Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troj.Win.32.BHO~Me infections and Unclassified Malware


  • This topic is locked This topic is locked
23 replies to this topic

#1 Bublik

Bublik

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 10 August 2009 - 02:06 AM

Hello, I am terribly sorry to bother you with this, however I can not get my head around what is happening to my PC. Lately my AV, COMODO, has been detecting strange behavior and displaying many virus alerts. As advised I have attached the required Files and also please find attached a screen shot of my COMODO Log of events for more detailed information on the type of infections. I would very much appreciate any help on how to go about fixing these problems. Thank you for your time.

DDS (Ver_09-07-30.01) - NTFSx86
Run by Alex at 16:46:16.12 on Mon 10/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1231 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\oodag.exe
E:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vmnetdhcp.exe
E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
E:\Program Files\Utorrent\utorrent.exe
C:\Program Files\Winamp\winamp.exe
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)" -"http://www.gamespyarcade.com/software/webgames/puzzles/fearwindow/fearwindow_index.htm"
mRun: [RAM Idle Professional] c:\program files\tweaknow powerpack 2006\RAM2_XP.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar2.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar2.dll/cmcache.html
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar2.dll/cmtrans.html
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: e:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {7042837E-6674-408E-BC17-7AFEEB2962F3} = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~1\goec62~1.dll c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = :\windows\syste

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\alex\applic~1\mozilla\firefox\profiles\gh9hk79t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\alex\application data\mozilla\firefox\profiles\gh9hk79t.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}\components\ChickenSleep-FF2-win.dll
FF - component: e:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: d:\program files\adobe\acrobat 6.0\acrobat\browser\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - e:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
e:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
e:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
e:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
e:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
e:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
e:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
e:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
e:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
e:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
e:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
e:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
e:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-9-3 10240]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-4 132040]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-4 25160]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-4 707152]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-1-25 2368]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2009-2-16 702336]
R3 SbieDrv;SbieDrv;e:\program files\sandboxie\SbieDrv.sys [2009-5-28 108032]
S2 ccProxy;Symantec Network Proxy;"c:\program files\norton 360\addons\norton addon pack\engine\3.5.0.24\ccproxy.exe" --> c:\program files\norton 360\addons\norton addon pack\engine\3.5.0.24\ccProxy.exe [?]
S2 SweepNet;Sophos Anti-Virus Network;"c:\program files\sophos sweep for nt\swnetsup.exe" --> c:\program files\sophos sweep for nt\SWNETSUP.EXE [?]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-12-2 30192]
S3 InterCheck Control;InterCheck Control;\??\c:\program files\sophos sweep for nt\icntdrv5.sys --> c:\program files\sophos sweep for nt\icntdrv5.sys [?]
S3 InterCheck Filter;InterCheck Filter;\??\c:\program files\sophos sweep for nt\icntflt5.sys --> c:\program files\sophos sweep for nt\icntflt5.sys [?]
S3 InterCheck Support 01;InterCheck Support 01;\??\c:\program files\sophos sweep for nt\icntst01.sys --> c:\program files\sophos sweep for nt\icntst01.sys [?]
S3 InterCheck Support 02;InterCheck Support 02;\??\c:\program files\sophos sweep for nt\icntst02.sys --> c:\program files\sophos sweep for nt\icntst02.sys [?]
S3 InterCheck Support 03;InterCheck Support 03;\??\c:\program files\sophos sweep for nt\icntst03.sys --> c:\program files\sophos sweep for nt\icntst03.sys [?]
S3 InterCheck Support 04;InterCheck Support 04;\??\c:\program files\sophos sweep for nt\icntst04.sys --> c:\program files\sophos sweep for nt\icntst04.sys [?]
S3 InterCheck Support 05;InterCheck Support 05;\??\c:\program files\sophos sweep for nt\icntst05.sys --> c:\program files\sophos sweep for nt\icntst05.sys [?]
S3 InterCheck Support 06;InterCheck Support 06;\??\c:\program files\sophos sweep for nt\icntst06.sys --> c:\program files\sophos sweep for nt\icntst06.sys [?]
S3 InterCheck Support 07;InterCheck Support 07;\??\c:\program files\sophos sweep for nt\icntst07.sys --> c:\program files\sophos sweep for nt\icntst07.sys [?]
S3 InterCheck Support 08;InterCheck Support 08;\??\c:\program files\sophos sweep for nt\icntst08.sys --> c:\program files\sophos sweep for nt\icntst08.sys [?]
S3 InterCheck Support 09;InterCheck Support 09;\??\c:\program files\sophos sweep for nt\icntst09.sys --> c:\program files\sophos sweep for nt\icntst09.sys [?]
S3 InterCheck Support 10;InterCheck Support 10;\??\c:\program files\sophos sweep for nt\icntst10.sys --> c:\program files\sophos sweep for nt\icntst10.sys [?]
S3 InterCheck Support 11;InterCheck Support 11;\??\c:\program files\sophos sweep for nt\icntst11.sys --> c:\program files\sophos sweep for nt\icntst11.sys [?]
S3 InterCheck Support 12;InterCheck Support 12;\??\c:\program files\sophos sweep for nt\icntst12.sys --> c:\program files\sophos sweep for nt\icntst12.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-7 34064]
S3 WFIOCTL;WFIOCTL;e:\program files\winfast\wfdtv\WFIOCTL.sys [2009-2-16 9446]

=============== Created Last 30 ================

2009-08-10 16:28 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-10 16:28 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-08-10 16:28 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-10 16:28 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-10 16:28 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-10 16:28 <DIR> --d----- c:\program files\Trojan Remover
2009-08-10 16:28 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Simply Super Software
2009-08-10 16:28 <DIR> --d----- c:\docume~1\alex\applic~1\Simply Super Software
2009-08-10 16:19 <DIR> --d----- c:\program files\Trend Micro
2009-08-05 17:59 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-07-24 11:57 41,872 a------- c:\windows\system32\xfcodec.dll
2009-07-20 20:29 35 a------- c:\windows\WorldBuilder.INI
2009-07-18 15:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-07-15 20:13 <DIR> --d----- C:\Sandbox
2009-07-15 20:12 1,460 a------- c:\windows\Sandboxie.ini

==================== Find3M ====================

2009-08-04 16:31 1,567 a------- c:\windows\eReg.dat
2009-07-09 12:54 179,792 a------- c:\windows\system32\guard32.dll
2009-07-09 12:54 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-04 11:31 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-28 16:31 286,720 a------- c:\windows\iun503.exe
2009-06-18 13:41 152,904 a------- c:\windows\system32\vghd.scr
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-14 18:17 37,027 a------- c:\windows\atmoUn.exe
2008-12-21 11:01 25,600 -------- c:\documents and settings\alex\usbsermptxp.sys
2008-12-21 11:01 22,768 -------- c:\documents and settings\alex\usbsermpt.sys

============= FINISH: 16:47:37.25 ===============

Attached Files


Edited by Bublik, 10 August 2009 - 02:08 AM.


BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:11:48 AM

Posted 21 August 2009 - 07:41 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:48 AM

Posted 28 August 2009 - 10:36 AM

Topic reopened.

@ Bublik,

Please post back with current logs and an updated description of your computer issues as requested in the previous post.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 28 August 2009 - 11:08 PM

Thank you for your patience i apologize for the delay, was away on holidays. The situation with the PC is the same. All i did since the previous post the routine(weekly) full scan With Comodo AV. The same issues were found. In addition to that i have removed some applications from my hard drive as i no longer had any use of them. Please find attached the requested logs. In terms of impact on the PC so far i have not noticed anything except for seemingly random CPU spikes, which can as easily be attributed to the age of the PC.[hardware]. Thank you for your time.



DDS (Ver_09-07-30.01) - NTFSx86
Run by Alex at 18:55:18.21 on Fri 28/08/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1252 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
E:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - d:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RAM Idle Professional] c:\program files\tweaknow powerpack 2006\RAM2_XP.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
TCP: {7042837E-6674-408E-BC17-7AFEEB2962F3} = 192.168.1.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = :\windows\syste

============= SERVICES / DRIVERS ===============

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-9-3 10240]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-4 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-4 25160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-4 715392]
R2 HssSrv;Hotspot Shield Routing Service;e:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-7 331824]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-1-25 2368]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2009-2-16 702336]
S2 ccProxy;Symantec Network Proxy;"c:\program files\norton 360\addons\norton addon pack\engine\3.5.0.24\ccproxy.exe" --> c:\program files\norton 360\addons\norton addon pack\engine\3.5.0.24\ccProxy.exe [?]
S2 SweepNet;Sophos Anti-Virus Network;"c:\program files\sophos sweep for nt\swnetsup.exe" --> c:\program files\sophos sweep for nt\SWNETSUP.EXE [?]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-12-5 14336]
S3 InterCheck Control;InterCheck Control;\??\c:\program files\sophos sweep for nt\icntdrv5.sys --> c:\program files\sophos sweep for nt\icntdrv5.sys [?]
S3 InterCheck Filter;InterCheck Filter;\??\c:\program files\sophos sweep for nt\icntflt5.sys --> c:\program files\sophos sweep for nt\icntflt5.sys [?]
S3 InterCheck Support 01;InterCheck Support 01;\??\c:\program files\sophos sweep for nt\icntst01.sys --> c:\program files\sophos sweep for nt\icntst01.sys [?]
S3 InterCheck Support 02;InterCheck Support 02;\??\c:\program files\sophos sweep for nt\icntst02.sys --> c:\program files\sophos sweep for nt\icntst02.sys [?]
S3 InterCheck Support 03;InterCheck Support 03;\??\c:\program files\sophos sweep for nt\icntst03.sys --> c:\program files\sophos sweep for nt\icntst03.sys [?]
S3 InterCheck Support 04;InterCheck Support 04;\??\c:\program files\sophos sweep for nt\icntst04.sys --> c:\program files\sophos sweep for nt\icntst04.sys [?]
S3 InterCheck Support 05;InterCheck Support 05;\??\c:\program files\sophos sweep for nt\icntst05.sys --> c:\program files\sophos sweep for nt\icntst05.sys [?]
S3 InterCheck Support 06;InterCheck Support 06;\??\c:\program files\sophos sweep for nt\icntst06.sys --> c:\program files\sophos sweep for nt\icntst06.sys [?]
S3 InterCheck Support 07;InterCheck Support 07;\??\c:\program files\sophos sweep for nt\icntst07.sys --> c:\program files\sophos sweep for nt\icntst07.sys [?]
S3 InterCheck Support 08;InterCheck Support 08;\??\c:\program files\sophos sweep for nt\icntst08.sys --> c:\program files\sophos sweep for nt\icntst08.sys [?]
S3 InterCheck Support 09;InterCheck Support 09;\??\c:\program files\sophos sweep for nt\icntst09.sys --> c:\program files\sophos sweep for nt\icntst09.sys [?]
S3 InterCheck Support 10;InterCheck Support 10;\??\c:\program files\sophos sweep for nt\icntst10.sys --> c:\program files\sophos sweep for nt\icntst10.sys [?]
S3 InterCheck Support 11;InterCheck Support 11;\??\c:\program files\sophos sweep for nt\icntst11.sys --> c:\program files\sophos sweep for nt\icntst11.sys [?]
S3 InterCheck Support 12;InterCheck Support 12;\??\c:\program files\sophos sweep for nt\icntst12.sys --> c:\program files\sophos sweep for nt\icntst12.sys [?]
S3 WFIOCTL;WFIOCTL;e:\program files\winfast\wfdtv\WFIOCTL.sys [2009-2-16 9446]

=============== Created Last 30 ================

2009-08-16 20:01 <DIR> --dsh--- c:\documents and settings\alex\IECompatCache
2009-08-16 12:28 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 12:28 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-15 15:02 292 a------- c:\windows\vtmb.ini
2009-08-13 16:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 16:50 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-10 16:28 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-10 16:28 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-08-10 16:28 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-10 16:28 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-10 16:28 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-10 16:28 <DIR> --d----- c:\docume~1\alex\applic~1\Simply Super Software
2009-08-10 16:19 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-08-27 19:30 179,792 a------- c:\windows\system32\guard32.dll
2009-08-27 19:30 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-27 19:30 132,168 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-17 14:55 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-16 12:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-05 19:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 16:31 1,567 a------- c:\windows\eReg.dat
2009-07-18 05:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-07-02 12:34 33,840 a------- c:\windows\system32\drivers\HssDrv.sys
2009-06-25 18:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 18:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 18:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 18:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 18:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 18:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-18 13:41 152,904 a------- c:\windows\system32\vghd.scr
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 22:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 22:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 00:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 16:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-04 05:09 1,291,264 a------- c:\windows\system32\quartz.dll
2008-12-21 11:01 25,600 -------- c:\documents and settings\alex\usbsermptxp.sys
2008-12-21 11:01 22,768 -------- c:\documents and settings\alex\usbsermpt.sys

============= FINISH: 18:56:31.48 ===============

Attached Files



#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 03 September 2009 - 01:25 AM

Hello Bublik,

We are very sorry for the extra delay, we are very busy at the moment and trying our best to keep up.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Next

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
Then please post back here with the following:
  • Gmer log
  • OTListIt.txt
  • Extra.txt
Thanks

unite.jpg


#6 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 September 2009 - 03:14 AM

Hello first of all i would like to thank you for dedicating your time to helping me solve my problem. I have done the scans as you requested, however i have a question with the GMER Scan. The only drive letter that was selected was my System © only that was ticked. Would you like me to scan the entire PC (all the drive letters: Sys[C], Backups[D], Files[E], Extra Files[F]-1TB ) and provide you with that log or will the log for C be sufficient? Also When trying to post teh entire Gmer Log i get an error statign the post is too long. Would you like me to simply split it into 2/3 posts? or attach the log?

#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 04 September 2009 - 02:58 PM

Hi,

A scan of just the C drive with Gmer is sufficient, you can try attaching the log first, if it is to big to attach just split it over however many
posts you need.

unite.jpg


#8 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 04 September 2009 - 06:58 PM

Ok. Please find attached the Gmer Logs. and the Other two logs Posted Below:

OTL logfile created on: 4/09/2009 6:01:14 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.68% Memory free
3.29 Gb Paging File | 2.72 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 6.41 Gb Free Space | 32.07% Space Free | Partition Type: NTFS
Drive D: | 31.32 Gb Total Space | 5.42 Gb Free Space | 17.32% Space Free | Partition Type: NTFS
Drive E: | 54.47 Gb Total Space | 25.19 Gb Free Space | 46.25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 227.05 Gb Free Space | 24.37% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/27 19:29:52 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/07 11:01:26 | 00,122,880 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/08/07 04:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2005/05/11 03:09:54 | 00,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2006/01/20 07:14:14 | 00,422,912 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/08/27 19:30:03 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2007/09/02 12:58:52 | 00,495,616 | ---- | M] () -- E:\Program Files\RocketDock\RocketDock.exe
PRC - [2008/04/14 04:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/05/27 20:36:23 | 03,885,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/08/06 16:16:30 | 00,908,280 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/04 14:52:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/04 17:59:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
PRC - [2009/08/27 19:30:15 | 02,322,704 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/07 11:01:26 | 00,122,880 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - File not found -- -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - File not found -- -- (ccProxy [Auto | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/27 19:29:52 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/07 12:44:18 | 00,045,816 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/08/07 04:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 12:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/05/11 03:09:54 | 00,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - File not found -- -- (SweepNet [Auto | Stopped])
SRV - File not found -- -- (SWEEPSRV.SYS [Auto | Stopped])
SRV - File not found -- -- (UleadBurningHelper [Auto | Stopped])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/07/30 15:02:10 | 00,702,336 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
DRV - [2004/05/17 12:23:48 | 00,133,200 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005/07/12 02:10:11 | 00,019,200 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2000/01/08 09:22:36 | 00,010,240 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
DRV - [2009/05/18 15:01:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/08/27 19:30:32 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/08/27 19:30:33 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2003/03/04 13:56:26 | 00,145,408 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/05/04 01:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2005/04/21 21:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2005/04/12 18:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2009/01/04 13:57:35 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/01/15 11:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/04 05:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2009/08/17 14:55:41 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/08/27 19:30:34 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2009/05/18 15:01:14 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2002/09/20 12:53:34 | 00,235,100 | R--- | M] (Analog Devices Inc) -- C:\WINDOWS\System32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008/04/13 23:16:24 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Stopped])
DRV - [2007/08/21 18:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2001/08/23 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/22 07:47:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 11:49:56 | 00,381,056 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/09/01 12:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006/09/03 20:26:06 | 00,082,464 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2006/05/13 13:57:50 | 10,305,664 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
DRV - [2003/10/05 10:41:14 | 00,123,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\sojubus.sys -- (sojubus [Boot | Running])
DRV - [2003/09/28 10:57:52 | 00,005,504 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys -- (sojuscsi [Boot | Running])
DRV - [2006/09/24 23:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/01/25 14:26:40 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\SVKP.sys -- (SVKP [Auto | Running])
DRV - [2004/02/04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
DRV - [2009/03/07 11:01:23 | 00,028,096 | ---- | M] (Acronis) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2009/03/07 11:01:23 | 00,208,640 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2008/12/21 11:01:43 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/01/06 15:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) -- E:\Program Files\WinFast\WFDTV\WFIOCTL.SYS -- (WFIOCTL [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\S-1-5-21-117609710-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-117609710-1454471165-682003330-1003\S-1-5-21-117609710-1454471165-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: {896b34a4-c83f-4ea7-8ef0-51ed7220ac94}:1.0.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: dropio@dropio:2.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {D5EDC062-A372-4936-B782-BD611DD18D86}:3.1.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 22:47:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/08/16 11:32:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/08/21 18:07:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009/06/13 22:41:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2009/07/12 19:05:09 | 00,000,000 | ---D | M]

[2008/12/02 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions
[2008/12/02 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/03 20:19:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions
[2009/08/21 18:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/06/20 12:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/12/02 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/07/04 12:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/08/21 18:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/04 12:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/27 19:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2009/07/04 12:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/19 19:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/18 15:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\anycolor.pavlos256@gmail.com
[2009/04/17 20:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\dropio@dropio
[2009/07/18 15:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\nasanightlaunch@example.com
[2009/08/11 16:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\SkipScreen@SkipScreen
[2009/07/14 16:52:44 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Mozilla\FireFox\Profiles\gh9hk79t.default\searchplugins\icqplugin.xml
[2009/08/16 12:25:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/09/04 00:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/02 18:26:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/05/02 07:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/24 13:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/13 04:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 08:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 01:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/03/09 10:35:04 | 00,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2009/05/02 07:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2006/02/23 07:16:20 | 00,034,048 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62i9x.dll
[2006/02/23 07:16:20 | 00,045,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62int.dll

O1 HOSTS File: (302562 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10430 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-117609710-1454471165-682003330-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-117609710-1454471165-682003330-1003..\Run: [RocketDock] E:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/03 16:49:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[2009/09/04 17:59:31 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2009/09/03 21:49:39 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\xhiyz670.exe
[2009/09/03 18:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Tests
[2009/09/02 17:34:36 | 00,025,587 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Butterfly_effect_by_maronski.jpg
[2009/09/01 20:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\My Documents\MyVB Prog
[2009/08/31 21:49:55 | 00,000,112 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\liuncoln.html
[2009/08/31 21:47:41 | 00,000,087 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\990215.quest.g2.rmm
[2009/08/31 21:43:17 | 00,000,075 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\990212.quest.ram
[2009/08/31 19:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Latest VB Sac
[2009/08/31 19:00:55 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\msflxgrd.oca
[2009/08/31 19:00:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Unit 4
[2009/08/31 18:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\SAC 401
[2009/08/30 19:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\VTAC 09
[2009/08/29 14:41:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\New Folder
[2009/08/21 18:07:33 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/21 18:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/16 12:28:23 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/08/16 12:28:19 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/08/16 12:28:19 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/08/16 12:28:14 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/08/16 12:28:12 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/08/16 12:28:12 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/08/16 12:28:11 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/08/16 12:28:11 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/08/16 12:28:10 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/08/16 12:28:10 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/16 12:27:29 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/08/16 12:27:29 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/08/16 12:27:29 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/08/15 15:02:29 | 00,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2009/08/13 16:50:30 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 16:50:21 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/10 16:28:11 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/10 16:28:11 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/08/10 16:28:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/10 16:28:11 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/08/10 16:28:11 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/08/10 16:28:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Simply Super Software
[2009/08/10 16:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/20 20:29:05 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2009/07/07 12:26:14 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/06/27 11:34:50 | 00,000,062 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini
[2009/06/06 13:03:42 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/05/18 15:01:30 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/18 15:01:14 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/05/11 21:22:43 | 00,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009/04/11 16:55:05 | 00,000,262 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2009/04/11 16:48:50 | 00,000,417 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/04/05 16:34:21 | 00,000,141 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2009/03/29 18:45:40 | 00,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/29 18:42:50 | 00,000,540 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/02/16 17:43:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2009/02/16 17:32:31 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/02/07 10:00:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2009/02/07 09:54:48 | 00,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/01/29 08:09:00 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/01/29 08:08:59 | 10,305,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009/01/29 08:08:58 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2009/01/29 08:08:58 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2009/01/18 13:18:46 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/12/02 19:50:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/04 01:33:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/09/04 00:55:43 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/09/03 20:33:21 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 20:26:06 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/09/03 19:57:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/03 17:08:55 | 00,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/08/10 08:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 08:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/03 22:18:00 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2004/12/03 22:18:00 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2004/12/03 22:18:00 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2004/12/03 22:18:00 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2004/12/03 22:18:00 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2004/12/03 22:18:00 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2004/12/03 22:18:00 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2004/07/18 02:48:44 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004807_.tmp.dll
[2004/07/18 02:48:44 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004775_.tmp.dll
[2003/10/05 10:41:14 | 00,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003/09/28 10:57:52 | 00,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2001/08/23 22:00:00 | 00,000,730 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/06/09 23:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/23 23:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1996/04/04 05:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[224 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2009/09/04 17:59:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2009/09/04 17:54:06 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/09/04 17:53:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/04 17:53:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/04 17:53:33 | 00,196,716 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009/09/03 21:52:28 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/09/03 21:49:40 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\xhiyz670.exe
[2009/09/03 21:17:25 | 00,000,059 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/02 17:34:38 | 00,025,587 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Butterfly_effect_by_maronski.jpg
[2009/09/01 17:27:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/31 21:55:57 | 00,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2009/08/31 21:49:55 | 00,000,112 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\liuncoln.html
[2009/08/31 21:47:41 | 00,000,087 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\990215.quest.g2.rmm
[2009/08/31 21:43:18 | 00,000,075 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\990212.quest.ram
[2009/08/31 19:00:55 | 00,076,288 | ---- | M] () -- C:\WINDOWS\System32\msflxgrd.oca
[2009/08/27 19:30:35 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/27 19:30:34 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/27 19:30:33 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/27 19:30:32 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/22 12:38:20 | 00,089,672 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/22 12:37:37 | 00,315,560 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 21:57:20 | 03,173,518 | -H-- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\IconCache.db
[2009/08/17 20:03:48 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 14:55:41 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009/08/16 12:45:31 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/16 12:45:31 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/16 12:28:29 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/16 12:12:41 | 00,000,779 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/15 15:02:29 | 00,000,292 | ---- | M] () -- C:\WINDOWS\vtmb.ini
[2009/08/12 17:18:41 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/09 20:02:24 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
[2009/08/05 19:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 19:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:66633281
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15C56B30
< End of report >


Here is the OTL Extras Log:

OTL Extras logfile created on: 4/09/2009 6:01:14 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.97 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 64.68% Memory free
3.29 Gb Paging File | 2.72 Gb Available in Paging File | 82.54% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 6.41 Gb Free Space | 32.07% Space Free | Partition Type: NTFS
Drive D: | 31.32 Gb Total Space | 5.42 Gb Free Space | 17.32% Space Free | Partition Type: NTFS
Drive E: | 54.47 Gb Total Space | 25.19 Gb Free Space | 46.25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 227.05 Gb Free Space | 24.37% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] --

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) -- File not found
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"E:\Alex's documents\Tools\uTorreng\utorrent.exe" = E:\Alex's documents\Tools\uTorreng\utorrent.exe:*:Enabled:µTorrent -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"E:\Program Files\Utorrent\utorrent.exe" = E:\Program Files\Utorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = D:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = D:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Alex\Local Settings\Temp\7zS8.tmp\SymNRT.exe" = C:\Documents and Settings\Alex\Local Settings\Temp\7zS8.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0420F95C-11FF-4E02-B967-6CC22B188F9F}" = Nero BackItUp
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1095069C-ABE2-4041-8139-48DED17CD142}" = WinFast DTV1000 S Driver
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{345112D9-0930-4A68-AB71-A831BA5DE7AA}" = Microsoft IntelliType Pro 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{5058B085-AA79-41E5-A726-681B4C4B846E}" = ACDSee 5.0 PowerPack
"{513AEC24-3465-8C4F-87BA-652D6F491033}" = Nero 7 Demo
"{51E2F9B3-A972-4F58-B4EF-4D9676D9F5D1}" = Nero RescueAgent
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.2
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = Speed S8800i
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.03
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C92C584E-C781-475E-A8E2-C67D993A6B95}" = WinFast PVR2
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{E08CC458-41FB-4BB5-9B08-2C83DB55A5B9}" = Nero BackItUp and Burn
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F3D7915D-6B42-49FA-9FC8-5020479A6A57}" = Nero Reloaded PlugIn Pack 2.0.4 by GEAR
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6FF67E5-7E76-4C5F-AF05-69D5E3CB42CC}" = NUMNUT
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3ACM" = AC-3 ACM Codec
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AnyDVD" = AnyDVD
"AOP" = Norton AddOn Pack
"ASAPI Update" = ASAPI Update
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"COMODO Internet Security" = COMODO Internet Security
"DiskDirector" = Acronis Disk Director Suite
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ExplorerPlus_6.0" = ExplorerPlus 6
"Fraunhofer MP3 Codec Pro 1.263" = Fraunhofer MP3 Codec Pro 1.263
"Graphmatica" = Graphmatica
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield for Microsoft Visual C++ 6" = InstallShield for Microsoft Visual C++ 6
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nmap" = Nmap 4.76
"PROSet" = Intel® PRO Network Adapters and Drivers
"RFFlow" = RFFlow
"RocketDock_is1" = RocketDock 1.3.5
"SpeedFan" = SpeedFan (remove only)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.2
"Steinberg WaveLab v4.00c" = Steinberg WaveLab v4.00c
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Total Video Converter 3.12_is1" = Total Video Converter 3.12 080330
"TotalRecorder" = Total Recorder 6.0
"TrueImage" = Acronis True Image
"Tweak UI 2.10" = Tweak UI
"TweakNow PowerPack 2006 Professional_is1" = TweakNow PowerPack 2006 Professional
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2-1-0-401
"Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 1.0.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp (remove only)
"WinAVI Video Converter_is1" = WinAVI Video Converter
"WinAVIVideoConverter_is1" = WinAVIVideoConverter
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.0.6
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/08/2009 11:17:07 PM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application hdtp.exe, version 0.0.0.0, faulting module core.dll,
version 0.0.0.0, fault address 0x000453a0.

Error - 16/08/2009 6:16:21 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application vampire.exe, version 0.0.0.0, faulting module
client.dll, version 0.0.0.0, fault address 0x001d160f.

Error - 16/08/2009 6:50:23 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application vampire.exe, version 0.0.0.0, faulting module
client.dll, version 0.0.0.0, fault address 0x001d160f.

Error - 16/08/2009 7:10:35 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application vampire.exe, version 0.0.0.0, faulting module
client.dll, version 0.0.0.0, fault address 0x001d160f.

Error - 20/08/2009 7:57:38 AM | Computer Name = ALEX | Source = Application Hang | ID = 1002
Description = Hanging application UNINSTAL.EXE, version 1.2003.2.201, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 20/08/2009 7:59:45 AM | Computer Name = ALEX | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 2/09/2009 3:39:21 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application winavi.exe, version 0.0.0.0, faulting module
divx.dll, version 6.8.5.12, fault address 0x001172ef.

Error - 2/09/2009 3:44:23 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application winavi.exe, version 0.0.0.0, faulting module
divx.dll, version 6.8.5.12, fault address 0x001172ef.

Error - 2/09/2009 6:07:52 AM | Computer Name = ALEX | Source = Application Error | ID = 1000
Description = Faulting application winavi.exe, version 0.0.0.0, faulting module
divx.dll, version 6.8.5.12, fault address 0x001172ef.

Error - 3/09/2009 6:07:07 AM | Computer Name = ALEX | Source = Windows Live Messenger | ID = 1000
Description =

[ System Events ]
Error - 3/09/2009 6:09:10 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Sophos Anti-Virus Network service failed to start due to the following
error: %%3

Error - 3/09/2009 6:09:10 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Sophos Anti-Virus service failed to start due to the following
error: %%3

Error - 3/09/2009 6:09:10 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Ulead Burning Helper service failed to start due to the following
error: %%3

Error - 3/09/2009 7:53:10 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7034
Description = The O&O Defrag service terminated unexpectedly. It has done this
1 time(s).

Error - 3/09/2009 7:53:18 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7034
Description = The SoundMAX Agent Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 4/09/2009 3:54:07 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Apple Mobile Device service failed to start due to the following
error: %%3

Error - 4/09/2009 3:54:07 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Symantec Network Proxy service failed to start due to the following
error: %%3

Error - 4/09/2009 3:54:07 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Sophos Anti-Virus Network service failed to start due to the following
error: %%3

Error - 4/09/2009 3:54:07 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Sophos Anti-Virus service failed to start due to the following
error: %%3

Error - 4/09/2009 3:54:07 AM | Computer Name = ALEX | Source = Service Control Manager | ID = 7000
Description = The Ulead Burning Helper service failed to start due to the following
error: %%3


< End of report >

Attached Files

  • Attached File  gmer.log   318.46KB   17 downloads


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 04 September 2009 - 09:22 PM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    SRV - File not found -- -- (Apple Mobile Device [Auto | Stopped])
    SRV - File not found -- -- (ccProxy [Auto | Stopped])
    SRV - File not found -- -- (SweepNet [Auto | Stopped])
    SRV - File not found -- -- (SWEEPSRV.SYS [Auto | Stopped])
    SRV - File not found -- -- (UleadBurningHelper [Auto | Stopped])
    IE - URLSearchHook: - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKU\S-1-5-21-117609710-1454471165-682003330-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
    O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - Reg Error: Value error. File not found
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (Reg Error: Key error.)
    :Files
    @C:\Documents and Settings\All Users\Application Data\TEMP:66633281
    @C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
    @C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
    @C:\Documents and Settings\All Users\Application Data\TEMP:15C56B30
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify"=dword:00000000
    "FirewallDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\MSN Messenger\msncall.exe"=-
    "C:\Program Files\ICQLite\ICQLite.exe"=-
    "E:\Alex's documents\Tools\uTorreng\utorrent.exe"=-
    "C:\Program Files\MSN Messenger\livecall.exe"=-
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=-
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Next

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Then please post back here with the following:
  • OTL results
  • New OTL log
  • MBAM report
Thanks

unite.jpg


#10 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 05 September 2009 - 04:13 AM

I'm not sure if this helps but during the MalwareBytes Scan, My comodo AV detected detected the following:

9/5/2009 6:56:57 PM Detect H:\System Volume Information\_restore{4AB14492-7E07-424B-8092-9247C178A56A}\RP34\A0010898.exe Backdoor.Win32.Popwin.~IP@40147524 Success

9/5/2009 6:56:58 PM Quarantine H:\System Volume Information\_restore{4AB14492-7E07-424B-8092-9247C178A56A}\RP34\A0010898.exe Backdoor.Win32.Popwin.~IP@40147524 Success


Here are the logs as requested:

OTL Results:

All processes killed
========== OTL ==========

Service\Driver Apple Mobile Device deleted successfully.

Service\Driver ccProxy deleted successfully.

Service\Driver SweepNet deleted successfully.

Service\Driver SWEEPSRV.SYS deleted successfully.

Service\Driver UleadBurningHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-117609710-1454471165-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Starting removal of ActiveX control {56762DEC-6B0D-4AB4-A8AD-989993B5D08B}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56762DEC-6B0D-4AB4-A8AD-989993B5D08B}\ not found.
========== FILES ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:66633281 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:15C56B30 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall\\"DisableMonitoring"|dword:00000000 /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\msncall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\ICQLite\ICQLite.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\E:\Alex's documents\Tools\uTorreng\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\MSN Messenger\livecall.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
File delete failed. C:\Documents and Settings\Alex\Local Settings\Temp\~DFCB5.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 2647338 bytes
File delete failed. C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1066927 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 48440173 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 35781 bytes

User: NetworkService
->Temp folder emptied: 147456 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 36900 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3235569 bytes
%systemroot%\System32 .tmp files removed: 59117376 bytes
File delete failed. C:\WINDOWS\temp\ZLT01be0.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 256 bytes
RecycleBin emptied: 111457185 bytes

Total Files Cleaned = 215.80 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09052009_173732

Files\Folders moved on Reboot...
C:\Documents and Settings\Alex\Local Settings\Temp\~DFCB5.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01be0.TMP not found!

Registry entries deleted on Reboot...



New OTL Log

OTL logfile created on: 5/09/2009 5:42:59 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Alex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1.97 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 68.39% Memory free
3.29 Gb Paging File | 2.81 Gb Available in Paging File | 85.18% Paging File free
Paging file location(s): C:\pagefile.sys 1512 3024 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20.00 Gb Total Space | 6.28 Gb Free Space | 31.39% Space Free | Partition Type: NTFS
Drive D: | 31.32 Gb Total Space | 5.51 Gb Free Space | 17.61% Space Free | Partition Type: NTFS
Drive E: | 54.47 Gb Total Space | 25.19 Gb Free Space | 46.25% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 931.51 Gb Total Space | 226.33 Gb Free Space | 24.30% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: ALEX
Current User Name: Alex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/27 19:29:52 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2008/04/14 04:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/03/07 11:01:26 | 00,122,880 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/08/07 04:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2005/05/11 03:09:54 | 00,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe
PRC - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2006/01/20 07:14:14 | 00,422,912 | ---- | M] () -- C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/08/27 19:30:03 | 01,796,368 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
PRC - [2007/09/02 12:58:52 | 00,495,616 | ---- | M] () -- E:\Program Files\RocketDock\RocketDock.exe
PRC - [2008/04/14 04:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2009/08/06 16:16:30 | 00,908,280 | ---- | M] (Mozilla Corporation) -- E:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/12/04 14:52:51 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/09/04 17:59:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/03/07 11:01:26 | 00,122,880 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc [Auto | Running])
SRV - [2008/07/25 10:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 10:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/27 19:29:52 | 00,715,392 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/07/29 20:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/08/07 12:44:18 | 00,045,816 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper [On_Demand | Stopped])
SRV - [2008/04/14 04:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/08/07 04:58:38 | 00,331,824 | ---- | M] (AnchorFree Inc.) -- E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 18:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 12:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2007/08/24 06:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/11/07 08:58:18 | 03,004,416 | ---- | M] (Microsoft Corporation) -- E:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90 [Disabled | Stopped])
SRV - [2003/03/03 13:33:40 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/05/11 03:09:54 | 00,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\System32\oodag.exe -- (O&O Defrag [Auto | Running])
SRV - [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2002/09/20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/07/30 15:02:10 | 00,702,336 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\DRIVERS\3xHybrid.sys -- (3xHybrid [On_Demand | Running])
DRV - [2004/05/17 12:23:48 | 00,133,200 | R--- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2005/07/12 02:10:11 | 00,019,200 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
DRV - [2000/01/08 09:22:36 | 00,010,240 | ---- | M] (VOB Computersysteme GmbH) -- C:\WINDOWS\System32\drivers\asapi.sys -- (Asapi [System | Running])
DRV - [2009/05/18 15:01:30 | 00,271,360 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/08/27 19:30:32 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdguard.sys -- (cmdGuard [System | Running])
DRV - [2009/08/27 19:30:33 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\cmdhlp.sys -- (cmdHlp [System | Running])
DRV - [2003/03/04 13:56:26 | 00,145,408 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2005/05/04 01:34:02 | 00,027,392 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\Drivers\ElbyCDFL.sys -- (ElbyCDFL [On_Demand | Running])
DRV - [2005/04/21 21:40:36 | 00,010,624 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2005/04/12 18:41:20 | 00,004,608 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2009/01/04 13:57:35 | 00,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\gdrv.sys -- (gdrv [On_Demand | Stopped])
DRV - [2009/01/15 11:19:36 | 00,023,848 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [1996/04/04 05:33:26 | 00,005,248 | ---- | M] () -- C:\WINDOWS\system32\giveio.sys -- (giveio [Boot | Running])
DRV - [2009/08/17 14:55:41 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\DRIVERS\hamachi.sys -- (hamachi [On_Demand | Stopped])
DRV - [2005/09/20 11:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2009/08/27 19:30:34 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect [Boot | Running])
DRV - [2009/05/18 15:01:14 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2002/09/20 12:53:34 | 00,235,100 | R--- | M] (Analog Devices Inc) -- C:\WINDOWS\System32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008/04/13 23:16:24 | 00,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\MPE.sys -- (MPE [On_Demand | Stopped])
DRV - [2008/04/13 23:23:10 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NMnt.sys -- (nm [On_Demand | Stopped])
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\NuidFltr.sys -- (NuidFltr [On_Demand | Stopped])
DRV - [2007/08/21 18:12:59 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2001/08/23 22:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/22 07:47:48 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/04/13 21:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 11:49:56 | 00,381,056 | R--- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2004/09/01 12:17:46 | 00,259,648 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2006/09/03 20:26:06 | 00,082,464 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman [Boot | Running])
DRV - [2006/05/13 13:57:50 | 10,305,664 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\snp2sxp.sys -- (SNP2STD [On_Demand | Running])
DRV - [2003/10/05 10:41:14 | 00,123,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\sojubus.sys -- (sojubus [Boot | Running])
DRV - [2003/09/28 10:57:52 | 00,005,504 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\sojuscsi.sys -- (sojuscsi [Boot | Running])
DRV - [2006/09/24 23:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\speedfan.sys -- (speedfan [Boot | Running])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/01/25 14:26:40 | 00,002,368 | ---- | M] (AntiCracking) -- C:\WINDOWS\System32\SVKP.sys -- (SVKP [Auto | Running])
DRV - [2004/02/04 10:27:56 | 00,049,536 | ---- | M] (Texas Instruments Incorporated) -- C:\WINDOWS\System32\drivers\tiehdusb.sys -- (TIEHDUSB [On_Demand | Stopped])
DRV - [2009/03/07 11:01:23 | 00,028,096 | ---- | M] (Acronis) -- C:\WINDOWS\System32\DRIVERS\tifsfilt.sys -- (tifsfilter [Auto | Running])
DRV - [2009/03/07 11:01:23 | 00,208,640 | ---- | M] (Acronis) -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter [Boot | Running])
DRV - [2008/12/21 11:01:43 | 00,022,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbsermpt.sys -- (usbsermpt [On_Demand | Stopped])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2005/01/06 15:55:38 | 00,009,446 | ---- | M] (Leadtek Research Inc.) -- E:\Program Files\WinFast\WFDTV\WFIOCTL.SYS -- (WFIOCTL [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8118;https=127.0.0.1:8118

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.85
FF - prefs.js..extensions.enabledItems: {896b34a4-c83f-4ea7-8ef0-51ed7220ac94}:1.0.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.4
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: dropio@dropio:2.0.1
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {D5EDC062-A372-4936-B782-BD611DD18D86}:3.1.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20090630
FF - prefs.js..keyword.URL: "http://au.search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 8118
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 8118

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 22:47:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2009/08/16 11:32:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2009/09/05 10:19:25 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: E:\Program Files\Mozilla Thunderbird\components [2009/06/13 22:41:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: E:\Program Files\Mozilla Thunderbird\plugins [2009/09/05 10:19:25 | 00,000,000 | ---D | M]

[2008/12/02 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions
[2008/12/02 16:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/04 20:34:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions
[2009/08/21 18:08:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2009/06/20 12:34:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2008/12/02 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2009/07/04 12:48:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{896b34a4-c83f-4ea7-8ef0-51ed7220ac94}
[2009/08/21 18:08:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/04 12:48:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/08/27 19:59:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2009/07/04 12:48:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/08/21 18:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/02/19 19:11:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/07/18 15:04:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\anycolor.pavlos256@gmail.com
[2009/04/17 20:32:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\dropio@dropio
[2009/07/18 15:03:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\nasanightlaunch@example.com
[2009/08/11 16:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Alex\Application Data\mozilla\Firefox\Profiles\gh9hk79t.default\extensions\SkipScreen@SkipScreen
[2009/07/14 16:52:44 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Alex\Application Data\Mozilla\FireFox\Profiles\gh9hk79t.default\searchplugins\icqplugin.xml
[2009/08/16 12:25:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2006/09/04 00:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/12/02 18:26:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/05/02 07:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/11/24 13:35:00 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/05/13 04:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/19 08:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2003/05/15 01:01:48 | 00,133,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2006/09/04 00:46:38 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/03/09 10:35:04 | 00,365,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npupd62.dll
[2009/05/02 07:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2006/02/23 07:16:20 | 00,034,048 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62i9x.dll
[2006/02/23 07:16:20 | 00,045,056 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\upd62int.dll

O1 HOSTS File: (302562 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10430 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [RAM Idle Professional] C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] E:\Program Files\RocketDock\RocketDock.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsHistory = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 47 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/03 16:49:20 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3fb13c9c-f1b5-11dd-b849-001485e2b05a}\Shell - "" = AutoRun
O33 - MountPoints2\{3fb13c9c-f1b5-11dd-b849-001485e2b05a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3fb13c9c-f1b5-11dd-b849-001485e2b05a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)

========== Files/Folders - Created Within 30 Days ==========

[2009/09/05 17:37:32 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/05 17:35:34 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alex\Desktop\mbam-setup.exe
[2009/09/04 20:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/09/04 20:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/09/04 19:40:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Task 1
[2009/09/04 19:32:48 | 00,487,477 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\Derrick Ha - Maths Methods Preparatory Booklet - Questions.pdf
[2009/09/04 17:59:31 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2009/09/03 21:49:39 | 00,288,768 | ---- | C] () -- C:\Documents and Settings\Alex\Desktop\xhiyz670.exe
[2009/09/03 18:49:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Tests
[2009/09/01 20:14:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\My Documents\MyVB Prog
[2009/08/31 19:09:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Latest VB Sac
[2009/08/31 19:00:55 | 00,076,288 | ---- | C] () -- C:\WINDOWS\System32\msflxgrd.oca
[2009/08/31 19:00:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\Unit 4
[2009/08/31 18:59:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\SAC 401
[2009/08/30 19:22:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Desktop\VTAC 09
[2009/08/21 18:07:33 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/08/21 18:07:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/08/16 12:28:23 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/08/16 12:28:19 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/08/16 12:28:19 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/08/16 12:28:14 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/08/16 12:28:12 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/08/16 12:28:12 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/08/16 12:28:11 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/08/16 12:28:11 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/08/16 12:28:10 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/08/16 12:28:10 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/08/16 12:27:29 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/08/16 12:27:29 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/08/16 12:27:29 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/08/15 15:02:29 | 00,000,292 | ---- | C] () -- C:\WINDOWS\vtmb.ini
[2009/08/13 16:50:30 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/13 16:50:21 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/10 16:28:11 | 00,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/08/10 16:28:11 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2009/08/10 16:28:11 | 00,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/08/10 16:28:11 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/08/10 16:28:11 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2009/08/10 16:28:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Alex\Application Data\Simply Super Software
[2009/08/10 16:19:35 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/20 20:29:05 | 00,000,035 | ---- | C] () -- C:\WINDOWS\WorldBuilder.INI
[2009/07/07 12:26:14 | 00,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/06/27 11:34:50 | 00,000,062 | ---- | C] () -- C:\WINDOWS\FinalAlert2.ini
[2009/06/06 13:03:42 | 00,000,036 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2009/05/18 15:01:30 | 00,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/05/18 15:01:14 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/05/11 21:22:43 | 00,000,153 | ---- | C] () -- C:\WINDOWS\cavscan.INI
[2009/04/11 16:55:05 | 00,000,262 | ---- | C] () -- C:\WINDOWS\w32demo8.ini
[2009/04/11 16:48:50 | 00,000,417 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/04/05 16:34:21 | 00,000,141 | ---- | C] () -- C:\WINDOWS\LODERUNN.INI
[2009/03/29 18:45:40 | 00,000,779 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/03/29 18:42:50 | 00,000,540 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009/02/16 17:43:56 | 00,000,002 | ---- | C] () -- C:\WINDOWS\System32\Dvbpws.dll
[2009/02/16 17:32:31 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/02/07 10:00:51 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Isdbg.ini
[2009/02/07 09:54:48 | 00,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2009/01/29 08:09:00 | 00,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2009/01/29 08:08:59 | 10,305,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2009/01/29 08:08:58 | 00,147,456 | ---- | C] ( ) -- C:\WINDOWS\rsnp2std.dll
[2009/01/29 08:08:58 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2009/01/18 13:18:46 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2008/12/02 19:50:30 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/04 01:33:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2006/09/04 00:55:43 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/09/03 20:33:21 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/03 20:26:06 | 00,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2006/09/03 19:57:51 | 00,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/09/03 17:08:55 | 00,012,288 | R--- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/08/10 08:13:31 | 00,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/08/10 08:13:31 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/12/03 22:18:00 | 00,503,808 | R--- | C] () -- C:\WINDOWS\System32\lt_xtrans.dll
[2004/12/03 22:18:00 | 00,286,720 | R--- | C] () -- C:\WINDOWS\System32\MrSIDD.dll
[2004/12/03 22:18:00 | 00,163,840 | R--- | C] () -- C:\WINDOWS\System32\lt_common.dll
[2004/12/03 22:18:00 | 00,126,976 | R--- | C] () -- C:\WINDOWS\System32\lt_trans.dll
[2004/12/03 22:18:00 | 00,069,632 | R--- | C] () -- C:\WINDOWS\System32\lt_meta.dll
[2004/12/03 22:18:00 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\lt_encrypt.dll
[2004/12/03 22:18:00 | 00,020,480 | R--- | C] () -- C:\WINDOWS\System32\lt_messagetext.dll
[2004/07/18 02:48:44 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_004807_.tmp.dll
[2004/07/18 02:48:44 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_004775_.tmp.dll
[2003/10/05 10:41:14 | 00,123,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojubus.sys
[2003/09/28 10:57:52 | 00,005,504 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\sojuscsi.sys
[2001/08/23 22:00:00 | 00,000,730 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1998/06/09 23:00:00 | 00,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/17 23:00:00 | 00,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/23 23:00:00 | 00,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1996/04/04 05:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Files - Modified Within 30 Days ==========

[2009/09/05 17:39:01 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/09/05 17:38:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/05 17:38:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/05 17:38:36 | 00,197,589 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2009/09/05 17:35:49 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Alex\Desktop\mbam-setup.exe
[2009/09/05 16:47:31 | 00,000,059 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/05 16:46:47 | 00,000,155 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2009/09/05 10:16:35 | 00,089,280 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/05 10:16:12 | 00,314,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/04 19:32:49 | 00,487,477 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\Derrick Ha - Maths Methods Preparatory Booklet - Questions.pdf
[2009/09/04 17:59:36 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Alex\Desktop\OTL.exe
[2009/09/03 21:49:40 | 00,288,768 | ---- | M] () -- C:\Documents and Settings\Alex\Desktop\xhiyz670.exe
[2009/09/01 17:27:03 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/31 21:55:57 | 00,000,153 | ---- | M] () -- C:\WINDOWS\cavscan.INI
[2009/08/31 19:00:55 | 00,076,288 | ---- | M] () -- C:\WINDOWS\System32\msflxgrd.oca
[2009/08/27 19:30:35 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/08/27 19:30:34 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/08/27 19:30:33 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/08/27 19:30:32 | 00,132,168 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/08/20 21:57:20 | 03,173,518 | -H-- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\IconCache.db
[2009/08/17 20:03:48 | 00,089,600 | ---- | M] () -- C:\Documents and Settings\Alex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/17 14:55:41 | 00,025,280 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\hamachi.sys
[2009/08/16 12:45:31 | 00,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/16 12:45:31 | 00,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/16 12:28:29 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/08/16 12:12:41 | 00,000,779 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/08/15 15:02:29 | 00,000,292 | ---- | M] () -- C:\WINDOWS\vtmb.ini
[2009/08/12 17:18:41 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/09 20:02:24 | 00,000,130 | ---- | M] () -- C:\WINDOWS\cfplogvw.INI
< End of report >


Malwarebytes' Anti-Malware 1.40
Database version: 2744
Windows 5.1.2600 Service Pack 3

5/09/2009 6:59:54 PM
mbam-log-2009-09-05 (18-59-54).txt

Scan type: Full Scan (C:\|D:\|E:\|H:\|)
Objects scanned: 245565
Time elapsed: 1 hour(s), 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{67450775-3b18-49b1-aa83-0e010f07f4df} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{69b3ebfa-0015-4914-9312-e7758eacfac1} (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{30de9920-2e84-40a2-88a5-b8d256e15101} (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Common Files\ACD Systems\Filters\EITCC_LinearBlur.dll (Trojan.Dropper) -> Quarantined and deleted successfully.

#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 05 September 2009 - 04:32 PM

Hi Bublik,

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Reamove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Then please post back here with the following:
  • Kaspersky report
  • New DDS log
Thanks

unite.jpg


#12 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 07 September 2009 - 02:38 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 6, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 06, 2009 04:51:47
Records in database: 2751365
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
R:\
X:\

Scan statistics:
Objects scanned: 151909
Threats found: 5
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 06:43:17


File name / Threat / Threats count
D:\Backups\AlexFolder Backup Jul09\20090718_155622_AlexFolder Jul09 Backup.nba Infected: Trojan-Dropper.Win32.Delf.bur 1
E:\Alex folder\DESKTOP CLEANUP\Craagle v3.0.exe Infected: not-a-virus:AdWare.Win32.Craagle.b 1
E:\Alex folder\Other stuff\Guides\Cracking\Tutorials\1.) Mister X's Starter Pack\Topic 12 - Kani’s Tutorial Series\Video.tutorials.newbies.rar Infected: Trojan-Dropper.Win32.Delf.bur 1
E:\setups\kaspersky Internet sek suite\Kaspersky.rar Infected: Trojan.Win32.Autoit.wz 1
E:\Updates\setups\Total Video Converter 3.12 Included Serial\tvcnew.exe Infected: Trojan.Win32.Chifrax.d 1
E:\Updates\setups\Total Video Converter 3.zip Infected: Trojan.Win32.Chifrax.d 1
E:\Updates\setups\Vista_Anthracite_Pack_v1_31_L_by_Nekh_Art_Studio.exe Infected: not-a-virus:RiskTool.Win32.WFPDisabler.a 1
E:\Updates\Total Video Converter 3.12 Included Serial\tvcnew.exe Infected: Trojan.Win32.Chifrax.d 1
H:\RECYCLER\S-1-5-21-117609710-1454471165-682003330-1003\Dh1\Cracking\Tutorials\1.) Mister X's Starter Pack\Topic 12 - Kani’s Tutorial Series\Video.tutorials.newbies.rar Infected: Trojan-Dropper.Win32.Delf.bur 1

Selected area has been scanned.




DDS (Ver_09-07-30.01) - NTFSx86
Run by Alex at 17:32:05.48 on Mon 07/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1411 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RAM Idle Professional] c:\program files\tweaknow powerpack 2006\RAM2_XP.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = :\windows\syste

============= SERVICES / DRIVERS ===============

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-9-3 10240]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-4 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-4 25160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-4 715392]
R2 HssSrv;Hotspot Shield Routing Service;e:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-7 331824]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-1-25 2368]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2009-2-16 702336]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-12-5 14336]
S3 InterCheck Control;InterCheck Control;\??\c:\program files\sophos sweep for nt\icntdrv5.sys --> c:\program files\sophos sweep for nt\icntdrv5.sys [?]
S3 InterCheck Filter;InterCheck Filter;\??\c:\program files\sophos sweep for nt\icntflt5.sys --> c:\program files\sophos sweep for nt\icntflt5.sys [?]
S3 InterCheck Support 01;InterCheck Support 01;\??\c:\program files\sophos sweep for nt\icntst01.sys --> c:\program files\sophos sweep for nt\icntst01.sys [?]
S3 InterCheck Support 02;InterCheck Support 02;\??\c:\program files\sophos sweep for nt\icntst02.sys --> c:\program files\sophos sweep for nt\icntst02.sys [?]
S3 InterCheck Support 03;InterCheck Support 03;\??\c:\program files\sophos sweep for nt\icntst03.sys --> c:\program files\sophos sweep for nt\icntst03.sys [?]
S3 InterCheck Support 04;InterCheck Support 04;\??\c:\program files\sophos sweep for nt\icntst04.sys --> c:\program files\sophos sweep for nt\icntst04.sys [?]
S3 InterCheck Support 05;InterCheck Support 05;\??\c:\program files\sophos sweep for nt\icntst05.sys --> c:\program files\sophos sweep for nt\icntst05.sys [?]
S3 InterCheck Support 06;InterCheck Support 06;\??\c:\program files\sophos sweep for nt\icntst06.sys --> c:\program files\sophos sweep for nt\icntst06.sys [?]
S3 InterCheck Support 07;InterCheck Support 07;\??\c:\program files\sophos sweep for nt\icntst07.sys --> c:\program files\sophos sweep for nt\icntst07.sys [?]
S3 InterCheck Support 08;InterCheck Support 08;\??\c:\program files\sophos sweep for nt\icntst08.sys --> c:\program files\sophos sweep for nt\icntst08.sys [?]
S3 InterCheck Support 09;InterCheck Support 09;\??\c:\program files\sophos sweep for nt\icntst09.sys --> c:\program files\sophos sweep for nt\icntst09.sys [?]
S3 InterCheck Support 10;InterCheck Support 10;\??\c:\program files\sophos sweep for nt\icntst10.sys --> c:\program files\sophos sweep for nt\icntst10.sys [?]
S3 InterCheck Support 11;InterCheck Support 11;\??\c:\program files\sophos sweep for nt\icntst11.sys --> c:\program files\sophos sweep for nt\icntst11.sys [?]
S3 InterCheck Support 12;InterCheck Support 12;\??\c:\program files\sophos sweep for nt\icntst12.sys --> c:\program files\sophos sweep for nt\icntst12.sys [?]
S3 WFIOCTL;WFIOCTL;e:\program files\winfast\wfdtv\WFIOCTL.sys [2009-2-16 9446]

=============== Created Last 30 ================

2009-09-06 14:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-05 19:00 0 a------- c:\windows\system32\drivers\htwae.sys
2009-09-05 17:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 17:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-05 17:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 17:37 <DIR> --d----- C:\_OTL
2009-08-31 19:00 76,288 a------- c:\windows\system32\msflxgrd.oca
2009-08-16 20:01 <DIR> --dsh--- c:\documents and settings\alex\IECompatCache
2009-08-16 12:28 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 12:28 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-15 15:02 292 a------- c:\windows\vtmb.ini
2009-08-13 16:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 16:50 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-10 16:28 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-10 16:28 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-08-10 16:28 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-10 16:28 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-10 16:28 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-10 16:28 <DIR> --d----- c:\docume~1\alex\applic~1\Simply Super Software
2009-08-10 16:19 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-09-06 14:31 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-27 19:30 179,792 a------- c:\windows\system32\guard32.dll
2009-08-27 19:30 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-27 19:30 132,168 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-17 14:55 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-16 12:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-05 19:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 16:31 1,567 a------- c:\windows\eReg.dat
2009-07-18 05:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 18:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 18:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 18:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 18:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 18:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 18:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-18 13:41 152,904 a------- c:\windows\system32\vghd.scr
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 22:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 22:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 00:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 16:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2008-12-21 11:01 25,600 -------- c:\documents and settings\alex\usbsermptxp.sys
2008-12-21 11:01 22,768 -------- c:\documents and settings\alex\usbsermpt.sys

============= FINISH: 17:33:10.39 ===============

#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 07 September 2009 - 08:42 PM

Well Kaspersky has found quite a bit of cracked software, I have included it all in the OTL script to be removed, and I would also strongly advise that you remove any other cracked
software that you may have as they will most likely be infected crap too.

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply
Next

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\system32\drivers\htwae.sys

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Next

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
    :Files
    D:\Backups\AlexFolder Backup Jul09\20090718_155622_AlexFolder Jul09 Backup.nba
    E:\Alex folder\DESKTOP CLEANUP\Craagle v3.0.exe
    E:\Alex folder\Other stuff\Guides\Cracking\Tutorials\1.) Mister X's Starter Pack\Topic 12 - Kani’s Tutorial Series\Video.tutorials.newbies.rar
    E:\setups\kaspersky Internet sek suite\Kaspersky.rar
    E:\Updates\setups\Total Video Converter 3.12 Included Serial
    E:\Updates\setups\Total Video Converter 3.zip
    E:\Updates\setups\Vista_Anthracite_Pack_v1_31_L_by_Nekh_Art_Studio.exe
    E:\Updates\Total Video Converter 3.12 Included Serial
    H:\RECYCLER\S-1-5-21-117609710-1454471165-682003330-1003
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.
Then please post back here with the following:
  • Rooter.txt
  • Jotti results
  • OTL results
  • New DDS log
Thanks

unite.jpg


#14 Bublik

Bublik
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:01:48 AM

Posted 08 September 2009 - 03:26 AM

Hello,

I will have to speak to my little brother , Alex, who is the main user. I was unaware of what programs he installs on the machine or how he goes about doing it. I purchased him the machine as he is doing year 12 and we figured it will help his studies, so essentially it is his. I only use it for email.

About the "c:\windows\system32\drivers\htwae.sys" File. I was unable to upload it to either Jotti or virustotal. On clicking submit it just hangs on uploading file. I have waited for about 5 minutes with no result. So what i did was this: I went to : c:\windows\system32\drivers\ and located the "htwae.sys" file. Its size was 0KB in size and the Date modified was: 5/09/2009 7:00PM. The only other files in that directory that are 0KB is size are: "Msft_Kernel_NuidFltr_01005.Wdf" and "MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf" both of which were last modified on 26/16/2008. Every other file there is of some size. I believe it is because the file size is 0 that i was unable to upload it to those two sites. What would you recommend i do about this file? Also as requested here are the other logs:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 9, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:20 Go - Free:6 Go )
D:\ [Fixed-NTFS] .. ( Total:31 Go - Free:5 Go )
E:\ [Fixed-NTFS] .. ( Total:54 Go - Free:25 Go )
G:\ [CD_Rom]
H:\ [Fixed-NTFS] .. ( Total:931 Go - Free:218 Go )
R:\ [CD_Rom]
X:\ [CD_Rom]
.
Scan : 16:26.18
Path : C:\Documents and Settings\Alex\Desktop\Rooter.exe
User : Alex ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (796)
______ \??\C:\WINDOWS\system32\csrss.exe (868)
______ \??\C:\WINDOWS\system32\winlogon.exe (892)
______ C:\WINDOWS\system32\services.exe (936)
______ C:\WINDOWS\system32\lsass.exe (948)
______ C:\WINDOWS\system32\svchost.exe (1108)
______ C:\WINDOWS\system32\svchost.exe (1188)
Locked cmdagent.exe (1284)
______ C:\WINDOWS\system32\svchost.exe (1312)
______ C:\WINDOWS\system32\svchost.exe (1436)
______ C:\WINDOWS\system32\svchost.exe (1508)
Locked vsmon.exe (1520)
______ C:\WINDOWS\Explorer.EXE (1876)
______ C:\WINDOWS\system32\spoolsv.exe (320)
______ C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe (636)
Locked zlclient.exe (644)
Locked cfp.exe (652)
______ C:\Program Files\Java\jre6\bin\jusched.exe (668)
______ E:\Program Files\RocketDock\RocketDock.exe (688)
______ C:\WINDOWS\system32\ctfmon.exe (704)
______ C:\Program Files\Messenger\msmsgs.exe (712)
______ C:\WINDOWS\system32\svchost.exe (872)
______ C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (1128)
______ E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (1276)
______ C:\WINDOWS\system32\oodag.exe (1420)
______ C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (1572)
______ C:\WINDOWS\system32\svchost.exe (1744)
______ C:\WINDOWS\System32\alg.exe (2900)
______ E:\Program Files\Mozilla Firefox\firefox.exe (728)
______ C:\Program Files\Java\jre6\bin\java.exe (2964)
______ C:\WINDOWS\system32\msiexec.exe (4020)
______ C:\Program Files\Skype\Phone\Skype.exe (3608)
______ C:\Program Files\Skype\Plugin Manager\skypePM.exe (1980)
______ C:\Documents and Settings\Alex\Desktop\Rooter.exe (3532)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:21476173824)
\Device\Harddisk0\Partition0 (Start_Offset:21476206080 | Length:98555304960)
\Device\Harddisk0\Partition2 (Start_Offset:55101152256 | Length:58481739264)
\Device\Harddisk0\Partition3 (Start_Offset:21476240384 | Length:33624910336)
\Device\Harddisk0\Partition0 (Start_Offset:113582891520 | Length:6448619520)
\Device\Harddisk0\Partition4 (Start_Offset:113582923776 | Length:6448587264)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 16:26.34
.
C:\Rooter$\Rooter_1.txt - (08/09/2009 | 16:26.34)




All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!
========== FILES ==========
D:\Backups\AlexFolder Backup Jul09\20090718_155622_AlexFolder Jul09 Backup.nba moved successfully.
E:\Alex folder\DESKTOP CLEANUP\Craagle v3.0.exe moved successfully.
E:\Alex folder\Other stuff\Guides\Cracking\Tutorials\1.) Mister X's Starter Pack\Topic 12 - Kani’s Tutorial Series\Video.tutorials.newbies.rar moved successfully.
E:\setups\kaspersky Internet sek suite\Kaspersky.rar moved successfully.
E:\Updates\setups\Total Video Converter 3.12 Included Serial moved successfully.
E:\Updates\setups\Total Video Converter 3.zip moved successfully.
E:\Updates\setups\Vista_Anthracite_Pack_v1_31_L_by_Nekh_Art_Studio.exe moved successfully.
E:\Updates\Total Video Converter 3.12 Included Serial moved successfully.
H:\RECYCLER\S-1-5-21-117609710-1454471165-682003330-1003 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
File delete failed. C:\Documents and Settings\Alex\Local Settings\Temp\~DFD7F5.tmp scheduled to be deleted on reboot.
->Temp folder emptied: 103051009 bytes
File delete failed. C:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 636924 bytes
->Java cache emptied: 25493434 bytes
->FireFox cache emptied: 40926847 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\ZLT01691.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied: 256 bytes
RecycleBin emptied: 19960350 bytes

Total Files Cleaned = 181.33 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09082009_171411

Files\Folders moved on Reboot...
C:\Documents and Settings\Alex\Local Settings\Temp\~DFD7F5.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01691.TMP not found!

Registry entries deleted on Reboot...




DDS (Ver_09-07-30.01) - NTFSx86
Run by Alex at 18:21:36.46 on Tue 08/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2015.1284 [GMT 10:00]

AV: COMODO Antivirus *On-access scanning disabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TweakNow PowerPack 2006\RAM2_XP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
E:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
E:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\Alex\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [RocketDock] "e:\program files\rocketdock\RocketDock.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [RAM Idle Professional] c:\program files\tweaknow powerpack 2006\RAM2_XP.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll

============= SERVICES / DRIVERS ===============

R0 sojubus;sojubus;c:\windows\system32\drivers\sojubus.sys [2003-10-5 123520]
R0 sojuscsi;sojuscsi;c:\windows\system32\drivers\sojuscsi.sys [2003-9-28 5504]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2006-9-3 10240]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-4 132168]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-4 25160]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-8-16 353672]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-4 715392]
R2 HssSrv;Hotspot Shield Routing Service;e:\program files\hotspot shield\hsswpr\hsssrv.exe [2009-8-7 331824]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2009-1-25 2368]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 3xHybrid;WinFast DTV1000 S;c:\windows\system32\drivers\3xHybrid.sys [2009-2-16 702336]
S3 getPlusHelper;getPlus® Helper;c:\windows\system32\svchost.exe -k getPlusHelper [2008-12-5 14336]
S3 InterCheck Control;InterCheck Control;\??\c:\program files\sophos sweep for nt\icntdrv5.sys --> c:\program files\sophos sweep for nt\icntdrv5.sys [?]
S3 InterCheck Filter;InterCheck Filter;\??\c:\program files\sophos sweep for nt\icntflt5.sys --> c:\program files\sophos sweep for nt\icntflt5.sys [?]
S3 InterCheck Support 01;InterCheck Support 01;\??\c:\program files\sophos sweep for nt\icntst01.sys --> c:\program files\sophos sweep for nt\icntst01.sys [?]
S3 InterCheck Support 02;InterCheck Support 02;\??\c:\program files\sophos sweep for nt\icntst02.sys --> c:\program files\sophos sweep for nt\icntst02.sys [?]
S3 InterCheck Support 03;InterCheck Support 03;\??\c:\program files\sophos sweep for nt\icntst03.sys --> c:\program files\sophos sweep for nt\icntst03.sys [?]
S3 InterCheck Support 04;InterCheck Support 04;\??\c:\program files\sophos sweep for nt\icntst04.sys --> c:\program files\sophos sweep for nt\icntst04.sys [?]
S3 InterCheck Support 05;InterCheck Support 05;\??\c:\program files\sophos sweep for nt\icntst05.sys --> c:\program files\sophos sweep for nt\icntst05.sys [?]
S3 InterCheck Support 06;InterCheck Support 06;\??\c:\program files\sophos sweep for nt\icntst06.sys --> c:\program files\sophos sweep for nt\icntst06.sys [?]
S3 InterCheck Support 07;InterCheck Support 07;\??\c:\program files\sophos sweep for nt\icntst07.sys --> c:\program files\sophos sweep for nt\icntst07.sys [?]
S3 InterCheck Support 08;InterCheck Support 08;\??\c:\program files\sophos sweep for nt\icntst08.sys --> c:\program files\sophos sweep for nt\icntst08.sys [?]
S3 InterCheck Support 09;InterCheck Support 09;\??\c:\program files\sophos sweep for nt\icntst09.sys --> c:\program files\sophos sweep for nt\icntst09.sys [?]
S3 InterCheck Support 10;InterCheck Support 10;\??\c:\program files\sophos sweep for nt\icntst10.sys --> c:\program files\sophos sweep for nt\icntst10.sys [?]
S3 InterCheck Support 11;InterCheck Support 11;\??\c:\program files\sophos sweep for nt\icntst11.sys --> c:\program files\sophos sweep for nt\icntst11.sys [?]
S3 InterCheck Support 12;InterCheck Support 12;\??\c:\program files\sophos sweep for nt\icntst12.sys --> c:\program files\sophos sweep for nt\icntst12.sys [?]
S3 WFIOCTL;WFIOCTL;e:\program files\winfast\wfdtv\WFIOCTL.sys [2009-2-16 9446]

=============== Created Last 30 ================

2009-09-08 16:26 <DIR> --d----- C:\Rooter$
2009-09-06 14:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-05 19:00 0 a------- c:\windows\system32\drivers\htwae.sys
2009-09-05 17:46 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-05 17:46 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-05 17:46 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-05 17:37 <DIR> --d----- C:\_OTL
2009-08-31 19:00 76,288 a------- c:\windows\system32\msflxgrd.oca
2009-08-16 20:01 <DIR> --dsh--- c:\documents and settings\alex\IECompatCache
2009-08-16 12:28 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-08-16 12:28 350,192 a------- c:\windows\system32\vsconfig.xml
2009-08-15 15:02 292 a------- c:\windows\vtmb.ini
2009-08-13 16:50 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-13 16:50 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-10 16:28 162,304 a------- c:\windows\system32\ztvunrar36.dll
2009-08-10 16:28 153,088 a------- c:\windows\system32\UNRAR3.dll
2009-08-10 16:28 77,312 a------- c:\windows\system32\ztvunace26.dll
2009-08-10 16:28 75,264 a------- c:\windows\system32\unacev2.dll
2009-08-10 16:28 69,632 a------- c:\windows\system32\ztvcabinet.dll
2009-08-10 16:28 <DIR> --d----- c:\docume~1\alex\applic~1\Simply Super Software
2009-08-10 16:19 <DIR> --d----- c:\program files\Trend Micro

==================== Find3M ====================

2009-09-06 14:31 411,368 a------- c:\windows\system32\deploytk.dll
2009-08-27 19:30 179,792 a------- c:\windows\system32\guard32.dll
2009-08-27 19:30 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-08-27 19:30 132,168 a------- c:\windows\system32\drivers\cmdguard.sys
2009-08-17 14:55 25,280 a------- c:\windows\system32\drivers\hamachi.sys
2009-08-16 12:28 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-08-05 19:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 16:31 1,567 a------- c:\windows\eReg.dat
2009-07-18 05:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-04 03:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 18:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 18:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 18:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 18:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 18:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 18:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-18 13:41 152,904 a------- c:\windows\system32\vghd.scr
2009-06-17 00:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-17 00:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 22:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 22:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-11 00:13 84,992 a------- c:\windows\system32\avifil32.dll
2008-12-21 11:01 25,600 -------- c:\documents and settings\alex\usbsermptxp.sys
2008-12-21 11:01 22,768 -------- c:\documents and settings\alex\usbsermpt.sys

============= FINISH: 18:22:19.42 ===============

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:04:48 PM

Posted 08 September 2009 - 07:23 PM

You have 2 firewalls running on your machine, ZoneAlarm and Comodo, you should uninstall one of these as it may cause issues on your system, I would suggest that you
uninstall ZoneAlarm, since Comodo also includes your AntiVirus protection.

Also can you tell me if you or your brother has set the following proxy server settings.

ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118

I think that you should leave the htwae.sys file alone since it does not seem to be causing any issues. Please uninstall one of your firewall and let me no about the proxy server
settings the post back with a new DDS log.

Thanks

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users