Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirections, unable to update antivirus software, crashing computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 peteknight

peteknight

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 06 June 2009 - 04:53 AM

DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 10:47:14.79 on 06/06/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.296 [GMT 1:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\ncsoft\launcher\NCLauncher.exe
C:\Program Files\Curse\CurseClient.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.btbroadbandstart.com/
uInternet Settings,ProxyOverride = *.local
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: PBUKV2: {4e7bd74f-2b8d-469e-a0e8-f479b685fa7d} - c:\windows\system32\pbukv2.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {6584c510-924b-486a-a1a0-e380de08c2db} - c:\windows\system32\xxyxVMgd.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: {840ba2cc-a1d3-4263-bd05-37e8b2c2557c} - c:\windows\system32\awtsPhIb.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1203.0\msneshellx.dll
TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [PlayNC Launcher]
uRun: [NCsoft Launcher] c:\program files\ncsoft\launcher\NCLauncher.exe /Minimized
uRun: [CurseClient] c:\program files\curse\CurseClient.exe -silent
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [VTTimer] VTTimer.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PCMService] "c:\apps\powercinema\PCMService.exe"
mRun: [EPSON Stylus CX3600 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
mRun: [TalkTalk] "c:\program files\talktalk\bin\sprtcmd.exe" /P TalkTalk
mRun: [c:\windows\system32\kddtv.exe] c:\windows\system32\kddtv.exe
mRun: [c:\windows\system32\kdzbe.exe] c:\windows\system32\kdzbe.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2}
DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA}
DPF: {C36661D7-3590-45B1-80B5-520839E94DAD}
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 85.255.112.157,85.255.112.63
TCP: {C636F94A-7350-40BC-AFEA-920FEABA5A98} = 85.255.112.157,85.255.112.63
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6584c510-924b-486a-a1a0-e380de08c2db} - c:\windows\system32\xxyxVMgd.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\awtsPhIb

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\r3nvg5mk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aintitcool.com/
FF - plugin: c:\documents and settings\pete\application data\mozilla\firefox\profiles\r3nvg5mk.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [2008-9-26 15172]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-6-2 353672]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-6-2 464264]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 efipsk;efipsk;\??\c:\docume~1\pete\locals~1\temp\efipsk.sys --> c:\docume~1\pete\locals~1\temp\efipsk.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

=============== Created Last 30 ================

2009-06-06 10:42 <DIR> --d----- c:\program files\trend micro
2009-06-06 10:42 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 10:41 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-06 10:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-05 10:22 <DIR> --d----- C:\ie-spyad_zo
2009-06-05 09:11 <DIR> --d----- c:\windows\trlrm
2009-06-05 09:11 36 ----hr-- c:\windows\sued.dat
2009-06-02 16:47 <DIR> --d----- c:\program files\AskBarDis
2009-06-02 16:45 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-06-02 16:45 <DIR> --d----- c:\program files\Zone Labs
2009-06-02 16:45 350,192 a------- c:\windows\system32\vsconfig.xml
2009-06-02 13:44 363 ---shr-- C:\autorun.inf
2009-05-22 16:58 <DIR> --d----- c:\program files\common files\DivX Shared
2009-05-22 16:58 <DIR> --d----- c:\program files\DivX
2009-05-08 12:59 <DIR> --d----- c:\program files\Curse

==================== Find3M ====================

2009-06-02 16:46 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-15 21:25 120,056 -c------ c:\windows\system32\pxcpyi64.exe
2009-04-15 21:25 118,520 -c------ c:\windows\system32\pxinsi64.exe
2009-04-15 21:25 129,784 -------- c:\windows\system32\pxafs.dll
2009-04-15 21:25 43,528 -------- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 21:24 90,112 a------- c:\windows\system32\dpl100.dll
2009-04-15 21:24 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-04-15 21:24 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-04-15 21:24 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-04-15 21:24 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-04-15 21:24 684,032 a------- c:\windows\system32\DivX.dll
2009-04-04 15:20 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-21 15:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 14:09 638,816 a------- c:\windows\system32\dllcache\iexplore.exe
2009-03-08 14:09 391,536 a------- c:\windows\system32\dllcache\iedkcs32.dll
2007-11-01 13:13 10,104,011 ac------ c:\program files\setup.exe
2008-08-19 21:13 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081920080820\index.dat

============= FINISH: 10:48:04.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:37 AM

Posted 06 June 2009 - 12:38 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 June 2009 - 04:42 AM

Brilliant, thanks, here's the first one.

OTListIt Extras logfile created on: 07/06/2009 10:37:44 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Pete\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.48 Mb Total Physical Memory | 237.40 Mb Available Physical Memory | 30.93% Memory free
1.83 Gb Paging File | 1.34 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 8.80 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.73 Gb Total Space | 1.19 Gb Free Space | 1.06% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 045096820308
Current User Name: Pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard
"6999:TCP" = 6999:TCP:*:Enabled:Blizzard 2
"6112:TCP" = 6112:TCP:*:Enabled:Blizzard 3
"3724:TCP" = 3724:TCP:LocalSubNet:Enabled:Blizzard Downloader

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2009/04/07 17:39:17 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel
[2009/06/05 09:11:25 | 00,303,179 | ---- | M] (Trlokom, Inc.) -- C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/13 19:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
File not found -- C:\Documents and Settings\Pete\Local Settings\Temp\rld11.exe:*:Enabled:UK Provider
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
File not found -- C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA
File not found -- C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA
[2008/09/06 09:09:06 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe:*:Enabled:DNA
[2007/08/24 08:14:14 | 01,004,832 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\agent\bin\bcont.exe:*:Enabled:bcont.exe
[2007/08/02 13:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\tgsrvc.exe:*:Enabled:tgsrvc.exe
[2007/08/24 08:14:22 | 01,004,832 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\agent\bin\bcont_nm.exe:*:Enabled:bcont_nm.exe
[2007/10/12 08:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe:*:Enabled:sprtcmd.exe
File not found -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2004/03/12 13:29:58 | 00,038,000 | ---- | M] (America Online, Inc.) -- C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL
File not found -- C:\Program Files\Gameforge4D\AirRivals\Launcher.atm:Enabled:GameExe2
File not found -- C:\Program Files\Gameforge4D\AirRivals\Res-Voip\SCVoIP.exe:Enabled:GameVoIP
[2008/04/14 01:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2009/02/06 18:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call
[2009/02/06 18:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2009/02/06 18:51:28 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
[2008/10/29 19:39:36 | 25,798,440 | R--- | M] (Skype Technologies S.A.) -- C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/04/07 17:39:17 | 00,286,720 | ---- | M] () -- C:\Program Files\NCsoft\Exteel (US)\System\Exteel.exe:*:Enabled:Exteel
[2009/06/06 10:26:18 | 01,934,336 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client
[2009/06/05 09:11:25 | 00,303,179 | ---- | M] (Trlokom, Inc.) -- C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5435FF3C-48CF-4B34-85E1-2C95673EB254}" = Dawn of War - Soulstorm
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BFA5441E-B7E6-46F5-A15D-1B74707AE93A}" = ACID Pro 7.0
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C994D98C-293D-4825-958E-EB684B4D413F}" = MSN Toolbar
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D084B1A9-153B-409D-AEBF-C40FCEF925EA}" = TalkTalk Assist & Go
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}" = Search Settings 1.2
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{E80BB1C5-0BD7-4FEB-9C98-976BFC808552}" = ConnectGoV5UpdateVer2
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF39FC01-819B-42E4-AE49-1968AF12DDD4}" = Dawn of War - Dark Crusade
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"AudibleManager" = AudibleManager
"Canon MP460 User Registration" = Canon MP460 User Registration
"Cleaner 5 EZ" = Cleaner 5 EZ
"CurseClient" = Curse Client
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dynamic Toolbar_is1" = Packard Bell Toolbar 1.0
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ESCX3600 Reference Guide" = ESCX3600 Reference Guide
"ESCX3600 Software Guide" = ESCX3600 Software Guide
"FEAP" = Final Effects for Adobe Premiere
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"MixMeister Studio 7.2.2_is1" = MixMeister Studio 7.2.2
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SLAMRMO" = Aztech CNR2900 V.90 Modem
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VideoLAN VLC media player 0.8.6h
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Vuze" = Vuze
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WOLAPI" = Westwood Shared Internet Components
"World of Warcraft" = World of Warcraft
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"NCsoft-Exteel" = Exteel (US)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"NCsoft-Exteel" = Exteel (US)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/06/2009 04:10:13 | Computer Name = 045096820308 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 05/06/2009 04:10:13 | Computer Name = 045096820308 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 05/06/2009 04:10:13 | Computer Name = 045096820308 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 06/06/2009 03:39:42 | Computer Name = 045096820308 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 06/06/2009 03:40:14 | Computer Name = 045096820308 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 06/06/2009 03:43:21 | Computer Name = 045096820308 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 06/06/2009 04:33:53 | Computer Name = 045096820308 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/06/2009 04:47:30 | Computer Name = 045096820308 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 06/06/2009 05:26:16 | Computer Name = 045096820308 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 07/06/2009 05:32:12 | Computer Name = 045096820308 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

[ System Events ]
Error - 06/06/2009 05:43:03 | Computer Name = 045096820308 | Source = Service Control Manager | ID = 7016
Description = The SmartLinkService service has reported an invalid current state
0.

Error - 06/06/2009 05:56:19 | Computer Name = 045096820308 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.

Error - 06/06/2009 07:08:38 | Computer Name = 045096820308 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.

Error - 06/06/2009 08:49:32 | Computer Name = 045096820308 | Source = DCOM | ID = 10010
Description = The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register
with DCOM within the required timeout.

Error - 06/06/2009 09:09:28 | Computer Name = 045096820308 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.

Error - 06/06/2009 09:36:20 | Computer Name = 045096820308 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00110902C950 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/06/2009 11:17:01 | Computer Name = 045096820308 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.2 for the Network Card with network
address 00110902C950 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 06/06/2009 11:36:58 | Computer Name = 045096820308 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.

Error - 07/06/2009 05:32:50 | Computer Name = 045096820308 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 07/06/2009 05:34:53 | Computer Name = 045096820308 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring
the volume.


< End of report >


that one came up with another one too.


OTListIt logfile created on: 07/06/2009 10:37:44 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Pete\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

767.48 Mb Total Physical Memory | 237.40 Mb Available Physical Memory | 30.93% Memory free
1.83 Gb Paging File | 1.34 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.52 Gb Total Space | 8.80 Gb Free Space | 12.84% Space Free | Partition Type: NTFS
Drive D: | 423.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 111.73 Gb Total Space | 1.19 Gb Free Space | 1.06% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 045096820308
Current User Name: Pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2005/01/28 11:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
PRC - [2005/01/28 11:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe
PRC - [2005/01/28 11:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
PRC - [2005/01/28 11:11:42 | 00,737,379 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
PRC - [2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HIDSERVICE.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/01/17 02:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2007/10/12 08:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe
PRC - [2007/08/02 13:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
PRC - [2004/03/26 14:07:12 | 00,049,152 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\VTTimer.exe
PRC - [2004/05/14 15:47:18 | 00,067,072 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/28 11:10:32 | 00,110,740 | ---- | M] (CyberLink Corp.) -- C:\Apps\Powercinema\PCMService.exe
PRC - [2007/10/12 08:33:16 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtcmd.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/06/02 08:42:15 | 00,038,136 | ---- | M] (NCSoft) -- C:\program files\ncsoft\launcher\NCLauncher.exe
PRC - [2009/06/06 10:26:18 | 01,934,336 | ---- | M] () -- C:\Program Files\Curse\CurseClient.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/28 21:23:23 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2006/10/18 22:46:20 | 00,064,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/06/07 10:36:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2004/02/25 10:55:34 | 01,123,440 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/01/28 11:11:10 | 00,176,220 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/01/28 11:11:14 | 00,110,682 | ---- | M] () -- c:\APPS\Powercinema\Kernel\TV\CLSched.exe -- (CLSched [Auto | Running])
SRV - [2005/01/28 11:11:40 | 00,024,576 | ---- | M] (Cyberlink) -- C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service [Auto | Running])
SRV - [2008/05/09 15:23:25 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2005/01/07 12:01:52 | 00,049,152 | ---- | M] () -- c:\APPS\HIDSERVICE\HIDSERVICE.exe -- (GenericHidService [Auto | Running])
SRV - [2009/03/23 10:27:32 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/12/14 03:21:20 | 00,045,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2009/02/18 23:21:00 | 02,769,658 | ---- | M] (INCA Internet Co., Ltd.) -- C:\WINDOWS\system32\GameMon.des -- (npggsvc [On_Demand | Stopped])
SRV - [2009/02/18 15:44:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/12/14 02:46:16 | 00,057,344 | ---- | M] () -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2008/04/07 09:17:30 | 00,430,592 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2003/01/17 02:02:38 | 00,045,056 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])
SRV - [2007/02/05 11:11:16 | 00,112,184 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service [On_Demand | Stopped])
SRV - [2007/10/12 08:33:38 | 00,202,016 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\TalkTalk\bin\sprtsvc.exe -- (sprtsvc_TalkTalk [Auto | Running])
SRV - [2006/12/14 03:02:08 | 00,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2007/02/05 11:11:18 | 00,075,320 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV [On_Demand | Stopped])
SRV - [2007/08/02 13:42:16 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2007/08/02 13:42:14 | 00,148,768 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe -- (tgsrvc_TalkTalk [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2004/02/24 11:08:52 | 00,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS [On_Demand | Running])
DRV - [2004/05/14 23:24:10 | 00,622,172 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 19:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/12/16 14:36:30 | 00,042,496 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys -- (FETND5BV [On_Demand | Running])
DRV - [2003/11/11 18:41:08 | 00,041,984 | ---- | M] (VIA Technologies, Inc. ) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys -- (FETNDISB [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2003/02/16 16:08:18 | 00,210,128 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2003/02/16 17:33:46 | 01,293,192 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2003/02/05 17:25:56 | 00,162,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\NtMtlFax.sys -- (NtMtlFax [On_Demand | Stopped])
DRV - [2009/02/18 15:44:00 | 06,308,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2004/08/04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009/04/15 21:25:42 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/09/26 08:21:37 | 00,015,172 | ---- | M] (Prassi Technology) -- C:\WINDOWS\System32\Drivers\PzWDM.sys -- (PzWDM [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2004/08/03 22:41:40 | 00,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\DRIVERS\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2008/05/14 11:25:28 | 00,308,992 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\rtl8185.sys -- (rtl8185 [On_Demand | Stopped])
DRV - [2007/04/03 13:57:42 | 00,083,336 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s116bus.sys -- (s116bus [On_Demand | Stopped])
DRV - [2007/04/03 13:57:48 | 00,015,112 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s116mdfl.sys -- (s116mdfl [On_Demand | Stopped])
DRV - [2007/04/03 13:57:48 | 00,108,680 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s116mdm.sys -- (s116mdm [On_Demand | Stopped])
DRV - [2007/04/03 13:57:52 | 00,098,696 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\DRIVERS\s116obex.sys -- (s116obex [On_Demand | Stopped])
DRV - [2009/03/17 16:42:31 | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2003/02/16 16:11:56 | 00,516,616 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\slntamr.sys -- (Slntamr [On_Demand | Running])
DRV - [2003/02/16 16:12:46 | 00,085,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2003/01/17 01:19:32 | 00,039,348 | ---- | M] (Vireo Software) -- C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2008/03/31 13:38:54 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2009/03/26 15:23:46 | 00,036,864 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2002/12/27 04:41:00 | 00,026,880 | ---- | M] (VIA Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1 [Boot | Running])
DRV - [2004/05/05 14:28:52 | 00,142,976 | ---- | M] (Copyright © VIA/S3 Graphics Co, Ltd.) -- C:\WINDOWS\system32\DRIVERS\vtmini.sys -- (viagfx [On_Demand | Stopped])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2003/01/10 16:13:04 | 00,033,588 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\S-1-5-21-260582855-2683386192-2257231376-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://uk.msn.com/
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.live.com/ [binary data]
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\S-1-5-21-260582855-2683386192-2257231376-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\S-1-5-21-260582855-2683386192-2257231376-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.aintitcool.com/"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.3
FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.3.4.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.34


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/10 10:01:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/02 13:49:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/22 17:02:00 | 00,000,000 | ---D | M]

[2008/08/09 19:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Extensions
[2008/08/09 19:18:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/06 09:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions
[2009/04/30 14:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2008/07/02 11:14:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\{0F4F7F5C-C791-4951-8D9C-A0847AD03A7B}
[2009/01/14 18:06:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/06/02 16:54:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/06/02 16:47:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/07/16 10:52:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2008/05/19 16:05:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Pete\Application Data\mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\iaplayer@instantaction.com
[2009/06/06 09:56:53 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/28 21:23:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 10:01:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/01 11:03:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/28 21:23:22 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/04/28 21:23:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 18:57:32 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/04/23 18:57:32 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/04/23 18:57:32 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/04/23 18:57:32 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 18:57:33 | 00,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/04/23 18:57:33 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/23 18:57:33 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 18:57:33 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (290741 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 10014 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (PBUKV2) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\system32\xxyxVMgd.dll File not found
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (no name) - {840BA2CC-A1D3-4263-BD05-37E8B2C2557C} - C:\WINDOWS\system32\awtsPhIb.dll File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - C:\WINDOWS\system32\pbukv2.dll File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..\Toolbar\WebBrowser: (no name) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\WebBrowser: (no name) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [C:\WINDOWS\system32\kddtv.exe] C:\WINDOWS\system32\kddtv.exe File not found
O4 - HKLM..\Run: [C:\WINDOWS\system32\kdzbe.exe] C:\WINDOWS\system32\kdzbe.exe File not found
O4 - HKLM..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600" File not found
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TalkTalk] "C:\Program Files\TalkTalk\bin\sprtcmd.exe" /P TalkTalk (SupportSoft, Inc.)
O4 - HKLM..\Run: [VTTimer] VTTimer.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [CurseClient] C:\Program Files\Curse\CurseClient.exe -silent ()
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [NCsoft Launcher] C:\program files\ncsoft\launcher\NCLauncher.exe /Minimized (NCSoft)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html ()
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html ()
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 89 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 89 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 114 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 114 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-260582855-2683386192-2257231376-1003\..Trusted Domains: 450 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-260582855-2683386192-2257231376-1006\..Trusted Domains: 89 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Reg Error: Key error.)
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (Reg Error: Key error.)
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.4.2/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.157,85.255.112.63
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{C636F94A-7350-40BC-AFEA-920FEABA5A98}\\NameServer = 85.255.112.157,85.255.112.63
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {6584C510-924B-486A-A1A0-E380DE08C2DB} - C:\WINDOWS\system32\xxyxVMgd.dll File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awtsPhIb) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/06 09:37:05 | 00,000,363 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2003/09/01 00:01:11 | 00,000,000 | R--D | M] - D:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/09/01 00:01:28 | 01,101,824 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 04:15:46 | 00,000,027 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/08/31 04:15:25 | 00,001,214 | R--- | M] () - D:\autorun.str -- [ CDFS ]
O32 - AutoRun File - [2009/06/06 09:37:06 | 00,000,290 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/07 10:37:07 | 00,000,000 | R--D | M]

========== Files/Folders - Created Within 30 Days ==========

[11 C:\WINDOWS\*.tmp files]
[2009/06/07 10:37:06 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\lyhs29tv.exe
[2009/06/07 10:36:39 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTListIt2.exe
[2009/06/06 14:35:46 | 00,000,741 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/06 14:35:45 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009/06/06 10:49:34 | 00,003,864 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\Attach.zip
[2009/06/06 10:46:45 | 00,359,893 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\dds.scr
[2009/06/06 10:42:28 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/06/06 10:42:27 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/06 10:42:04 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/06 10:42:01 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/06 10:41:59 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/06 10:41:59 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/06 10:19:46 | 03,371,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete\Desktop\mbam-setup.exe
[2009/06/06 09:20:44 | 00,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2009/06/06 09:17:22 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\RSIT.exe
[2009/06/05 15:18:44 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/05 10:22:17 | 00,000,000 | ---D | C] -- C:\ie-spyad_zo
[2009/06/05 09:11:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\trlrm
[2009/06/05 09:11:20 | 00,000,036 | RH-- | C] () -- C:\WINDOWS\sued.dat
[2009/06/02 18:58:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Local Settings\Apps
[2009/06/02 17:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/02 16:47:49 | 00,000,000 | ---D | C] -- C:\Program Files\AskBarDis
[2009/06/02 16:45:24 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/06/02 16:45:10 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/06/02 13:44:54 | 00,000,272 | -H-- | C] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/02 13:44:50 | 00,000,363 | RHS- | C] () -- C:\autorun.inf
[2009/05/28 12:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\My Documents\Mastodon_Desktop_Blood_Mtn.jpg
[2009/05/28 12:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\My Documents\Leviathan_Desktop.jpg
[2009/05/28 11:00:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\My Documents\Mastodon_Desktop_BLK.jpg
[2009/05/28 09:31:54 | 75,182,015 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\TheyJustHowl.zip
[2009/05/27 12:11:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Desktop\Train Wreck
[2009/05/26 14:29:37 | 00,003,681 | ---- | C] () -- C:\Documents and Settings\Pete\My Documents\Office Season 5 pt 1.pxj
[2009/05/25 21:15:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Application Data\DivX
[2009/05/25 21:14:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Desktop\Eastbound & Down
[2009/05/22 16:58:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/05/22 16:58:26 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/05/22 12:08:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Pete\Desktop\Devil Driver - Pray For Villains [New Song](2009)[-DiC-]
[2009/05/21 10:01:30 | 00,023,407 | ---- | C] () -- C:\Documents and Settings\Pete\Desktop\HordeSymbol.jpg
[2009/05/14 17:59:38 | 00,355,965 | ---- | C] () -- C:\Documents and Settings\Pete\My Documents\darkknight-returns-fan-poster.jpg
[2009/05/08 13:00:15 | 00,001,607 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/05/08 12:59:05 | 00,000,000 | ---D | C] -- C:\Program Files\Curse
[2009/03/28 14:09:21 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/04 10:15:20 | 00,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/09/26 08:08:31 | 00,000,750 | ---- | C] () -- C:\WINDOWS\{D084B1A9-153B-409D-AEBF-C40FCEF925EA}_WiseFW.ini
[2008/09/21 15:20:45 | 00,028,160 | ---- | C] () -- C:\WINDOWS\System32\tuscaenc.dll
[2008/06/29 23:16:27 | 00,000,847 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/04/25 09:05:52 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Q3version.ini
[2008/04/20 15:10:43 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/03/31 13:38:53 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/03/11 10:38:13 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/03/11 10:36:43 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE CX3600E.ini
[2008/03/07 18:39:18 | 00,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2008/03/07 16:55:27 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll
[2007/11/07 07:00:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/11/07 07:00:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/11/07 07:00:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/11/07 07:00:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/11/07 07:00:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/04/11 13:43:07 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/04/11 13:19:01 | 00,007,154 | ---- | C] () -- C:\WINDOWS\HDReg.ini
[2005/04/11 13:10:53 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005/04/11 13:10:53 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005/04/11 13:10:53 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005/04/11 13:09:24 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/04/11 13:01:43 | 01,293,192 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2005/04/11 13:01:43 | 00,516,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2005/04/11 13:01:43 | 00,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2005/04/11 13:01:43 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005/04/11 13:01:43 | 00,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2005/04/11 13:01:42 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005/04/11 13:01:42 | 00,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2004/09/17 18:37:42 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2004/09/07 18:49:32 | 00,005,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 17:13:32 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 16:38:23 | 00,000,600 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 16:38:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/06/23 14:14:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2002/04/21 19:30:12 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/04/01 23:16:28 | 00,454,656 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2002/04/01 23:16:13 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/04/01 23:15:39 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/02/27 17:50:00 | 00,197,120 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2000/11/29 09:50:40 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\QTExporter.dll
[1997/06/14 03:56:08 | 00,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[4 C:\WINDOWS\System32\*.tmp files]
[11 C:\WINDOWS\*.tmp files]
[2009/06/07 10:37:08 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\lyhs29tv.exe
[2009/06/07 10:36:40 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Pete\Desktop\OTListIt2.exe
[2009/06/07 10:35:44 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{50CBB33D-CB75-4CB2-817A-A2B57B49D1D2}.job
[2009/06/07 10:31:10 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/06/07 10:31:09 | 00,000,272 | -H-- | M] () -- C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2009/06/07 10:30:52 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/06/07 10:30:48 | 00,204,644 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/06/07 10:30:22 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Pete\Local Settings\desktop.ini
[2009/06/07 10:30:20 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/07 10:30:06 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/07 10:30:04 | 80,483,5328 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/06 14:35:46 | 00,000,741 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2009/06/06 10:49:34 | 00,003,864 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\Attach.zip
[2009/06/06 10:46:45 | 00,359,893 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\dds.scr
[2009/06/06 10:42:04 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/06 10:19:57 | 03,371,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Pete\Desktop\mbam-setup.exe
[2009/06/06 09:37:05 | 00,000,363 | RHS- | M] () -- C:\autorun.inf
[2009/06/06 09:17:28 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\RSIT.exe
[2009/06/05 15:18:44 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/05 10:06:05 | 00,471,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/05 10:06:05 | 00,401,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/05 10:06:05 | 00,062,460 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/05 09:11:20 | 00,000,036 | RH-- | M] () -- C:\WINDOWS\sued.dat
[2009/06/02 16:46:25 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/05/28 09:35:14 | 75,182,015 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\TheyJustHowl.zip
[2009/05/26 14:29:37 | 00,003,681 | ---- | M] () -- C:\Documents and Settings\Pete\My Documents\Office Season 5 pt 1.pxj
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/26 13:19:56 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/26 08:25:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/21 10:01:38 | 00,023,407 | ---- | M] () -- C:\Documents and Settings\Pete\Desktop\HordeSymbol.jpg
[2009/05/14 17:59:44 | 00,355,965 | ---- | M] () -- C:\Documents and Settings\Pete\My Documents\darkknight-returns-fan-poster.jpg
[2009/05/08 13:00:15 | 00,001,607 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15F0C917
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#4 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 June 2009 - 05:01 AM

when i started gmer it came up with
"Warning!!!
GMER has found system modification, which might have been caused by ROOTKIT activity.

Do you want to fully scan your system?"

so i did, then it crashed during the scan so i'm just doing it again.

#5 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 June 2009 - 05:15 AM

here you go, thanks again for taking the time to help :thumbup2:


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-07 11:10:46
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF39E6FC0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF39E3C80] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF39FE170] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF39E7580] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF39FB900] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF39FBB10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF39FFB10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF39E7670] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF39E4210] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF39FE9F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF39FE7A0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF39FB280] <-- ROOTKIT !!!
SSDT sptd.sys ZwEnumerateKey [0xF742AFB2]
SSDT sptd.sys ZwEnumerateValueKey [0xF742B340]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF39FEF10] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF39FEF90] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF39E4070] <-- ROOTKIT !!!
SSDT sptd.sys ZwOpenKey [0xF74250B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF39FD180] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF39FCF40] <-- ROOTKIT !!!
SSDT sptd.sys ZwQueryKey [0xF742B418]
SSDT sptd.sys ZwQueryValueKey [0xF742B298]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF39FF6F0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF39FF150] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF39E6BE0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF39FF540] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF39E7190] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF39E4440] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF39FE4E0] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF39FC200] <-- ROOTKIT !!!
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF39FC080] <-- ROOTKIT !!!

Code 835E1AF8 ZwFlushInstructionCache
Code 835A87CE IofCallDriver
Code 83584E56 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 1 Byte [80]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [80, 75, 9E, F3, 00, B9, 9F, ...]
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 835A87D3
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 83584E5B
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 835E1AFC
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F62CB8AC 5 Bytes JMP 838F61C8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F743C06C] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F743C018] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F745E9AE] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F743C06C] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7425AD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7425C1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7425B9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7426748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F742661E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F743B29A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F39E9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F39E9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F39E9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F39E9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F3A04B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F39EBB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F39E9E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F39EC260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F39EB930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcbwwdlxfqnuuxswpboxtlfvidvyuqhppt.dll (*** hidden *** ) @ C:\Program Files\Mozilla Firefox\firefox.exe [532] 0x10000000
Library \\?\globalroot\systemroot\system32\gxvxcpwbuhrtrotfqxepqomvjdrdyupxaqaax.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [920] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxcwpkmlknbafdubhopapuxdlxwprrviqmu.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:37 AM

Posted 07 June 2009 - 11:09 AM

You've got a rootkit. We need to run Combofix.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 07 June 2009 - 01:44 PM

here you go, everything seems to be working ok, i can update anti-virus stuff, thank you so much!


ComboFix 09-06-06.04 - Pete 07/06/2009 19:19.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.767.507 [GMT 1:00]
Running from: c:\documents and settings\Pete\Desktop\Combo-Fix.exe
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\program files\\setup.exe
c:\program files\Dynamic Toolbar
c:\program files\Dynamic Toolbar\batch.bat
c:\program files\Dynamic Toolbar\Cache\pbukv2tb0200.cfg
c:\program files\Dynamic Toolbar\PBUKV2\Cache\pbukv2tb0200.cfg
c:\program files\Dynamic Toolbar\unins000.exe
C:\resycled
c:\windows\BM0b6c7c29.txt
c:\windows\BM0b6c7c29.xml
c:\windows\system32\drivers\gxvxcjidmetasrsajklltowylypduradoeuew.sys
c:\windows\system32\drivers\gxvxclqevxjcbltiqxovbwqvdbqwcfpqllyby.sys
c:\windows\system32\drivers\gxvxcnkxidubrqltewqbappxwhwcdrucufopq.sys
c:\windows\system32\drivers\gxvxcodbotkilijefjkltuhhhddoyxdjjrkfh.sys
c:\windows\system32\drivers\gxvxcucbqekvsswesdoyqjwcpkojlwwkjrtui.sys
c:\windows\system32\drivers\gxvxcwpkmlknbafdubhopapuxdlxwprrviqmu.sys
c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
c:\windows\system32\gxvxcbwwdlxfqnuuxswpboxtlfvidvyuqhppt.dll
c:\windows\system32\gxvxcpwbuhrtrotfqxepqomvjdrdyupxaqaax.dll
c:\windows\system32\mcrh.tmp
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.

2009-06-06 09:42 . 2009-06-06 09:42 -------- d-----w- c:\program files\trend micro
2009-06-06 09:42 . 2009-06-06 09:43 -------- d-----w- C:\rsit
2009-06-06 09:42 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-06 09:41 . 2009-06-06 09:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-06 09:41 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-05 09:22 . 2009-06-05 09:22 -------- d-----w- C:\ie-spyad_zo
2009-06-05 08:11 . 2009-06-05 08:11 -------- d-----w- c:\windows\trlrm
2009-06-05 08:11 . 2009-06-05 08:11 36 ---h--r- c:\windows\sued.dat
2009-06-02 16:13 . 2009-06-02 16:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-02 15:47 . 2009-06-02 15:48 -------- d-----w- c:\program files\AskBarDis
2009-06-02 15:45 . 2009-02-15 23:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-06-02 15:45 . 2009-02-15 23:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-06-02 15:45 . 2009-02-15 23:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-06-02 15:45 . 2009-06-02 15:45 -------- d-----w- c:\program files\Zone Labs
2009-06-02 12:47 . 2009-06-02 12:47 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-02 12:46 . 2009-06-02 12:46 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-05-25 20:15 . 2009-05-25 20:15 -------- d-----w- c:\documents and settings\Pete\Application Data\DivX
2009-05-22 15:58 . 2009-05-22 15:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-22 15:58 . 2009-05-22 16:02 -------- d-----w- c:\program files\DivX
2009-05-15 07:19 . 2009-05-15 07:19 -------- d-----w- c:\documents and settings\Pete\Local Settings\Application Data\assembly

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-07 13:09 . 2008-06-26 09:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-07 09:33 . 2008-05-25 15:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-06 09:31 . 2008-11-04 07:05 -------- d-----w- c:\program files\Lavasoft
2009-06-05 14:20 . 2009-06-05 14:20 110213 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_06_05_15_02_58_small.dmp.zip
2009-06-05 08:10 . 2009-06-05 08:17 1438720 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-06-05 08:10 . 2009-06-05 08:17 289280 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-06-04 15:26 . 2008-08-22 08:10 -------- d-----w- c:\program files\World of Warcraft
2009-06-02 15:46 . 2008-11-04 07:09 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-06-02 15:32 . 2008-11-04 07:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-23 13:55 . 2008-04-06 11:50 58672 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 12:00 . 2009-02-20 18:04 -------- d-----w- c:\program files\QuickTime
2009-05-08 11:59 . 2009-05-08 11:59 -------- d-----w- c:\program files\Curse
2009-05-03 12:17 . 2009-05-03 12:17 -------- d-----w- c:\program files\Common Files\INCA Shared
2009-05-03 11:59 . 2008-03-04 02:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-03 11:59 . 2009-04-06 13:18 -------- d-----w- c:\program files\Doom 3
2009-05-03 11:56 . 2009-05-03 11:55 -------- d-----w- c:\program files\NCSoft
2009-05-03 11:53 . 2008-12-05 08:42 -------- d-----w- c:\documents and settings\Pete\Application Data\GetRightToGo
2009-04-30 13:21 . 2008-07-18 09:58 -------- d-----w- c:\documents and settings\Pete\Application Data\Azureus
2009-04-30 13:20 . 2008-11-04 09:30 -------- d-----w- c:\program files\Vuze
2009-04-21 07:56 . 2009-04-21 07:55 -------- d-----w- c:\program files\Audible
2009-04-21 07:40 . 2009-04-21 07:40 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-21 07:40 . 2009-02-20 18:07 -------- d-----w- c:\program files\iTunes
2009-04-21 07:40 . 2009-04-21 07:40 -------- d-----w- c:\program files\iPod
2009-04-21 07:40 . 2008-03-19 16:11 -------- d-----w- c:\program files\Common Files\Apple
2009-04-21 07:33 . 2009-04-21 07:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-21 07:31 . 2009-04-21 07:31 -------- d-----w- c:\program files\Bonjour
2009-04-15 20:25 . 2008-03-07 17:39 120056 -c----w- c:\windows\system32\pxcpyi64.exe
2009-04-15 20:25 . 2008-03-07 17:39 129784 ------w- c:\windows\system32\pxafs.dll
2009-04-15 20:25 . 2008-03-07 17:39 118520 -c----w- c:\windows\system32\pxinsi64.exe
2009-04-15 20:25 . 2004-10-21 01:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-04-15 20:24 . 2009-04-15 20:24 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-04-15 20:24 . 2009-04-15 20:24 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-04-15 20:24 . 2009-04-15 20:24 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-04-15 20:24 . 2009-04-15 20:24 684032 ----a-w- c:\windows\system32\DivX.dll
2009-04-13 19:13 . 2008-10-15 13:45 -------- d-----w- c:\documents and settings\Pete\Application Data\Skype
2009-04-13 18:13 . 2008-10-15 13:46 -------- d-----w- c:\documents and settings\Pete\Application Data\skypePM
2009-04-08 09:47 . 2008-03-26 12:11 58672 -c--a-w- c:\documents and settings\Pete\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 12:34 . 2009-04-06 12:34 3128 ----a-r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}\ARPPRODUCTICON.exe
2009-04-06 12:18 . 2009-04-06 12:18 3128 ----a-r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}\ARPPRODUCTICON.exe
2009-04-04 14:20 . 2008-04-05 16:15 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-01 09:59 . 2009-04-01 09:59 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 13:00 . 2009-03-28 13:00 8192 ----a-r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2009-03-28 13:00 . 2009-03-28 13:00 6144 ----a-r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2009-03-28 13:00 . 2009-03-28 13:00 11264 ----a-r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2009-03-26 14:23 . 2009-04-21 07:37 1900544 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-03-26 14:23 . 2008-03-19 16:11 36864 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-17 15:42 . 2004-08-10 15:38 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2009-03-11 19:51 . 2009-03-11 19:51 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fe0539e-n\msvcp71.dll
2009-03-11 19:51 . 2009-03-11 19:51 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fe0539e-n\jmc.dll
2009-03-11 19:51 . 2009-03-11 19:51 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-4fe0539e-n\msvcr71.dll
2009-03-10 09:02 . 2009-03-10 09:02 503808 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-77c10f5d-n\msvcp71.dll
2009-03-10 09:02 . 2009-03-10 09:02 499712 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-77c10f5d-n\jmc.dll
2009-03-10 09:02 . 2009-03-10 09:02 348160 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-77c10f5d-n\msvcr71.dll
2009-03-10 08:56 . 2009-03-10 08:56 152576 ----a-w- c:\documents and settings\Pete\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 17:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-26 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"NCsoft Launcher"="c:\program files\ncsoft\launcher\NCLauncher.exe" [2009-06-02 38136]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-06-06 1934336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"TalkTalk"="c:\program files\TalkTalk\bin\sprtcmd.exe" [2007-10-12 202016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-03-26 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-05-14 67072]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\AOL 9.0\\aol.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\APPS\\skype\\phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NCsoft\\Exteel (US)\\System\\Exteel.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6881:TCP"= 6881:TCP:Blizzard
"6999:TCP"= 6999:TCP:Blizzard 2
"6112:TCP"= 6112:TCP:Blizzard 3

R0 PzWDM;PzWDM;c:\windows\system32\drivers\PzWDM.sys [26/09/2008 08:21 15172]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [02/06/2009 16:47 464264]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [12/10/2007 08:33 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [02/08/2007 13:42 148768]
S3 efipsk;efipsk;\??\c:\docume~1\Pete\LOCALS~1\Temp\efipsk.sys --> c:\docume~1\Pete\LOCALS~1\Temp\efipsk.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 11:34]

2009-06-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-08 09:27]

2008-03-03 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 00:12]

2009-06-07 c:\windows\Tasks\User_Feed_Synchronization-{50CBB33D-CB75-4CB2-817A-A2B57B49D1D2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 03:31]
.
- - - - ORPHANS REMOVED - - - -

BHO-{4E7BD74F-2B8D-469E-A0E8-F479B685FA7D} - c:\windows\system32\pbukv2.dll
BHO-{6584C510-924B-486A-A1A0-E380DE08C2DB} - c:\windows\system32\xxyxVMgd.dll
BHO-{840BA2CC-A1D3-4263-BD05-37E8B2C2557C} - c:\windows\system32\awtsPhIb.dll
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-PlayNC Launcher - (no file)
HKLM-Run-EPSON Stylus CX3600 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
HKLM-Run-c:\windows\system32\kddtv.exe - c:\windows\system32\kddtv.exe
HKLM-Run-c:\windows\system32\kdzbe.exe - c:\windows\system32\kdzbe.exe
ShellExecuteHooks-{6584C510-924B-486A-A1A0-E380DE08C2DB} - c:\windows\system32\xxyxVMgd.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.btbroadbandstart.com/
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\r3nvg5mk.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aintitcool.com/
FF - plugin: c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\r3nvg5mk.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-07 19:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,2e,c3,cc,4a,87,68,47,bd,6b,be,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f5,2e,c3,cc,4a,87,68,47,bd,6b,be,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3164)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HidService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-06-07 19:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-07 18:38

Pre-Run: 9,378,852,864 bytes free
Post-Run: 9,840,066,560 bytes free

283 --- E O F --- 2009-05-13 16:07

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:37 AM

Posted 08 June 2009 - 11:30 AM

Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 June 2009 - 01:45 PM

here's the log from malwarebytes, just gonna restart and see how things are then i'll post again.

Malwarebytes' Anti-Malware 1.37
Database version: 2248
Windows 5.1.2600 Service Pack 3

08/06/2009 19:44:30
mbam-log-2009-06-08 (19-44-30).txt

Scan type: Full Scan (C:\|E:\|)
Objects scanned: 219353
Time elapsed: 2 hour(s), 52 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\$ntservicepackuninstall$\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
c:\WINDOWS\Help\SAFTVOY.CHI (Trojan.Agent) -> Quarantined and deleted successfully.

#10 peteknight

peteknight
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:37 AM

Posted 08 June 2009 - 01:57 PM

it all seems to be working great :D thanks so much for taking the time to help me! i really appreciate it.

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:37 AM

Posted 08 June 2009 - 05:53 PM

Glad I could help! :)


We need to remove Combofix now that we're done with it.
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

  • Posted Image



==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:thumbup2: :)
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:37 AM

Posted 25 June 2009 - 02:54 PM

Now that your problem appears to be resolved, this thread will be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users