\My Sharing Folders.lnk
[2009/05/25 08:59:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/25 08:59:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/24 08:58:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/05/24 08:58:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/21 17:09:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/21 17:09:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/21 06:47:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/21 06:47:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/20 19:59:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/20 19:59:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/20 18:35:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/20 18:35:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/20 07:24:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/20 07:24:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/20 07:06:00 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/19 18:03:38 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/19 17:55:54 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/18 17:14:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/18 17:14:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/18 07:27:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/18 07:27:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/16 17:54:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/05/16 17:54:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/05/16 17:20:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/05/16 17:20:17 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/05/16 12:55:36 | 01,408,961 | ---- | M] ( ) -- C:\Documents and Settings\Damian\Desktop\DesktopTowerDefense.exe
[2009/05/16 12:21:26 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/05/16 12:21:26 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/13 18:50:16 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Audacity.lnk
[2009/05/12 00:41:54 | 52,195,7326 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Clive.Barkers.Book.of.Blood.DVDrip.Xvid.TFE.avi
[2009/05/09 15:19:18 | 93,770,5472 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Johnny.Dangerously.1984.DVDRip.XviD.ph2.avi
[2009/05/08 15:59:57 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Warhammer Online - Age of Reckoning.lnk
[2009/05/07 17:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/05 06:57:52 | 00,001,578 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\LimeWire 5.1.2.lnk

========== LOP Check ==========

[2009/04/08 17:25:47 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/03/17 05:54:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/04/08 17:26:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/16 18:02:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2007/12/27 09:59:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/01/01 16:29:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/02/18 18:59:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CASIO
[2008/07/27 20:59:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/02/26 19:23:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/06/01 09:00:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2008/09/22 09:27:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/04/19 11:37:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/08/10 14:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/03/03 16:06:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2009/03/03 16:26:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/07/16 20:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2009/02/28 05:34:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/09/22 09:29:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/09/19 13:24:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2007/12/27 14:20:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/10/25 16:25:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2008/02/03 15:03:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/10/25 16:25:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/12/27 12:21:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/04/02 18:23:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WLInstaller
[2009/04/19 15:51:41 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Damian\Application Data
[2008/04/09 14:46:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Adobe
[2008/06/22 12:57:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Ahead
[2008/11/10 15:48:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Apple Computer
[2008/10/11 05:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\DAEMON Tools
[2008/02/27 15:07:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\ESET
[2008/09/15 15:14:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\GetRightToGo
[2009/03/08 10:39:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Google
[2008/10/19 17:50:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Hamachi
[2008/04/13 20:56:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Help
[2007/12/27 09:58:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Identities
[2009/05/31 12:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\LimeWire
[2007/12/27 11:31:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Macromedia
[2009/05/17 13:18:51 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Damian\Application Data\Microsoft
[2008/11/23 10:15:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Microsoft Games
[2008/08/30 10:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Mozilla
[2007/12/30 13:41:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\MPEG Streamclip
[2008/04/25 10:50:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\My Battle for Middle-earth™ II Files
[2009/03/03 16:06:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\NCH Software
[2008/07/16 20:49:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Nero
[2008/09/22 09:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Nokia
[2008/09/22 09:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\PC Suite
[2008/12/16 18:09:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Real
[2009/04/19 15:44:32 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Damian\Application Data\SecuROM
[2008/08/10 14:23:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Sibelius Software
[2007/12/27 11:42:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\SlySoft
[2009/04/19 15:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\SPORE
[2008/03/07 17:59:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Sun
[2008/09/15 10:01:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\Uniblue
[2009/05/25 15:53:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\uTorrent
[2009/02/20 15:24:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\WinFF
[2007/12/27 10:53:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\WinRAR
[2009/04/22 13:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2007/07/27 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/06/01 16:39:01 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/06/01 18:14:11 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachine.job
[2009/05/31 06:19:01 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2009/06/01 17:56:12 | 00,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/06/01 16:38:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB923A2
< End of report >


OTL Extras logfile created on: 1/06/2009 6:34:02 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Damian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 75.81% Memory free
3.85 Gb Paging File | 3.53 Gb Available in Paging File | 91.63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 195.25 Gb Free Space | 41.92% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UGOV
Current User Name: Damian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"46312:TCP" = 46312:TCP:*:Enabled:UTorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire (Lime Wire, LLC)
C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA ()
C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB ()
C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II (Electronic Arts Inc.)
C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king (Electronic Arts Inc.)
C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\patchget.dat:*:Enabled:patchgrabber (Electronic Arts)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\Maxis\SimCity 4\Apps\SimCity 4.exe:*:Enabled:SimCity 4 (Maxis)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox (Mozilla Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent (BitTorrent, Inc.)
C:\Program Files\Microsoft Games\Rise of Nations\thrones.exe:*:Enabled:Rise of Nations (Big Huge Games, Inc.)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
C:\Program Files\Electronic Arts\Warhammer Online - Age of Reckoning\warpatch.exe:*:Enabled:Warhammer Online - Age of Reckoning (Mythic Entertainment, an EA Studio)
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service (Pure Networks, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"#1 DVD Ripper" = #1 DVD Ripper 7.3.0
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{44A91B04-3D0C-47F9-B644-7F682869AFF3}" = MobileMe Control Panel
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{611BD998-34B9-4DDA-00AE-0CB4632E86FA}" = SimCity 4
"{64B068C2-4158-42C8-9566-5FC76416D0E5}" = fx-9860 OS Update
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{8EA4D12F-1571-4998-9BD1-D20C4A767D24}" = ASUS Utilities
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{AFAF626C-D2E6-455C-9A5A-ACDF049A6168}" = ASUS nVidia Driver
"{B148AB4B-C8FA-474B-B981-F2943C5B5BCD}" = OGA Notifier 1.7.0105.35.0
"{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}" = ESET Smart Security
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB47E710-6249-4EFA-BE36-E922B0612AF4}" = CASIO FA-124
"{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Activision®
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Windows Driver Package - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Armadillo Run Demo_is1" = Armadillo Run Demo Version 1.0.5
"Armadillo Run_is1" = Armadillo Run 1.0.3
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"CloneDVDmobile" = CloneDVDmobile
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Debut" = Debut Video Capture Software
"DreamWorks Interactive: Mutant" = Attack of the Mutant
"DVD Shrink_is1" = DVD Shrink 3.2
"Evil Genius_is1" = Evil Genius
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.1
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"Game Jackal_is1" = Game Jackal v2.9.18.600
"GameFace_Messenger" = GameFace Messenger
"GameSpy Arcade" = GameSpy Arcade
"Google Updater" = Google Updater
"Guild Wars" = Guild Wars
"Guitar Guru_is1" = Guitar Guru Version 2.2.5.0
"GuitarSpeedTrainer_is1" = GST 2.3.8.4
"InstallShield_{12E11FBB-7CA6-4A86-834D-5E6390D51009}" = ASUS Smart Doctor
"InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online
"InstallShield_{FC8A7918-D65D-440C-9596-C88185E8DCA4}" = Drum Controller Standard Tuning Kit
"IsoBuster_is1" = IsoBuster 1.7
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LEGO Rock Raiders" = LEGO Rock Raiders
"LimeWire" = LimeWire 5.1.2
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = ninemsn Internet Software
"Network MagicUninstall" = Network Magic
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"PlayAllDVD" = PlayAllDVD
"QuicktimeAlt_is1" = QuickTime Alternative 2.2.0
"Red Alert 2" = Command & Conquer Red Alert 2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"Route66DeinstKey" = Suckin' Grits on Route 66™
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"ToolBox" = NCH Toolbox
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"Warhammer Online - Age of Reckoning" = Warhammer Online - Age of Reckoning
"WinAVI Video Converter_is1" = WinAVI Video Converter 5.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFF_is1" = WinFF 0.41
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"mpowerplayer" = mpowerplayer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/03/2009 4:05:20 PM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

Error - 24/03/2009 3:30:25 AM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

Error - 24/03/2009 4:30:25 AM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

Error - 24/03/2009 4:01:58 PM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

Error - 26/03/2009 4:09:23 PM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

Error - 28/03/2009 8:37:49 PM | Computer Name = UGOV | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.1.0.52, faulting module
itunes.exe, version 8.1.0.52, fault address 0x003a298c.

Error - 29/03/2009 9:50:51 PM | Computer Name = UGOV | Source = Application Error | ID = 1000
Description = Faulting application itunes.exe, version 8.1.0.52, faulting module
quicktime.qts, version 7.60.92.0, fault address 0x008f1c39.

Error - 2/04/2009 6:56:13 PM | Computer Name = UGOV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 2/04/2009 6:56:15 PM | Computer Name = UGOV | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 3/04/2009 12:10:13 AM | Computer Name = UGOV | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 30/05/2009 6:32:55 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The ATK Keyboard Service service failed to start due to the following
error: %%2

Error - 30/05/2009 6:32:55 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 31/05/2009 4:23:26 PM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The ATK Keyboard Service service failed to start due to the following
error: %%2

Error - 31/05/2009 4:23:26 PM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 1/06/2009 1:36:51 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The ATK Keyboard Service service failed to start due to the following
error: %%2

Error - 1/06/2009 1:36:51 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 1/06/2009 2:01:20 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The ATK Keyboard Service service failed to start due to the following
error: %%2

Error - 1/06/2009 2:01:20 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2

Error - 1/06/2009 2:38:55 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The ATK Keyboard Service service failed to start due to the following
error: %%2

Error - 1/06/2009 2:38:55 AM | Computer Name = UGOV | Source = Service Control Manager | ID = 7000
Description = The hpdj service failed to start due to the following error: %%2


< End of report >

#4 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 01 June 2009 - 05:39 AM

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-01 20:36:01
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 88F89630 ZwAssignProcessToJobObject
SSDT spwk.sys ZwCreateKey [0xBA6A80E0]
SSDT spwk.sys ZwEnumerateKey [0xBA6C6CA2]
SSDT spwk.sys ZwEnumerateValueKey [0xBA6C7030]
SSDT spwk.sys ZwOpenKey [0xBA6A80C0]
SSDT 88F88A60 ZwOpenProcess
SSDT 88F88E80 ZwOpenThread
SSDT spwk.sys ZwQueryKey [0xBA6C7108]
SSDT spwk.sys ZwQueryValueKey [0xBA6C6F88]
SSDT spwk.sys ZwSetValueKey [0xBA6C719A]
SSDT 88F89460 ZwSuspendProcess
SSDT 88F89280 ZwSuspendThread
SSDT 88F88C90 ZwTerminateProcess
SSDT 88F890B0 ZwTerminateThread

INT 0x62 ? 8A615BF8
INT 0x63 ? 8A3EAF00
INT 0x82 ? 8A615BF8
INT 0x83 ? 8A3EAF00
INT 0xA4 ? 8A3EAF00
INT 0xB1 ? 8A5A7BF8
INT 0xB1 ? 8A5A7BF8
INT 0xB4 ? 8A3EAF00

---- Kernel code sections - GMER 1.0.15 ----

? spwk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B966E8AC 5 Bytes JMP 8A3EA4E0
.text a7v3m901.SYS B95A4384 1 Byte [20]
.text a7v3m901.SYS B95A4384 37 Bytes [20, 00, 00, 68, 00, 00, 00, ...]
.text a7v3m901.SYS B95A43AA 24 Bytes [00, 00, 20, 00, 00, E0, 00, ...]
.text a7v3m901.SYS B95A43C4 3 Bytes [00, 00, 00]
.text a7v3m901.SYS B95A43C9 1 Byte [00]
.text ...
.text arumkbqi.SYS B9548386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text arumkbqi.SYS B95483AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text arumkbqi.SYS B95483C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text arumkbqi.SYS B95483C9 1 Byte [2E]
.text arumkbqi.SYS B95483C9 11 Bytes [2E, 00, 00, 00, 5A, 02, 00, ...]
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1448] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3348] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [BA6A9040] spwk.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [BA6A913C] spwk.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [BA6A90BE] spwk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [BA6A97FC] spwk.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [BA6A96D2] spwk.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [BA6B9048] spwk.sys
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KfAcquireSpinLock] 000000AD
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!READ_PORT_UCHAR] 000000D4
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KeGetCurrentIrql] 000000A2
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KfRaiseIrql] 000000AF
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KfLowerIrql] 0000009C
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!HalGetInterruptVector] 000000A4
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!HalTranslateBusAddress] 00000072
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KeStallExecutionProcessor] 000000C0
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!KfReleaseSpinLock] 000000B7
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 000000FD
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!READ_PORT_USHORT] 00000093
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 00000026
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[HAL.dll!WRITE_PORT_UCHAR] 00000036
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[WMILIB.SYS!WmiSystemControl] 000000F7
IAT \SystemRoot\System32\Drivers\a7v3m901.SYS[WMILIB.SYS!WmiCompleteRequest] 000000CC
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KfAcquireSpinLock] C0840CEC
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!READ_PORT_UCHAR] 053C0D74
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KeGetCurrentIrql] 57B80974
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KfRaiseIrql] 8B000000
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KfLowerIrql] 56C35DE5
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!HalGetInterruptVector] 8D08758B
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!HalTranslateBusAddress] 8D51FC4D
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KeStallExecutionProcessor] 8D52FD55
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!KfReleaseSpinLock] 8D51FE4D
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 8D52FF55
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!READ_PORT_USHORT] 8D51F84D
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 5052F455
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[HAL.dll!WRITE_PORT_UCHAR] EACAE856
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[WMILIB.SYS!WmiSystemControl] 0FC08520
IAT \SystemRoot\System32\Drivers\arumkbqi.SYS[WMILIB.SYS!WmiCompleteRequest] 0001B185

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A6141F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\PCI_PNP4682 \Device\00000050 spwk.sys
Device \Driver\usbuhci \Device\USBPDO-0 8A3E6500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A5A51F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A5A51F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A5A51F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A5A51F8
Device \Driver\usbuhci \Device\USBPDO-1 8A3E6500
Device \Driver\usbuhci \Device\USBPDO-2 8A3E6500
Device \Driver\usbuhci \Device\USBPDO-3 8A3E6500
Device \Driver\usbehci \Device\USBPDO-4 8A3971F8

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6161F8
Device \Driver\Cdrom \Device\CdRom0 8A3621F8
Device \Driver\Cdrom \Device\CdRom1 8A3621F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Cdrom \Device\CdRom2 8A3621F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 89E09500
Device \Driver\NetBT \Device\NetbiosSmb 89E09500
Device \Driver\PCI_PNP4682 \Device\0000004f spwk.sys

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\sptd \Device\853852182 spwk.sys

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)

Device \Driver\usbuhci \Device\USBFDO-0 8A3E6500
Device \Driver\sptd \Device\854008432 spwk.sys
Device \Driver\usbuhci \Device\USBFDO-1 8A3E6500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8972B500
Device \Driver\usbuhci \Device\USBFDO-2 8A3E6500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8972B500
Device \Driver\usbuhci \Device\USBFDO-3 8A3E6500
Device \Driver\usbehci \Device\USBFDO-4 8A3971F8
Device \Driver\Ftdisk \Device\FtControl 8A6161F8
Device \Driver\arumkbqi \Device\Scsi\arumkbqi1Port2Path0Target0Lun0 89DBD1F8
Device \Driver\arumkbqi \Device\Scsi\arumkbqi1Port2Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7v3m901 \Device\Scsi\a7v3m9011 89E92500
Device \Driver\a7v3m901 \Device\Scsi\a7v3m9011 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a7v3m901 \Device\Scsi\a7v3m9011Port3Path0Target0Lun0 89E92500
Device \Driver\a7v3m901 \Device\Scsi\a7v3m9011Port3Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\arumkbqi \Device\Scsi\arumkbqi1 89DBD1F8
Device \Driver\arumkbqi \Device\Scsi\arumkbqi1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\Cdfs \Cdfs 89E0A1F8

---- Threads - GMER 1.0.15 ----

Thread System [4:456] 88F87790

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC3 0x72 0x48 0x24 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0xB9 0x3E 0xDB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x42 0x6B 0x7D 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0xAD 0x73 0x96 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x73 0x00 0xEE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xCF 0xEC 0x6B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0xAD 0x73 0x96 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x73 0x00 0xEE ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x63 0xA2 0x79 0x3C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xC3 0x72 0x48 0x24 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x33 0xB9 0x3E 0xDB ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x42 0x6B 0x7D 0xBF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x06 0xAD 0x73 0x96 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x87 0x73 0x00 0xEE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x69 0xCF 0xEC 0x6B ...

---- EOF - GMER 1.0.15 ----

#5 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 01 June 2009 - 05:40 AM

also thank you very much for your help
greatly appreciated

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 01 June 2009 - 06:43 AM

You are welcome.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell\AutoRun\command - "" = G:\RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com 
    O33 - MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\Shell\Open\command - "" = G:\RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com -- File not found
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
===========
AFter that insert your flash drives or removable drives then run Combofix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Edited by kahdah, 01 June 2009 - 06:44 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 02 June 2009 - 04:30 PM

Error: Unable to interpret <#> in the current context!
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cef7fde-200c-11de-9b55-001a4df6e61e}\ not found.
File G:\RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cef7fde-200c-11de-9b55-001a4df6e61e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cef7fde-200c-11de-9b55-001a4df6e61e}\ not found.
File G:\RECYCLER\S-5-2-41-100023589-100013867-100029861-4235.com not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Damian\Local Settings\temp\~DF53D8.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Error: Unable to interpret <# Then click the Run Fix button at th> in the current context!

OTL by OldTimer - Version 2.1.1.0 log created on 06032009_072636

Files moved on Reboot...
C:\Documents and Settings\Damian\Local Settings\temp\~DF53D8.tmp moved successfully.

Registry entries deleted on Reboot...

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 02 June 2009 - 05:54 PM

Hi can you please run Combofix and post the log that pops up.
Thanks.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 03 June 2009 - 12:45 AM

sorry i had to do something

here it is

ComboFix 09-05-31.06 - Damian 03/06/2009 15:36.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1522 [GMT 10:00]
Running from: c:\documents and settings\Damian\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.

2009-06-02 21:26 . 2009-06-02 21:26 -------- d-----w- C:\_OTL
2009-06-01 08:40 . 2009-06-01 08:40 286208 ----a-w- C:\xqq1njix.exe
2009-05-26 21:32 . 2009-05-26 21:32 -------- d-----w- c:\program files\AskBarDis
2009-05-26 21:32 . 2009-06-02 21:33 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2009-05-26 21:32 . 2009-06-02 21:32 -------- d-----w- c:\program files\DVDVideoSoft
2009-05-19 21:04 . 2009-05-19 21:04 -------- d-----w- c:\documents and settings\Andrew\Local Settings\Application Data\Google
2009-05-18 06:02 . 2009-05-18 06:02 -------- d-----w- c:\program files\PlayAllDVD
2009-05-16 07:38 . 2009-05-16 07:39 -------- d-----w- c:\documents and settings\foo.UGOV.013\Local Settings\Application Data\Microsoft
2009-05-16 07:38 . 2009-05-16 07:38 -------- d-----w- c:\documents and settings\foo.UGOV.013
2009-05-13 09:02 . 2009-05-13 09:02 -------- d-----w- c:\program files\Armadillo Run
2009-05-13 08:52 . 2009-05-13 08:52 -------- d-----w- c:\program files\Lame for Audacity
2009-05-13 08:50 . 2009-05-17 07:00 -------- d-----w- c:\program files\Audacity

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 08:57 . 2007-12-27 01:10 -------- d-----w- c:\documents and settings\Damian\Application Data\LimeWire
2009-06-02 08:01 . 2007-12-26 23:33 196608 ----a-w- c:\windows\system32\drivers\nStandard.bin
2009-06-02 05:45 . 2009-03-08 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-01 21:05 . 2008-09-28 21:58 -------- d-----w- c:\documents and settings\Damian\Application Data\uTorrent
2009-06-01 06:40 . 2007-12-31 04:37 -------- d-----w- c:\documents and settings\Andrew\Application Data\LimeWire
2009-05-19 21:05 . 2009-03-08 00:36 -------- d-----w- c:\program files\Google
2009-05-16 07:39 . 2009-05-16 07:39 -------- d-----w- c:\documents and settings\foo.UGOV.013\Application Data\ESET
2009-05-16 07:39 . 2009-05-16 07:39 -------- d-----w- c:\documents and settings\foo.UGOV.013\Application Data\Nero
2009-05-14 06:15 . 2009-05-14 06:15 -------- d-----w- c:\documents and settings\foo.UGOV.012\Application Data\ESET
2009-05-14 06:15 . 2009-05-14 06:15 -------- d-----w- c:\documents and settings\foo.UGOV.012\Application Data\Nero
2009-05-09 06:56 . 2007-12-27 00:54 -------- d-----w- c:\program files\ESET
2009-05-08 08:36 . 2007-12-26 23:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-08 05:59 . 2008-01-01 00:59 -------- d-----w- c:\program files\Electronic Arts
2009-05-04 20:57 . 2008-08-22 09:02 -------- d-----w- c:\program files\LimeWire
2009-04-22 21:50 . 2009-04-22 21:50 355888 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Platform\1033\Update\nm\nmurlexc.exe
2009-04-19 05:51 . 2009-04-19 05:51 -------- d-----w- c:\documents and settings\Damian\Application Data\SPORE
2009-04-19 05:44 . 2009-04-19 05:44 -------- d--h--r- c:\documents and settings\Damian\Application Data\SecuROM
2009-04-19 05:44 . 2008-01-01 01:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-19 01:49 . 2008-04-09 06:45 -------- d-----w- c:\program files\Safari
2009-04-19 01:47 . 2009-04-19 01:38 -------- d-----w- c:\program files\NDSROM Player
2009-04-19 01:45 . 2009-04-19 01:45 -------- d-----w- c:\program files\UO GPPSP Kai 3.3
2009-04-17 02:08 . 2009-04-17 02:08 -------- d-----w- c:\documents and settings\foo.UGOV.011\Application Data\Nero
2009-04-13 06:42 . 2009-04-13 06:42 -------- d-----w- c:\documents and settings\foo.UGOV.010\Application Data\Nero
2009-04-09 05:53 . 2007-12-30 07:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-08 07:26 . 2009-04-08 07:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 07:26 . 2009-03-16 19:54 -------- d-----w- c:\program files\iTunes
2009-04-08 07:25 . 2009-04-08 07:25 -------- d-----w- c:\program files\iPod
2009-04-08 07:25 . 2007-12-26 23:59 -------- d-----w- c:\program files\Common Files\Apple
2009-04-08 07:21 . 2009-04-08 07:21 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 06:32 . 2009-03-19 06:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 06:32 . 2008-01-29 02:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 01:45 . 2009-03-19 01:45 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 01:45 . 2009-03-19 01:45 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-03-19 01:45 . 2009-03-19 01:45 131976 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-03-19 01:44 . 2009-03-19 01:44 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-03-19 01:41 . 2009-03-19 01:41 113960 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-03-10 04:19 . 2008-03-10 06:51 35336 ----a-w- c:\documents and settings\Andrew\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 01:54 . 2008-10-12 20:48 34 ----a-w- c:\documents and settings\Damian\jagex_runescape_preferences.dat
2009-03-06 14:22 . 2007-07-27 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
2009-03-05 12:59 . 2008-09-11 06:37 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-05 12:59 . 2007-12-26 23:59 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2007-12-27 04:20 . 2007-12-27 04:16 48 --sh--w- c:\windows\S5E476866.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-19_08.03.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-19 01:00 . 2009-05-31 23:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-19 01:00 . 2009-05-08 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-09-19 01:00 . 2009-05-08 00:36 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-09-19 01:00 . 2009-05-31 23:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-09-19 01:00 . 2009-05-08 00:36 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-09-19 01:00 . 2009-05-31 23:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-05-19 21:06 . 2009-05-19 21:06 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 00:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-23 4608]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-28 81920]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-11 380928]
"GameFace Messenger"="c:\program files\GameFace Messenger\GameFace.exe" [2006-11-01 2154496]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 570664]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-26 177472]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-15 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-06-15 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-06-28 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Andrew\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-3-11 139776]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\patchget.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Maxis\\SimCity 4\\Apps\\SimCity 4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Electronic Arts\\Warhammer Online - Age of Reckoning\\warpatch.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"46312:TCP"= 46312:TCP:UTorrent

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19/03/2009 11:44 AM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19/03/2009 11:44 AM 731840]
R2 U3sHlpDr;U3sHlpDr;c:\windows\system32\drivers\U3sHlpDr.sys [27/12/2007 10:50 AM 7551]
S2 gupdate1c99f8628ef336e;Google Update Service (gupdate1c99f8628ef336e);c:\program files\Google\Update\GoogleUpdate.exe [8/03/2009 10:38 AM 133104]
S3 bDMusicb;bDMusicb;\??\c:\docume~1\Damian\LOCALS~1\Temp\bDMusicb.sys --> c:\docume~1\Damian\LOCALS~1\Temp\bDMusicb.sys [?]
S3 PVUSB;CESG502 USB Driver;c:\windows\system32\drivers\CESG502.SYS [18/02/2009 6:59 PM 40672]
.
Contents of the 'Scheduled Tasks' folder

2009-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 02:34]

2009-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-08 02:08]

2009-06-03 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-08 00:38]

2009-06-01 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]

2009-06-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Damian\Application Data\Mozilla\Firefox\Profiles\3dv7rnl0.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-03 15:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-616249376-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:c5,d4,a8,54,64,80,75,53,0a,cb,ab,b7,a8,f1,76,21,7c,41,9a,ac,27,
35,c4,62,5d,74,f9,3f,f7,70,5b,83,3f,04,9a,66,42,72,19,2c,a2,d6,ca,5d,53,15,\
"rkeysecu"=hex:67,fc,41,9c,7d,b2,77,27,8b,b3,31,06,0a,29,3c,de

[HKEY_USERS\S-1-5-21-1214440339-616249376-839522115-1003\Software\Zepter Software\RegLib*fca13038\CloneDVDmobile/1]
"1"=dword:4772f855
"2"=dword:4773218b
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2976)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-03 15:39
ComboFix-quarantined-files.txt 2009-06-03 05:39
ComboFix2.txt 2009-05-19 08:04

Pre-Run: 207,275,876,352 bytes free
Post-Run: 207,266,476,032 bytes free

210 --- E O F --- 2009-05-12 23:27

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 03 June 2009 - 06:49 AM

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

Edited by kahdah, 03 June 2009 - 06:50 AM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 June 2009 - 04:18 AM

Malwarebytes' Anti-Malware 1.37
Database version: 2232
Windows 5.1.2600 Service Pack 3

5/06/2009 7:14:15 PM
mbam-log-2009-06-05 (19-14-15).txt

Scan type: Full Scan (C:\|)
Objects scanned: 296601
Time elapsed: 36 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\Damian\Start Menu\Programs\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\PlayAllDVD (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Damian\Start Menu\Programs\PLDivX (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
c:\install files\ahead.nero.v8.3.2.1b-embrace\keygen.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3fb57358-e957-4502-b541-e181db0ae702}\RP424\A0126848.com (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\program files\playalldvd\Uninstall.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
c:\documents and settings\Damian\start menu\Programs\playalldvd\Uninstall.lnk (Trojan.DNSChanger) -> Quarantined and deleted successfully.

#12 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 05 June 2009 - 06:20 AM

The use of keygens and cracks are illegal so disacontinue the use of these types of programs if you do not want to keep getting infected.
These programs are 9 times out of 10 packed with the nasties malware.
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#13 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 June 2009 - 03:37 PM

OTL logfile created on: 6/06/2009 6:30:44 AM - Run 2
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Damian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.75% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.58% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 192.92 Gb Free Space | 41.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: UGOV
Current User Name: Damian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\GameFace Messenger\GameFace.exe (AceGain Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\WINDOWS\system32\PnkBstrB.exe ()
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Damian\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (ATKKeyboardService [Auto | Stopped]) -- File not found
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (gupdate1c99f8628ef336e [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpdj [Auto | Stopped]) -- File not found
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 3 [Auto | Running]) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (Nero AG)
SRV - (NMIndexingService [On_Demand | Stopped]) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service [Auto | Running]) -- C:\WINDOWS\system32\IoctlSvc.exe (Prolific Technology Inc.)
SRV - (PnkBstrB [Auto | Running]) -- C:\WINDOWS\system32\PnkBstrB.exe ()
SRV - (ServiceLayer [On_Demand | Stopped]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (StarWindServiceAE [Auto | Running]) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AnyDVD [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (asusgsb [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\asusgsb.sys (ASUSTeK Computer Inc.)
DRV - (asuskbnt [System | Running]) -- C:\WINDOWS\system32\drivers\atkkbnt.sys (ASUSTeK COMPUTER INC.)
DRV - (ASUSVRC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\AsusVRC.sys (ASUSTeK COMPUTER INC.)
DRV - (eamon [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\eamon.sys (ESET)
DRV - (ehdrv [System | Running]) -- C:\WINDOWS\system32\DRIVERS\ehdrv.sys (ESET)
DRV - (EIO [System | Running]) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (ElbyCDIO [System | Running]) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (ElbyDelay [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys (Elaborate Bytes AG)
DRV - (epfw [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\epfw.sys (ESET)
DRV - (Epfwndis [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Epfwndis.sys (ESET)
DRV - (epfwtdi [System | Running]) -- C:\WINDOWS\system32\DRIVERS\epfwtdi.sys (ESET)
DRV - (gdrv [On_Demand | Stopped]) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (hamachi [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Maplom [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (nmwcdcj [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdcm [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (PVUSB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
DRV - (RTLE8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (U3sHlpDr [Auto | Running]) -- C:\WINDOWS\System32\Drivers\U3sHlpDr.sys ()
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (Video3D [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\Video3D32.sys (ASUSTeK COMPUTER INC.)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/04 17:02:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/24 08:59:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2009/05/09 16:56:17 | 00,000,000 | ---D | M]

[2009/03/07 14:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions
[2008/08/30 10:56:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/07 14:26:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Extensions\mozswing@mozswing.org
[2009/05/31 14:57:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Damian\Application Data\mozilla\Firefox\Profiles\3dv7rnl0.default\extensions
[2009/06/05 16:38:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/24 08:58:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/12/27 11:10:37 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/12/28 15:04:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/05 16:17:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/18 07:15:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/24 08:58:51 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/24 08:58:51 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/24 08:59:02 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/05/24 08:59:02 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/24 08:59:02 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/05/24 08:59:02 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/24 08:59:02 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/05/24 08:59:02 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/24 08:59:02 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/24 08:59:02 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (100 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\E-Zsoft\YouTubeDownloader\VDTB.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (E-Zsoft VideoDownloaderToolBar) - {4322A444-92F8-4C3E-BD4C-013BA51E2871} - C:\Program Files\E-Zsoft\YouTubeDownloader\VDTB.dll File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice (ESET)
O4 - HKLM..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe (AceGain Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount ()
O4 - HKCU..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 33 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\System32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/27 09:13:37 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/05 18:35:02 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[10 C:\WINDOWS\*.tmp files]
[2009/06/05 18:35:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Application Data\Malwarebytes
[2009/06/05 18:35:53 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/05 18:35:50 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/05 18:35:49 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/05 18:35:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/05 18:35:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/05 18:34:04 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Damian\Desktop\mbam-setup.exe
[2009/06/05 18:29:40 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/03 17:16:49 | 00,000,000 | ---D | C] -- C:\MSNCleaner
[2009/06/03 15:39:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/06/03 15:39:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Local Settings\temp
[2009/06/03 15:35:06 | 00,154,624 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/03 07:31:14 | 03,128,986 | R--- | C] () -- C:\Documents and Settings\Damian\Desktop\ComboFix.exe
[2009/06/03 07:26:36 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/06/01 18:40:14 | 00,286,208 | ---- | C] () -- C:\xqq1njix.exe
[2009/06/01 18:32:00 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Damian\Desktop\OTL.exe
[2009/05/27 07:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\iPod_converter
[2009/05/27 07:32:38 | 00,000,892 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\DVDVideoSoft Free Studio.lnk
[2009/05/27 07:32:38 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/05/27 07:32:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\My Documents\DVDVideoSoft
[2009/05/27 07:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2009/05/27 07:32:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2009/05/24 14:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\PSPDocMakerGUI
[2009/05/20 07:06:00 | 00,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/19 19:19:40 | 73,424,4864 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Meet Dave.avi
[2009/05/19 19:19:27 | 93,770,5472 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Johnny.Dangerously.1984.DVDRip.XviD.ph2.avi
[2009/05/19 19:18:50 | 52,195,7326 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Clive.Barkers.Book.of.Blood.DVDrip.Xvid.TFE.avi
[2009/05/19 17:55:54 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/19 17:55:52 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/19 17:55:51 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/19 17:53:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/19 17:53:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/19 17:53:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/19 17:53:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/19 17:53:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/19 17:53:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/19 17:53:40 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/19 17:53:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/19 17:53:27 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/16 12:55:29 | 01,408,961 | ---- | C] ( ) -- C:\Documents and Settings\Damian\Desktop\DesktopTowerDefense.exe
[2009/05/13 19:02:12 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Armadillo Run.lnk
[2009/05/13 19:02:10 | 00,000,000 | ---D | C] -- C:\Program Files\Armadillo Run
[2009/05/13 18:52:33 | 00,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2009/05/13 18:50:16 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Audacity.lnk
[2009/05/13 18:50:14 | 00,000,000 | ---D | C] -- C:\Program Files\Audacity
[2009/05/09 17:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Damian\Desktop\PSP Stuff
[2009/05/08 15:59:57 | 00,001,029 | ---- | C] () -- C:\Documents and Settings\Damian\Desktop\Warhammer Online - Age of Reckoning.lnk
[2008/12/31 16:04:42 | 00,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/18 13:48:19 | 00,000,060 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/08/10 18:28:18 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/07/16 20:09:45 | 00,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2008/06/22 17:28:54 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/19 15:45:14 | 00,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/01/19 14:25:48 | 00,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/01/01 10:51:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/12/30 18:39:44 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/12/28 14:44:51 | 00,001,815 | ---- | C] () -- C:\WINDOWS\hpdj3500.ini
[2007/12/27 14:01:55 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/12/27 10:50:35 | 00,007,551 | ---- | C] () -- C:\WINDOWS\System32\drivers\U3sHlpDr.sys
[2007/12/27 09:33:57 | 00,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll
[2007/12/27 09:33:57 | 00,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll
[2007/12/27 09:33:56 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2007/12/27 09:33:56 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2007/12/27 09:33:56 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2007/12/27 09:33:56 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2007/12/27 09:33:55 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2007/07/27 22:00:00 | 00,000,603 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/07/27 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/06/29 02:43:00 | 01,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/06/29 02:43:00 | 01,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/06/29 02:43:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/06/29 02:43:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/06/29 02:43:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/06/28 20:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/06/28 20:52:18 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/06/19 07:59:36 | 00,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 06:57:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 06:57:28 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/10/11 10:19:00 | 00,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[10 C:\WINDOWS\*.tmp files]
[2009/06/06 06:22:11 | 00,013,742 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/06 06:22:10 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2009/06/06 06:21:47 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/06 06:21:35 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/06/06 06:21:34 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Damian\Local Settings\desktop.ini
[2009/06/06 06:21:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/06 06:21:25 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/05 19:17:08 | 00,000,608 | ---- | M] () -- C:\Documents and Settings\Damian\My Documents\My Sharing Folders.lnk
[2009/06/05 18:35:53 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/05 18:35:09 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Damian\Desktop\mbam-setup.exe
[2009/06/05 18:26:58 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/06/05 06:26:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/06/05 06:26:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/06/04 16:59:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/06/04 16:59:25 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/06/04 07:00:59 | 00,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/06/04 07:00:59 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/03 16:15:37 | 00,459,508 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/03 16:15:37 | 00,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/03 16:15:37 | 00,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/03 15:38:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/06/03 13:50:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/03 07:33:18 | 00,000,892 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\DVDVideoSoft Free Studio.lnk
[2009/06/03 07:32:28 | 03,128,986 | R--- | M] () -- C:\Documents and Settings\Damian\Desktop\ComboFix.exe
[2009/06/02 18:01:34 | 00,196,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009/06/02 18:01:33 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/02 06:19:05 | 00,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2009/06/01 18:40:31 | 00,286,208 | ---- | M] () -- C:\xqq1njix.exe
[2009/06/01 18:32:38 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Damian\Desktop\OTL.exe
[2009/06/01 16:51:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/01 16:51:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2009/06/01 06:27:47 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/01 06:27:46 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/05/31 14:11:31 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Armadillo Run.lnk
[2009/05/31 12:04:48 | 00,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/05/31 12:04:48 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/31 11:37:43 | 00,000,175 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/05/31 11:08:41 | 00,154,624 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/05/31 10:32:55 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/31 10:32:54 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/05/31 10:01:44 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Microsoft Office Word 2003.lnk
[2009/05/30 17:58:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/05/30 17:58:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/05/29 05:57:58 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/05/29 05:57:57 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/05/27 18:16:00 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/05/27 18:16:00 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/05/27 17:55:13 | 00,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/05/27 17:55:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/25 08:59:35 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/05/25 08:59:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/05/24 08:58:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/05/24 08:58:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/05/21 17:09:13 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/05/21 17:09:13 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/05/21 06:47:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/05/21 06:47:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/05/20 19:59:17 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/05/20 19:59:16 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/05/20 18:35:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/05/20 18:35:35 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/05/20 07:24:15 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/05/20 07:24:15 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/05/20 07:06:00 | 00,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2009/05/19 17:55:54 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/05/18 17:14:12 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/05/18 17:14:12 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/05/18 07:27:33 | 00,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/05/18 07:27:33 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/05/16 12:55:36 | 01,408,961 | ---- | M] ( ) -- C:\Documents and Settings\Damian\Desktop\DesktopTowerDefense.exe
[2009/05/13 18:50:16 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Audacity.lnk
[2009/05/12 00:41:54 | 52,195,7326 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Clive.Barkers.Book.of.Blood.DVDrip.Xvid.TFE.avi
[2009/05/09 15:19:18 | 93,770,5472 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Johnny.Dangerously.1984.DVDRip.XviD.ph2.avi
[2009/05/08 15:59:57 | 00,001,029 | ---- | M] () -- C:\Documents and Settings\Damian\Desktop\Warhammer Online - Age of Reckoning.lnk
[2009/05/07 17:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:17 AM

Posted 05 June 2009 - 05:51 PM

How are things running?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#15 damo1992

damo1992
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:17 PM

Posted 05 June 2009 - 09:31 PM

yeh everything is running normally now

i think it may all be gone, thank you so much for your help




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users