Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help cleaning pc


  • This topic is locked This topic is locked
27 replies to this topic

#1 soulesskiller21

soulesskiller21

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 16 September 2009 - 04:24 PM

Basically I believe my pc only has a Generic.Bot.H and its been a pain on restarts. From what I've experienced it's only ever active on start ups and has only been doing so recently (about 1 weeks ago). Whenever I restart my pc it boots normally then after I sign into my account it hangs there for about 10-15 seconds then it shows my wallpaper and another screen shows up saying its loading personal preferences from C:\Program Files\Intel\Intelinf. If I open the task manager theres a application called microsoft along with the window so I close that and my desktop pops up. A few moments later a 3-4 microsoft and 3-4 microsoft update applications popup and slow my pc to a crawl so I close those. At the same time a fake explorer.exe and firefox.exe are added to my processor list. If I delete the firefox.exe first it comes back followed by the microsoft and microsoft update applications, however if I delete the explorer.exe process first I can then delete the firefox.exe process with no problem and (as far as I can tell) my pc runs fine afterwards.

Was told to post here by garmanma from the 'Am I infected? What do I do' forum. went through various steps some I'm not sure of. We also went through 2 scan programs (Dr. Web Cureit and Rootrepeal) but couldn't get either to work....well DWC worked but couldn't make a logfile from the results and rootrepeal kept crashing my pc with a blue screen. The one that finally worked was oldtimer tools which he said I should post both scans here. Oh and if you want a more detailed runthrough of what we did heres the link to the forum



Heres the OTL.txt

OTL logfile created on: 9/16/2009 12:19:35 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\T\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.46% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 3.91 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 33.07 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
Drive E: | 322.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 337.77 Gb Total Space | 337.69 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive H: | 104.89 Gb Total Space | 5.58 Gb Free Space | 5.32% Space Free | Partition Type: NTFS
Drive I: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CR0WNED
Current User Name: T
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/08/13 22:08:00 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/08/13 22:08:00 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/08/20 09:42:14 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/09/23 10:45:29 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe
PRC - [2009/08/20 09:42:23 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/08/20 09:42:19 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2007/02/10 09:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2004/10/11 12:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2009/08/20 09:42:18 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/08/20 09:42:22 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2005/04/15 12:01:46 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/02/15 17:10:16 | 00,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2008/05/02 00:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/08/20 09:42:16 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2004/12/02 19:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2009/07/30 21:15:46 | 00,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/01/27 00:20:11 | 00,342,848 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2008/12/29 06:40:30 | 00,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/09 20:57:32 | 07,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/01/09 21:00:52 | 07,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/07/30 21:15:44 | 00,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/08/24 16:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/16 00:19:12 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/13 22:08:00 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/13 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009/08/20 09:42:18 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/08/20 09:42:14 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/12 21:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.EXE -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/03/02 10:13:05 | 00,016,168 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\560\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/08/26 17:21:22 | 00,092,296 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service [Auto | Running])
SRV - [2008/09/23 10:45:29 | 00,303,104 | ---- | M] (Motive Communications, Inc.) -- C:\Program Files\Common Files\Motive\McciCMService.exe -- (McciCMService [Auto | Running])
SRV - [2007/02/10 09:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2005/10/14 06:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/02/10 09:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Disabled | Stopped])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2004/10/11 12:20:30 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005/04/19 11:40:52 | 02,317,504 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Running])
DRV - [2009/08/14 00:27:00 | 04,485,632 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/07 23:54:17 | 00,165,376 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2009/08/20 09:42:23 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/20 09:42:23 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/05/09 09:07:34 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2009/03/27 01:16:28 | 00,012,672 | ---- | M] (Windows Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys -- (cpuz132 [Auto | Stopped])
DRV - [2005/01/09 22:15:24 | 00,138,752 | R--- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2008/04/13 14:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/21 20:58:52 | 00,049,920 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2005/10/21 20:58:58 | 00,016,496 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2005/10/22 08:22:48 | 00,021,568 | ---- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2009/08/07 23:54:17 | 00,018,048 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2003/03/31 15:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2008/09/23 10:45:32 | 00,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50 [On_Demand | Stopped])
DRV - [2008/09/23 10:45:31 | 00,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50 [On_Demand | Stopped])
DRV - [2001/08/17 10:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401 [On_Demand | Running])
DRV - [2005/05/17 18:45:08 | 00,092,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2005/04/06 04:22:28 | 00,033,536 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2005/04/06 04:22:30 | 00,012,928 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2005/01/09 22:15:30 | 00,106,496 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\DRIVERS\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2005/07/06 20:14:30 | 01,389,056 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\P17.sys -- (P17 [On_Demand | Running])
DRV - [2001/08/23 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/16 15:51:56 | 00,022,784 | ---- | M] (Research In Motion Limited) -- C:\WINDOWS\System32\Drivers\RimUsb.sys -- (RimUsb [On_Demand | Stopped])
DRV - [2009/09/04 14:50:00 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/09/04 14:50:02 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
DRV - [2009/09/04 14:49:58 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/13 12:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2009/02/25 02:22:28 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/03/12 15:48:24 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2007/08/28 17:05:12 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo.com
IE - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\S-1-5-21-1715567821-1500820517-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://yahoo.com/"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.0
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.4.2
FF - prefs.js..extensions.enabledItems: googletube@googletube.com:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {f701c26a-479a-4724-b4f1-870db12f063c}:1.4.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="

FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/06/26 15:20:21 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/17 23:43:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 20:24:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/09/15 18:43:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/15 19:19:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/10 16:56:14 | 00,000,000 | ---D | M]

[2009/01/26 17:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Extensions
[2009/01/26 17:35:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/15 15:51:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions
[2009/06/28 04:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/09/02 21:08:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/20 06:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/07/30 14:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2009/06/28 04:22:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\{f701c26a-479a-4724-b4f1-870db12f063c}
[2009/06/28 04:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\anycolor.pavlos256@gmail.com
[2009/08/11 00:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\T\Application Data\mozilla\Firefox\Profiles\x7o8ka7b.default\extensions\googletube@googletube.com
[2009/09/15 15:51:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/10 16:56:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/10 01:43:55 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/17 23:44:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/10 13:31:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/10 16:31:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/08/24 16:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 16:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/07/25 05:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/08/24 16:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/08/24 14:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 14:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 14:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 14:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 14:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 14:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 14:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (789 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\WECPUpdate.exe (MediaCodec.Org)
O4 - HKLM..\Run: [Microsoft] C:\Program Files\Intel\IntelInf.exe ()
O4 - HKLM..\Run: [Microsoft Server Update] C:\WINDOWS\snsrv21.exe (Microsoft Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [Intel] C:\Program Files\Intel\IntelInf.exe ()
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\T\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0
O7 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1715567821-1500820517-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\560\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\560\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll (Stardock Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/26 18:16:43 | 00,000,119 | ---- | M] () - C:\AUTOEXEC.BAK -- [ NTFS ]
O32 - AutoRun File - [2009/01/26 18:16:43 | 00,000,196 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 11:18:43 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 11:18:43 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/09/15 23:20:00 | 00,000,057 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/12/30 06:40:44 | 00,000,044 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/02/28 13:57:34 | 07,214,352 | R--- | M] (Ubisoft) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/03/02 04:25:04 | 00,401,444 | R--- | M] (RAD Game Tools, Inc.) - F:\Autorun.dll -- [ UDF ]
O32 - AutoRun File - [2009/03/21 11:18:43 | 00,000,000 | RHSD | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/03/21 11:18:43 | 00,000,000 | RHSD | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/08/30 20:16:12 | 15,767,234 | R--- | M] () - I:\Autorun.dbd -- [ UDF ]
O32 - AutoRun File - [2006/08/22 22:28:47 | 00,126,976 | R--- | M] () - I:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006/08/22 22:28:47 | 00,000,043 | R--- | M] () - I:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006/08/22 22:28:47 | 00,000,367 | R--- | M] () - I:\AutoRun.ini -- [ UDF ]
O32 - AutoRun File - [2006/08/29 23:59:47 | 00,004,019 | R--- | M] () - I:\Autorun.txt -- [ UDF ]
O32 - AutoRun File - [2007/08/31 19:16:15 | 00,564,175 | R--- | M] () - K:\Autorun.dbd -- [ CDFS ]
O32 - AutoRun File - [2007/08/25 19:49:27 | 00,000,044 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/08/17 00:26:49 | 00,004,274 | R--- | M] () - K:\Autorun.txt -- [ CDFS ]
O33 - MountPoints2\{6c79382c-ea8c-11dd-bcf1-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6c79382c-ea8c-11dd-bcf1-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6c79382c-ea8c-11dd-bcf1-806d6172696f}\Shell\AutoRun\command - "" = E:\EAWXLauncher.exe -- [2006/10/04 02:18:50 | 04,272,128 | R--- | M] (LucasArts LLC)
O33 - MountPoints2\{c6e6f138-ea56-11dd-b5d3-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{c6e6f138-ea56-11dd-b5d3-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c6e6f138-ea56-11dd-b5d3-806d6172696f}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2009/02/28 13:57:34 | 07,214,352 | R--- | M] (Ubisoft)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\*.tmp files]
[2009/09/15 22:25:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\My Documents\Tom Clancy's H.A.W.X
[2009/09/15 21:52:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/09/15 21:52:43 | 00,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Play Tom Clancy's H.A.W.X.lnk
[2009/09/15 21:39:30 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2009/09/15 21:04:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/09/15 20:57:57 | 00,001,186 | ---- | C] () -- C:\Documents and Settings\T\Desktop\'Folding@Home'.lnk
[2009/09/15 19:26:13 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\T\Desktop\something.scr
[2009/09/15 00:23:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Application Data\Petroglyph
[2009/09/15 00:22:18 | 00,002,036 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Star Wars Empire at War Forces of Corruption.lnk
[2009/09/14 23:56:23 | 00,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2009/09/12 21:11:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/12 21:11:18 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/12 21:11:17 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/09/12 21:11:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Application Data\SUPERAntiSpyware.com
[2009/09/12 21:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/09/11 18:45:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Local Settings\Application Data\AskToolbar
[2009/09/11 18:43:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/09/11 18:43:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/09/11 18:43:02 | 00,000,000 | ---D | C] -- C:\Program Files\McAfee
[2009/09/11 18:43:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/09/11 16:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Desktop\Computer Science Class List
[2009/09/11 16:51:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Desktop\Mythology Folder
[2009/09/11 09:54:30 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/10 18:50:51 | 00,012,672 | ---- | C] (Windows Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys
[2009/09/10 18:50:51 | 00,000,717 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2009/09/10 18:50:51 | 00,000,000 | ---D | C] -- C:\Program Files\CPUID
[2009/09/10 18:50:48 | 00,000,226 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/09/10 18:50:47 | 00,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2009/09/10 17:09:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/09/10 16:56:15 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/08 16:52:08 | 00,405,504 | RHS- | C] (Microsoft Corporation) -- C:\Diskrun.exe
[2009/09/07 01:29:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\Desktop\dnd rules
[2009/09/07 01:27:55 | 02,316,202 | ---- | C] () -- C:\Documents and Settings\T\Desktop\SRD.zip
[2009/09/04 01:11:52 | 00,001,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights 2.lnk
[2009/09/04 01:10:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\T\My Documents\Neverwinter Nights 2
[2009/09/01 17:02:16 | 01,410,704 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\FPSPR70.ocx
[2009/09/01 17:02:16 | 00,729,161 | ---- | C] (FarPoint Technologies, Inc.) -- C:\WINDOWS\System32\fpimage.dll
[2009/09/01 17:02:16 | 00,000,000 | ---D | C] -- C:\Program Files\Respondus LockDown Browser
[2009/08/31 15:38:22 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/08/24 12:22:29 | 00,315,904 | RHS- | C] () -- C:\WINDOWS\System32\plugin.dat
[2009/08/22 13:59:24 | 00,124,596 | ---- | C] () -- C:\Documents and Settings\T\Desktop\FamilyGuy-TheFourPeters.mp3
[2009/08/20 23:25:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/19 20:59:18 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/19 20:59:11 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/07 23:54:17 | 00,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/08/07 23:54:17 | 00,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/06/01 14:38:06 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/04/20 03:20:44 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2009/02/25 02:22:28 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/01/26 18:03:04 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/01/26 17:51:05 | 00,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2009/01/26 17:51:05 | 00,064,512 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2009/01/26 17:51:05 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009/01/26 17:50:55 | 00,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2009/01/26 17:50:55 | 00,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/01/26 17:22:22 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/01/24 22:52:36 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/01/24 22:52:35 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/12/19 11:15:58 | 04,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/12/17 13:41:18 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/12/17 13:22:58 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/12/17 13:22:48 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/17 13:17:34 | 00,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/12/17 12:59:54 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/12/11 07:27:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2004/11/24 15:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/03 13:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2001/08/23 08:00:00 | 00,000,503 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/16 04:01:01 | 00,000,226 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2009/09/16 00:19:52 | 00,552,733 | -H-- | M] () -- C:\Documents and Settings\T\Application Data\logs.dat
[2009/09/15 22:25:46 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play Tom Clancy's H.A.W.X.lnk
[2009/09/15 21:22:27 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/09/15 21:02:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/15 21:02:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/15 20:57:57 | 00,001,186 | ---- | M] () -- C:\Documents and Settings\T\Desktop\'Folding@Home'.lnk
[2009/09/15 20:47:58 | 00,488,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/15 20:47:58 | 00,088,818 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/15 20:42:46 | 00,587,750 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/15 19:26:14 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\T\Desktop\something.scr
[2009/09/15 18:43:44 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/15 14:10:34 | 00,105,265 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/15 14:10:33 | 41,174,349 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/15 00:22:18 | 00,002,036 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Star Wars Empire at War Forces of Corruption.lnk
[2009/09/13 18:21:23 | 00,000,789 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/12 21:11:18 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/09/12 21:03:12 | 02,112,818 | -H-- | M] () -- C:\Documents and Settings\T\Local Settings\Application Data\IconCache.db
[2009/09/11 09:55:48 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/10 18:50:51 | 00,000,717 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CPUID CPU-Z.lnk
[2009/09/10 18:44:51 | 00,002,681 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/09/10 18:44:39 | 00,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2009/09/10 16:56:15 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/10 16:29:56 | 00,164,352 | ---- | M] () -- C:\Documents and Settings\T\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/08 16:52:01 | 00,405,504 | RHS- | M] (Microsoft Corporation) -- C:\Diskrun.exe
[2009/09/07 01:28:10 | 02,316,202 | ---- | M] () -- C:\Documents and Settings\T\Desktop\SRD.zip
[2009/09/04 01:11:52 | 00,001,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Neverwinter Nights 2.lnk
[2009/08/28 17:38:20 | 24,689,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/08/24 12:22:37 | 00,315,904 | RHS- | M] () -- C:\WINDOWS\System32\plugin.dat
[2009/08/24 10:51:47 | 00,124,596 | ---- | M] () -- C:\Documents and Settings\T\Desktop\FamilyGuy-TheFourPeters.mp3
[2009/08/20 23:35:14 | 00,017,744 | ---- | M] () -- C:\Documents and Settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/20 23:34:14 | 00,113,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/20 09:42:23 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/08/20 09:42:23 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/08/20 09:42:23 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
< End of report >
______________________________________________________________________________

:( And here's the extra.txt

OTL Extras logfile created on: 9/16/2009 12:19:35 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\T\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.46% Memory free
3.85 Gb Paging File | 3.13 Gb Available in Paging File | 81.45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 3.91 Gb Free Space | 3.05% Space Free | Partition Type: NTFS
Drive D: | 127.99 Gb Total Space | 33.07 Gb Free Space | 25.84% Space Free | Partition Type: NTFS
Drive E: | 322.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 337.77 Gb Total Space | 337.69 Gb Free Space | 99.98% Space Free | Partition Type: NTFS
Drive H: | 104.89 Gb Total Space | 5.58 Gb Free Space | 5.32% Space Free | Partition Type: NTFS
Drive I: | 3.57 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.74 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: CR0WNED
Current User Name: T
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"6112:TCP" = 6112:TCP:*:Enabled:Starcraft bnet
"6112:UDP" = 6112:UDP:*:Enabled:Starcraft bnet

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat" = C:\Program Files\EA GAMES\The Battle for Middle-earth \game.dat:*:Enabled:The Battle for Middle-earth -- ()
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth II\game.dat:*:Enabled:The Battle for Middle-earth II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Motive Communications, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe" = C:\Program Files\Microsoft Games\Dungeon Siege 2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = C:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"C:\Documents and Settings\T\My Documents\Downloads\[I-SERVE] Full Spectrum Warrior\Full Spectrum Warrior\launcher.exe" = C:\Documents and Settings\T\My Documents\Downloads\[I-SERVE] Full Spectrum Warrior\Full Spectrum Warrior\launcher.exe:*:Disabled:launcher -- File not found
"C:\Documents and Settings\T\My Documents\Downloads\[I-SERVE] Full Spectrum Warrior\Full Spectrum Warrior\launcher-cracked.exe" = C:\Documents and Settings\T\My Documents\Downloads\[I-SERVE] Full Spectrum Warrior\Full Spectrum Warrior\launcher-cracked.exe:*:Disabled:launcher-cracked -- File not found
"C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe" = C:\Program Files\Atari\Act of War - High Treason\ActOfWar_HighTreason.exe:*:Disabled:ActOfWar_HighTreason -- ()
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe" = C:\Program Files\LucasArts\Star Wars Empire at War\GameData\sweaw.exe:*:Enabled:Star Wars: Empire at War -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe" = C:\Program Files\LucasArts\Star Wars Empire at War Forces of Corruption\swfoc.exe:*:Enabled:Star Wars: Empire at War: Forces of Corruption -- (Lucasfilm Entertainment Company, Ltd.)
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX.exe:*:Enabled:Tom Clancy's H.A.W.X -- ()
"C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe" = C:\Program Files\Ubisoft\Tom Clancy's H.A.W.X\HAWX_dx10.exe:*:Enabled:Tom Clancy's H.A.W.X -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{02FB40EA-C8AC-36F7-A546-B083E00AF3AA}" = Catalyst Control Center Core Implementation
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{083F79E4-6FE9-46FB-A6C6-4F8862742947}" = ATI HYDRAVISION
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{162F8A0F-3EBF-4E2A-A37C-E8E29C261C25}" = Garmin City Navigator North America NT 2009.11 Update
"{19700927-105D-3812-8548-53EDA3F5A22D}" = Microsoft Visual Web Developer 2008 Express Edition - ENU
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{22A41202-BC5B-402D-A00A-E48906400431}" = Elys DS2 Succubus Manager
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer Red Alert 3
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth II
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3C7EEEC3-464F-3FE9-8795-3CC8B4EAD82A}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
"{4445BFF0-008A-8F5C-9D68-B0164F7E26FF}" = ccc-core-static
"{4D89AFAD-669B-514A-E150-7DA3208477DC}" = ccc-utility
"{4E47B686-8DFF-1AAD-3264-A537E2FC3833}" = Catalyst Control Center Graphics Previews Common
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7764393A-A48B-6BB2-28BC-A6B4EF3A95BC}" = Catalyst Control Center Graphics Full Existing
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{825DFF04-8FB0-3430-CB22-8725719B1A01}" = Catalyst Control Center Graphics Light
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84430565-C205-B818-7D13-052F88707F70}" = CCC Help English
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{962E05CF-3394-496D-0091-850CF1762F6B}" = The Battle for Middle-earth
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A0957C55-8281-4AC2-85A2-3A55D9F1D11E}" = -
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3D5D8C4-122F-41C3-BB03-B738601615EE}" = -
"{A563C4F4-BE36-4956-BA0B-E02BDD9F70D5}" = Dungeon Siege 2 Broken World
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.3
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B57A7B53-0662-4AC0-9352-2AE2D8212A9F}" = Garmin Communicator Plugin
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = The Lord of the Rings, The Rise of the Witch-king
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C08EBBFD-C565-472F-9354-5593B9873705}" = Act of War - High Treason
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E5147E-C9F3-4360-9ED0-2E875F11766C}" = Respondus LockDown Browser
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{C42ED117-BE81-4CC7-B5FB-02E5FD40006D}" = -
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D99667FF-4A9B-B278-9014-BEA2896F413F}" = ccc-core-preinstall
"{DBD86EB8-8536-DB02-EC42-31ED143497A8}" = Catalyst Control Center HydraVision Full
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{E9F882ED-C2B8-2716-0330-7FBA5C9C455B}" = Catalyst Control Center Graphics Full New
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Any Video Converter_is1" = Any Video Converter 2.7.1
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"Conquest: Frontier Wars 1.00" = Conquest: Frontier Wars
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.52.2
"DriverAgent.exe" = DriverAgent by eSupport.com
"DungeonSiege2" = Dungeon Siege 2
"Frets on Fire" = Frets On Fire
"GoToAssist" = GoToAssist 9.0.0.560
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Microsoft Visual Web Developer 2008 Express Edition - ENU" = Microsoft Visual Web Developer 2008 Express Edition - ENU
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PowerISO" = PowerISO
"Starcraft" = Starcraft
"SysInfo" = Creative System Information
"The Last Remnant_is1" = The Last Remnant
"Unlocker" = Unlocker 1.8.7
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WindowBlinds" = WindowBlinds
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.2
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2009 3:01:11 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 8.0.0.223, faulting module
avgsrmx.dll, version 8.0.0.223, fault address 0x00008ed9.

Error - 5/5/2009 3:01:30 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 8.0.0.223, faulting module
avgsrmx.dll, version 8.0.0.223, fault address 0x00008ed9.

Error - 5/5/2009 3:01:45 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 8.0.0.223, faulting module
avgsrmx.dll, version 8.0.0.223, fault address 0x00008ed9.

Error - 5/5/2009 11:36:58 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application avgui.exe, version 8.0.0.223, faulting module
avgsrmx.dll, version 8.0.0.223, fault address 0x00008ed9.

Error - 5/12/2009 10:49:20 PM | Computer Name = CR0WNED | Source = Application Hang | ID = 1002
Description = Hanging application wmplayer.exe, version 10.0.0.3646, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2009 12:22:44 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application starcraft.exe, version 1.16.1.1, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 5/15/2009 8:11:53 PM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
coreaac.ax, version 1.2.0.573, fault address 0x00019827.

Error - 5/15/2009 8:29:36 PM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application mplayerc.exe, version 6.4.9.1, faulting module
coreaac.ax, version 1.2.0.573, fault address 0x00019827.

Error - 5/17/2009 12:38:55 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application poweriso.exe, version 4.3.0.0, faulting module
poweriso.exe, version 4.3.0.0, fault address 0x00001e55.

Error - 5/17/2009 12:39:12 AM | Computer Name = CR0WNED | Source = Application Error | ID = 1000
Description = Faulting application poweriso.exe, version 4.3.0.0, faulting module
poweriso.exe, version 4.3.0.0, fault address 0x00001e55.

[ System Events ]
Error - 9/13/2009 9:12:23 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/13/2009 9:12:23 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/13/2009 9:17:48 PM | Computer Name = CR0WNED | Source = sptd | ID = 262148
Description = Driver detected an internal error in its data structures for .

Error - 9/13/2009 9:18:06 PM | Computer Name = CR0WNED | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/13/2009 9:20:37 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/13/2009 9:20:37 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/15/2009 7:14:54 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/15/2009 7:14:54 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/15/2009 9:03:21 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field

Error - 9/15/2009 11:50:19 PM | Computer Name = CR0WNED | Source = ati2mtag | ID = 43038
Description = EDID contain an error in the RangeLimit field


< End of report >

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:57 AM

Posted 30 September 2009 - 08:45 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 AM

Posted 09 October 2009 - 03:11 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:09:57 AM

Posted 09 October 2009 - 08:26 PM

Thread reopened at request of topic starter. :(
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 09 October 2009 - 10:05 PM

Thanks alot teacup61 you the man! :(

sorry some reason didn't get e-mail about the topic being updated Need to redo scan (forgot to disable A/V)

Edited by soulesskiller21, 09 October 2009 - 10:13 PM.


#6 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 09 October 2009 - 10:20 PM

Here we go



DDS (Ver_09-09-29.01) - NTFSx86
Run by T at 23:17:23.54 on Fri 10/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1257 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
"C:\WINDOWS\System32\svchost.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Brownie\brpjp04a.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\T\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = Yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Intel] c:\program files\intel\IntelInf.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\WECPUpdate.exe -s
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft] c:\program files\intel\IntelInf.exe
mRun: [Microsoft Server Update] c:\windows\snsrv21.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
uExplorerRun: [snserv] c:\windows\system32\sn\snsrv.exe
uExplorerRun: [Policies] c:\program files\intel\IntelInf.exe
uExplorerRun: [Misrosoft SN update] c:\windows\snsrv21.exe
mExplorerRun: [snserv] c:\windows\system32\sn\snsrv.exe
mExplorerRun: [Policies] c:\program files\intel\IntelInf.exe
mExplorerRun: [Misrosoft SN update] c:\windows\snsrv21.exe
StartupFolder: c:\docume~1\t\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {6279482C-9C7F-4FC9-AE62-A6AC7F3930DC} = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\560\G2AWinLogon.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\x7o8ka7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-24 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-24 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-26 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-10 12672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-11 92296]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-10-06 20:13 <DIR> --d--r-- c:\docume~1\t\applic~1\Brother
2009-10-06 17:45 145 a------- c:\windows\BRVIDEO.INI
2009-10-06 17:45 0 a------- c:\windows\brmx2001.ini
2009-10-06 17:44 77,824 -------- c:\windows\system32\brlmw03a.dll
2009-10-06 17:44 114 -------- c:\windows\system32\brlmw03a.ini
2009-10-06 17:44 9,853 a------- c:\windows\HL-2140.INI
2009-10-06 17:44 <DIR> --d----- c:\program files\Brownie
2009-10-06 17:44 426 a------- c:\windows\BRWMARK.INI
2009-10-06 17:44 34 a------- c:\windows\system32\bd2140.dat
2009-10-06 17:37 176,128 a------- c:\windows\system32\BROSNMP.DLL
2009-10-06 17:37 94,208 a------- c:\windows\system32\BRRBTOOL.EXE
2009-10-06 17:37 24,223 a------- c:\windows\system32\BRLM03A.DLL
2009-10-06 17:37 <DIR> --d----- c:\program files\Brother
2009-10-06 17:37 192,512 -------- c:\windows\system32\Pdrvinst.dll
2009-10-06 17:37 312 a------- c:\windows\Brownie.ini
2009-10-04 20:18 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2009-10-04 20:11 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-10-04 20:11 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-10-04 20:11 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-10-04 20:11 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-10-04 20:10 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-10-04 20:10 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-10-04 20:10 306,688 a------- c:\windows\IsUninst.exe
2009-10-04 20:10 <DIR> --d----- c:\program files\HP
2009-10-04 20:08 79,408 a------- c:\windows\hpfins05.dat
2009-10-04 20:08 1,350 -------- c:\windows\hpfmdl05.dat
2009-10-04 20:07 372,736 a------- c:\windows\system32\hpzidi01.dll
2009-10-04 20:07 77,824 a------- c:\windows\system32\hpzids01.dll
2009-09-26 23:32 <DIR> --d----- c:\program files\WebEx
2009-09-26 23:31 25,392 a------- c:\windows\system32\drivers\pnarp.sys
2009-09-26 23:31 26,672 a------- c:\windows\system32\drivers\purendis.sys
2009-09-26 23:31 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-09-26 23:27 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-26 22:11 <DIR> --d----- c:\program files\Pure Networks
2009-09-26 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-09-26 21:29 <DIR> --d----- c:\program files\Linksys
2009-09-15 20:47 4,922 a------- c:\windows\system32\PerfStringBackup.TMP
2009-09-15 00:23 <DIR> --d----- c:\docume~1\t\applic~1\Petroglyph
2009-09-14 23:56 <DIR> --d----- c:\program files\LucasArts
2009-09-13 18:19 <DIR> --d----- c:\documents and settings\t\DoctorWeb
2009-09-12 21:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-09-12 21:11 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-09-12 21:11 <DIR> --d----- c:\docume~1\t\applic~1\SUPERAntiSpyware.com
2009-09-12 21:10 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-09-11 18:43 <DIR> --d----- c:\program files\common files\McAfee
2009-09-11 18:43 <DIR> --d----- c:\program files\McAfee
2009-09-11 09:54 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-10 18:50 12,672 a------- c:\windows\system32\drivers\cpuz132_x32.sys
2009-09-10 18:50 <DIR> --d----- c:\program files\CPUID
2009-09-10 17:09 <DIR> --d----- c:\windows\pss
2009-09-10 00:17 <DIR> --dsh--- c:\documents and settings\t\IECompatCache

==================== Find3M ====================

2009-10-09 23:13 998,040 a---h--- c:\docume~1\t\applic~1\logs.dat
2009-09-15 21:22 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 16:52 405,504 ---shr-- C:\Diskrun.exe
2009-08-24 12:22 315,904 a--shr-- c:\windows\system32\plugin.dat
2009-08-20 09:42 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-14 00:27 4,485,632 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-08-13 22:28 446,464 a------- c:\windows\system32\ATIDEMGX.dll
2009-08-13 22:27 345,600 a------- c:\windows\system32\ati2dvag.dll
2009-08-13 22:10 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-08-13 22:10 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-08-13 22:09 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-08-13 22:09 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-08-13 22:09 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-08-13 22:08 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-08-13 22:06 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-08-13 22:00 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-08-13 21:58 3,492,576 a------- c:\windows\system32\ati3duag.dll
2009-08-13 21:47 12,959,744 a------- c:\windows\system32\atioglxx.dll
2009-08-13 21:42 2,081,920 a------- c:\windows\system32\ativvaxx.dll
2009-08-13 21:42 887,724 a------- c:\windows\system32\ativva6x.dat
2009-08-13 21:25 49,664 a------- c:\windows\system32\atimpc32.dll
2009-08-13 21:25 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-08-13 21:21 561,152 a------- c:\windows\system32\atikvmag.dll
2009-08-13 21:21 45,056 a------- c:\windows\system32\aticalrt.dll
2009-08-13 21:20 45,056 a------- c:\windows\system32\aticalcl.dll
2009-08-13 21:19 3,469,312 a------- c:\windows\system32\aticaldd.dll
2009-08-13 21:19 163,840 a------- c:\windows\system32\atiadlxx.dll
2009-08-13 21:18 17,408 a------- c:\windows\system32\atitvo32.dll
2009-08-13 21:17 53,248 a------- c:\windows\system32\drivers\ati2erec.dll
2009-08-13 21:17 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-08-13 21:12 614,400 a------- c:\windows\system32\ati2cqag.dll
2009-08-13 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-14 11:09 197,654 a------- c:\windows\system32\atiicdxx.dat
2009-07-13 10:08 286,720 a------- c:\windows\system32\wmpdxm.dll
2009-03-02 10:12 64,808 a------- c:\documents and settings\t\GoToAssistDownloadHelper.exe
2006-06-09 22:10 317,440 a--shr-- c:\windows\plugin.dat
2005-11-01 21:37 405,504 ---shr-- c:\windows\snsrv21.exe
2009-03-25 02:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032520090326\index.dat
2005-08-30 02:06 293,376 a--shr-- c:\windows\system32\sn\plugin.dat

============= FINISH: 23:17:53.64 ===============

Attached Files



#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 19 October 2009 - 02:57 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems just let me know in your next reply or simply post a Hijackthis log.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 20 October 2009 - 10:35 AM

Unfortunately I'm still unable to do a rootrepeal scan without getting a blue screen. As for any problems the only one's I'm noticing that are new is the slowdown in my internet. Other than that nothing new that hasn't been stated in the first post.



DDS (Ver_09-10-13.01) - NTFSx86
Run by T at 11:30:41.60 on Tue 10/20/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1225 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
"C:\WINDOWS\System32\svchost.exe"
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Brownie\BrstsWnd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brownie\brpjp04a.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\IntelInf.exe
C:\Program Files\Intel\IntelInf.exe
C:\Documents and Settings\T\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = Yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
mWinlogon: Shell=Explorer.exe "c:\program files\windowsnt\NT32.exe"
mWinlogon: Userinit=c:\windows\system32\userinit.exe,"c:\program files\windowsnt\NT32.exe",
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Steam] "c:\program files\valve\steam\steam.exe" -silent
uRun: [Microsoft] c:\program files\windowsnt\NT32.exe
uRun: [Intel] c:\program files\intel\IntelInf.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [Media Codec Update Service] c:\program files\essentials codec pack\WECPUpdate.exe -s
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Microsoft Server Update] c:\windows\snsrv21.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [BrStsWnd] c:\program files\brownie\BrstsWnd.exe Autorun
mRun: [Microsoft] c:\program files\intel\IntelInf.exe
uExplorerRun: [snserv] c:\windows\system32\sn\snsrv.exe
uExplorerRun: [Misrosoft SN update] c:\windows\snsrv21.exe
uExplorerRun: [Microsoft] c:\program files\windowsnt\NT32.exe
mExplorerRun: [snserv] c:\windows\system32\sn\snsrv.exe
mExplorerRun: [Misrosoft SN update] c:\windows\snsrv21.exe
StartupFolder: c:\docume~1\t\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: {6279482C-9C7F-4FC9-AE62-A6AC7F3930DC} = 192.168.1.254
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\560\G2AWinLogon.dll
Notify: WBSrv - c:\program files\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: wbsys.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\t\applic~1\mozilla\firefox\profiles\x7o8ka7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\microsoft silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-24 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-24 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-9-4 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-4 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-26 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-6-26 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-10 12672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-9-11 92296]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-4 7408]

=============== Created Last 30 ================

2009-10-17 11:57 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-10-14 10:44 <DIR> --d----- c:\program files\windowsnt
2009-10-10 22:04 <DIR> --d----- c:\program files\Valve
2009-10-06 20:13 <DIR> --d--r-- c:\docume~1\t\applic~1\Brother
2009-10-06 17:45 145 a------- c:\windows\BRVIDEO.INI
2009-10-06 17:45 0 a------- c:\windows\brmx2001.ini
2009-10-06 17:44 77,824 -------- c:\windows\system32\brlmw03a.dll
2009-10-06 17:44 114 -------- c:\windows\system32\brlmw03a.ini
2009-10-06 17:44 9,853 a------- c:\windows\HL-2140.INI
2009-10-06 17:44 <DIR> --d----- c:\program files\Brownie
2009-10-06 17:44 426 a------- c:\windows\BRWMARK.INI
2009-10-06 17:44 34 a------- c:\windows\system32\bd2140.dat
2009-10-06 17:37 176,128 a------- c:\windows\system32\BROSNMP.DLL
2009-10-06 17:37 94,208 a------- c:\windows\system32\BRRBTOOL.EXE
2009-10-06 17:37 24,223 a------- c:\windows\system32\BRLM03A.DLL
2009-10-06 17:37 <DIR> --d----- c:\program files\Brother
2009-10-06 17:37 192,512 -------- c:\windows\system32\Pdrvinst.dll
2009-10-06 17:37 312 a------- c:\windows\Brownie.ini
2009-10-04 20:18 37,376 a------- c:\windows\system32\hpz3l3xu.dll
2009-10-04 20:11 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-10-04 20:11 69,632 a------- c:\windows\system32\HPZipm12.exe
2009-10-04 20:11 61,440 a------- c:\windows\system32\HPZinw12.exe
2009-10-04 20:11 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-10-04 20:10 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-10-04 20:10 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-10-04 20:10 306,688 a------- c:\windows\IsUninst.exe
2009-10-04 20:10 <DIR> --d----- c:\program files\HP
2009-10-04 20:08 79,408 a------- c:\windows\hpfins05.dat
2009-10-04 20:08 1,350 -------- c:\windows\hpfmdl05.dat
2009-10-04 20:07 372,736 a------- c:\windows\system32\hpzidi01.dll
2009-10-04 20:07 77,824 a------- c:\windows\system32\hpzids01.dll
2009-09-26 23:32 <DIR> --d----- c:\program files\WebEx
2009-09-26 23:31 25,392 a------- c:\windows\system32\drivers\pnarp.sys
2009-09-26 23:31 26,672 a------- c:\windows\system32\drivers\purendis.sys
2009-09-26 23:31 <DIR> --d----- c:\program files\common files\Pure Networks Shared
2009-09-26 23:27 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-26 22:11 <DIR> --d----- c:\program files\Pure Networks
2009-09-26 22:10 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Pure Networks
2009-09-26 21:29 <DIR> --d----- c:\program files\Linksys

==================== Find3M ====================

2009-09-15 21:22 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-09-11 10:18 136,192 a------- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-08 16:52 405,504 ---shr-- C:\Diskrun.exe
2009-09-04 17:03 58,880 a------- c:\windows\system32\msasn1.dll
2009-08-29 04:08 916,480 a------- c:\windows\system32\wininet.dll
2009-08-26 04:00 247,326 a------- c:\windows\system32\strmdll.dll
2009-08-24 12:22 315,904 a--shr-- c:\windows\system32\plugin.dat
2009-08-20 09:42 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-08-13 22:28 446,464 a------- c:\windows\system32\ATIDEMGX.dll
2009-08-13 22:27 345,600 a------- c:\windows\system32\ati2dvag.dll
2009-08-13 22:10 204,800 a------- c:\windows\system32\atipdlxx.dll
2009-08-13 22:10 155,648 a------- c:\windows\system32\Oemdspif.dll
2009-08-13 22:09 26,112 a------- c:\windows\system32\Ati2mdxx.exe
2009-08-13 22:09 43,520 a------- c:\windows\system32\ati2edxx.dll
2009-08-13 22:09 155,648 a------- c:\windows\system32\ati2evxx.dll
2009-08-13 22:08 602,112 a------- c:\windows\system32\ati2evxx.exe
2009-08-13 22:06 53,248 a------- c:\windows\system32\ATIDDC.DLL
2009-08-13 22:00 311,296 a------- c:\windows\system32\atiiiexx.dll
2009-08-13 21:58 3,492,576 a------- c:\windows\system32\ati3duag.dll
2009-08-13 21:47 12,959,744 a------- c:\windows\system32\atioglxx.dll
2009-08-13 21:42 2,081,920 a------- c:\windows\system32\ativvaxx.dll
2009-08-13 21:42 887,724 a------- c:\windows\system32\ativva6x.dat
2009-08-13 21:25 49,664 a------- c:\windows\system32\atimpc32.dll
2009-08-13 21:25 49,664 a------- c:\windows\system32\amdpcom32.dll
2009-08-13 21:21 561,152 a------- c:\windows\system32\atikvmag.dll
2009-08-13 21:21 45,056 a------- c:\windows\system32\aticalrt.dll
2009-08-13 21:20 45,056 a------- c:\windows\system32\aticalcl.dll
2009-08-13 21:19 3,469,312 a------- c:\windows\system32\aticaldd.dll
2009-08-13 21:19 163,840 a------- c:\windows\system32\atiadlxx.dll
2009-08-13 21:18 17,408 a------- c:\windows\system32\atitvo32.dll
2009-08-13 21:17 376,832 a------- c:\windows\system32\atiok3x2.dll
2009-08-13 21:12 614,400 a------- c:\windows\system32\ati2cqag.dll
2009-08-13 21:05 593,920 -------- c:\windows\system32\ati2sgag.exe
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-08-04 11:13 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-08-04 10:20 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-07-29 00:37 119,808 a------- c:\windows\system32\t2embed.dll
2009-07-29 00:37 81,920 a------- c:\windows\system32\fontsub.dll
2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-03-02 10:12 64,808 a------- c:\documents and settings\t\GoToAssistDownloadHelper.exe
2005-11-22 04:16 337,682 ----h--- c:\docume~1\t\applic~1\logs.dat
2006-06-09 22:10 317,440 a--shr-- c:\windows\plugin.dat
2005-11-01 21:37 405,504 ---shr-- c:\windows\snsrv21.exe
2009-03-25 02:48 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032520090326\index.dat
2005-08-30 02:06 293,376 a--shr-- c:\windows\system32\sn\plugin.dat

============= FINISH: 11:31:28.60 ===============

Attached Files



#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 20 October 2009 - 03:00 PM

Hello.

Try GMER. I want to see a rootkit scan incase there are anything nasty hiding.

Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 21 October 2009 - 09:51 AM

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-10-21 10:50:19
Windows 5.1.2600 Service Pack 3
Running: oi1ivvld.exe; Driver: C:\DOCUME~1\T\LOCALS~1\Temp\awrdqpob.sys


---- System - GMER 1.0.15 ----

SSDT spxw.sys ZwCreateKey [0xB9EA80E0]
SSDT spxw.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spxw.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spxw.sys ZwOpenKey [0xB9EA80C0]
SSDT spxw.sys ZwQueryKey [0xB9EC7108]
SSDT spxw.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spxw.sys ZwSetValueKey [0xB9EC719A]

INT 0x62 ? 8A712BF8
INT 0x63 ? 8A557BF8
INT 0x73 ? 8A712BF8
INT 0x82 ? 8A712BF8
INT 0x83 ? 8A712BF8
INT 0xB4 ? 8A557BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8A7111F8
Device \FileSystem\Fastfat \FatCdrom 88AC01F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBPDO-0 8A4E21F8
Device \Driver\PCI_PNP2158 \Device\00000051 spxw.sys
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A7131F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A7131F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A7131F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A7131F8
Device \Driver\usbehci \Device\USBPDO-1 8A4E01F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A6A51F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A6A51F8
Device \Driver\Cdrom \Device\CdRom0 8A47F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume3 8A6A51F8
Device \Driver\Cdrom \Device\CdRom1 8A47F1F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 8A6A51F8
Device \Driver\Cdrom \Device\CdRom2 8A47F1F8
Device \Driver\nvata \Device\00000074 8A7121F8
Device \Driver\Cdrom \Device\CdRom3 8A47F1F8
Device \Driver\nvata \Device\00000075 8A7121F8
Device \Driver\Cdrom \Device\CdRom4 8A47F1F8
Device \Driver\nvata \Device\00000076 8A7121F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{6279482C-9C7F-4FC9-AE62-A6AC7F3930DC} 8A41E500
Device \Driver\NetBT \Device\NetBt_Wins_Export 8A41E500
Device \Driver\nvata \Device\00000079 8A7121F8
Device \Driver\NetBT \Device\NetbiosSmb 8A41E500

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbohci \Device\USBFDO-0 8A4E21F8
Device \Driver\usbehci \Device\USBFDO-1 8A4E01F8
Device \Driver\nvata \Device\NvAta0 8A7121F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A363500
Device \Driver\nvata \Device\NvAta1 8A7121F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A363500
Device \Driver\nvata \Device\NvAta2 8A7121F8
Device \Driver\sptd \Device\2593267158 spxw.sys
Device \Driver\Ftdisk \Device\FtControl 8A6A51F8
Device \Driver\ab7eycj2 \Device\Scsi\ab7eycj21Port3Path0Target2Lun0 8A3EF1F8
Device \Driver\ab7eycj2 \Device\Scsi\ab7eycj21Port3Path0Target1Lun0 8A3EF1F8
Device \Driver\ab7eycj2 \Device\Scsi\ab7eycj21Port3Path0Target0Lun0 8A3EF1F8
Device \Driver\ab7eycj2 \Device\Scsi\ab7eycj21 8A3EF1F8
Device \FileSystem\Fastfat \Fat 88AC01F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8901A500

---- EOF - GMER 1.0.15 ----

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 21 October 2009 - 03:13 PM

Hello.

The GMER log looks fine. Most of those are CD Emulators.

I want you to run a scan with Combofix post the log once done.

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 22 October 2009 - 01:01 AM

ComboFix 09-10-20.03 - T 10/22/2009 1:46.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1377 [GMT -4:00]
Running from: c:\documents and settings\T\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\T\Application Data\Desktopicon
C:\drivers
c:\drivers\Chipset_WINXP32_V665.rar
c:\windows\system32\Data
c:\windows\system32\plugin.dat

.
((((((((((((((((((((((((( Files Created from 2009-09-22 to 2009-10-22 )))))))))))))))))))))))))))))))
.

2009-10-20 23:10 . 2009-10-20 23:10 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-20 23:10 . 2009-10-20 23:10 -------- d-----w- c:\windows\system32\AGEIA
2009-10-20 23:10 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-20 23:10 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-20 23:10 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-20 23:09 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-20 23:09 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-20 23:09 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-20 23:09 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-17 15:57 . 2009-10-17 15:57 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-17 15:57 . 2009-10-17 15:57 -------- d-----w- c:\documents and settings\T\Application Data\SystemRequirementsLab
2009-10-14 14:44 . 2009-10-14 14:44 -------- d-----w- c:\program files\windowsnt
2009-10-11 02:04 . 2009-10-11 02:04 -------- d-----w- c:\program files\Valve
2009-10-07 00:13 . 2009-10-07 00:13 -------- d-----r- c:\documents and settings\T\Application Data\Brother
2009-10-06 21:44 . 2004-08-10 04:42 77824 ------w- c:\windows\system32\brlmw03a.dll
2009-10-06 21:44 . 2009-10-06 21:44 -------- d-----w- c:\program files\Brownie
2009-10-06 21:44 . 2009-10-06 21:44 34 ----a-w- c:\windows\system32\bd2140.dat
2009-10-06 21:37 . 2009-10-06 21:44 -------- d-----w- c:\program files\Brother
2009-10-06 21:37 . 2007-08-19 16:34 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2009-10-06 21:37 . 2007-04-24 05:30 192512 ------w- c:\windows\system32\Pdrvinst.dll
2009-10-06 21:37 . 2006-12-21 02:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2009-10-06 21:37 . 2004-09-23 15:00 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2009-10-05 21:54 . 2009-10-05 21:58 -------- d-----w- c:\documents and settings\T\Application Data\U3
2009-10-05 00:18 . 2005-05-11 00:49 37376 ----a-w- c:\windows\system32\hpz3l3xu.dll
2009-10-05 00:12 . 2009-10-05 00:12 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-05 00:12 . 2009-10-05 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-05 00:11 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-05 00:11 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-05 00:11 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-05 00:11 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-05 00:10 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-05 00:10 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-05 00:10 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-05 00:10 . 2009-10-05 00:12 -------- d-----w- c:\program files\HP
2009-10-05 00:08 . 2009-10-05 00:18 79408 ----a-w- c:\windows\hpfins05.dat
2009-10-05 00:08 . 2005-07-15 22:15 1350 ------w- c:\windows\hpfmdl05.dat
2009-10-05 00:07 . 2009-10-05 00:07 -------- d-----w- c:\documents and settings\T\Application Data\HP
2009-10-05 00:07 . 2005-04-28 01:38 372736 ----a-w- c:\windows\system32\hpzidi01.dll
2009-10-05 00:07 . 2005-04-28 01:37 77824 ----a-w- c:\windows\system32\hpzids01.dll
2009-09-27 03:32 . 2009-09-27 03:32 -------- d-----w- c:\program files\WebEx
2009-09-27 03:31 . 2009-07-07 18:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-27 03:31 . 2009-07-07 18:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-27 03:31 . 2009-09-27 03:31 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-27 03:27 . 2009-09-27 03:27 -------- d-----w- c:\windows\system32\LogFiles
2009-09-27 02:11 . 2009-09-27 02:11 -------- d-----w- c:\program files\Pure Networks
2009-09-27 02:10 . 2009-09-27 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-27 01:29 . 2009-09-27 02:28 -------- d-----w- c:\program files\Linksys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-22 05:52 . 2009-01-27 04:20 -------- d-----w- c:\documents and settings\T\Application Data\DNA
2009-10-22 05:42 . 2009-01-27 04:20 -------- d-----w- c:\program files\DNA
2009-10-20 23:10 . 2009-09-13 01:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-09 23:40 . 2009-01-27 04:20 -------- d-----w- c:\documents and settings\T\Application Data\BitTorrent
2009-10-06 21:37 . 2009-01-25 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-01 18:59 . 2009-01-26 22:06 18192 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-30 21:02 . 2009-08-05 23:30 -------- d-----w- c:\program files\PERIMETER GOLD
2009-09-30 20:52 . 2009-08-08 03:47 -------- d-----w- c:\program files\Atari
2009-09-27 03:32 . 2009-09-27 02:10 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-09-16 01:39 . 2009-09-16 01:39 -------- d-----w- c:\program files\Ubisoft
2009-09-16 01:22 . 2009-04-01 19:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-16 01:04 . 2009-09-16 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-16 01:00 . 2009-01-26 22:01 -------- d-----w- c:\program files\ATI Technologies
2009-09-15 23:20 . 2009-09-15 23:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 04:23 . 2009-09-15 04:23 -------- d-----w- c:\documents and settings\T\Application Data\Petroglyph
2009-09-15 04:17 . 2009-09-15 03:56 -------- d-----w- c:\program files\LucasArts
2009-09-15 01:30 . 2009-09-11 22:43 -------- d-----w- c:\program files\McAfee
2009-09-13 01:20 . 2009-09-13 01:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\documents and settings\T\Application Data\SUPERAntiSpyware.com
2009-09-12 02:26 . 2009-03-29 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 22:46 . 2009-09-11 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-11 22:46 . 2009-09-11 22:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:50 . 2009-09-10 22:50 -------- d-----w- c:\program files\CPUID
2009-09-10 18:54 . 2009-03-29 19:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-29 19:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 20:52 . 2009-09-08 20:52 405504 --sh--r- C:\Diskrun.exe
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 00:36 . 2009-03-12 19:53 -------- d-----w- c:\program files\ATI
2009-09-01 21:02 . 2009-09-01 21:02 -------- d-----w- c:\program files\Respondus LockDown Browser
2009-08-29 08:08 . 2006-06-23 16:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2009-01-26 21:18 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:42 . 2009-02-24 07:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 13:42 . 2009-02-24 07:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 13:42 . 2009-02-24 07:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 04:27 . 2006-01-25 03:52 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-02-04 04:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2006-01-25 03:52 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2006-01-25 03:47 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2006-01-25 03:47 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2006-01-25 03:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2006-01-25 03:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2006-01-25 03:46 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2006-01-25 03:45 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2006-01-25 03:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-01-26 22:01 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2006-01-25 03:36 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2006-01-25 03:13 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2006-01-25 03:30 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2009-02-04 04:13 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2009-02-04 04:13 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-08-14 01:25 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2009-02-04 03:58 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2006-01-25 03:16 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-02-04 02:40 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2009-02-04 03:53 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2006-01-25 03:16 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2006-01-25 03:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2009-02-04 05:03 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2006-01-25 03:10 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-14 01:05 . 2009-01-26 22:01 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-10 22:41 . 2009-08-10 22:41 0 ----a-w- c:\windows\PowerReg.dat
2009-08-08 03:54 . 2009-08-08 03:54 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-08-08 03:54 . 2009-08-08 03:54 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-06 23:24 . 2009-01-26 21:28 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2009-01-26 21:28 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-01-26 21:28 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2009-01-26 21:18 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2009-01-26 21:17 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2009-01-26 21:28 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-01-26 21:18 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-01-26 21:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2001-08-23 12:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-25 09:23 . 2009-02-18 03:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2006-06-10 02:10 . 2006-06-10 02:10 317440 --sha-r- c:\windows\plugin.dat
2005-11-02 01:37 . 2005-11-02 01:37 405504 --sh--r- c:\windows\snsrv21.exe
2005-08-30 06:06 . 2005-08-30 06:06 293376 --sha-r- c:\windows\system32\sn\plugin.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-27 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-11 1217784]
"Intel"="c:\program files\Intel\IntelInf.exe" [2005-08-12 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 196608]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Microsoft Server Update"="c:\windows\snsrv21.exe" [2005-11-02 405504]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Misrosoft SN update"="c:\windows\snsrv21.exe" [2005-11-02 405504]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Misrosoft SN update"="c:\windows\snsrv21.exe" [2005-11-02 405504]
"Microsoft"="c:\program files\windowsnt\NT32.exe" [2009-10-14 204800]

c:\documents and settings\T\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-02 14:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\560\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-01 08:11 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 13:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\watergod\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Starcraft bnet
"6112:UDP"= 6112:UDP:Starcraft bnet

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 3:09 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 3:09 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/26/2009 3:18 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/26/2009 3:18 PM 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/10/2009 6:50 PM 12672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/11/2009 6:43 PM 92296]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2W10I2R1-FLG4-OHW5-40DI-703CF1N44024}]
c:\program files\Intel\IntelInf.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = Yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: {6279482C-9C7F-4FC9-AE62-A6AC7F3930DC} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\x7o8ka7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKLM-Explorer_Run-snserv - c:\windows\system32\sn\snsrv.exe
HKCU-Explorer_Run-snserv - c:\windows\system32\sn\snsrv.exe
AddRemove-KB913433 - c:\windows\System32\MacroMed\Flash\genuinst.exe
AddRemove-{B931FB80-537A-4600-00AD-AC5DEDB6C25B} - c:\program files\Electronic Arts\The Lord of the Rings



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-22 01:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:0d,b0,02,5b,3c,cf,d8,6f,c7,28,bf,f7,2d,a2,c0,8a,a1,a0,c0,06,62,df,91,
03,a3,18,65,1a,01,d6,5f,e7,c7,3f,61,1f,59,1e,72,eb,32,d5,fc,5f,2d,73,fc,87,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7b,cc,03,1b,93,90,3c,9d,f4,03,0c,8b,33,bd,a6,b0,3f,63,f8,55,53,
d7,4e,45,27,81,9b,c0,da,36,d8,b7,e2,92,0f,07,bb,7c,13,ca,37,62,e2,cc,7c,a2,\
"rkeysecu"=hex:1e,9f,c5,87,13,a3,45,9c,51,b5,ef,41,b8,c1,49,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\560\G2AWinLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-10-22 1:57
ComboFix-quarantined-files.txt 2009-10-22 05:57
ComboFix2.txt 2009-03-20 21:20

Pre-Run: 11,704,684,544 bytes free
Post-Run: 12,129,935,360 bytes free

- - End Of File - - D54841E7572B4637506F3026CC9C28E3

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 23 October 2009 - 03:03 PM

Hello.

Run ComboFix with CFScript

We will run ComboFix again. This time it will be slightly different from the initial run.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    http://www.bleepingcomputer.com/forums/t/258075/help-cleaning-pc/
    Collect::[68]
    c:\windows\snsrv21.exe
    c:\program files\windowsnt\NT32.exe
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Microsoft Server Update"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Misrosoft SN update"=-
    [HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
    "Misrosoft SN update"=-
    "Microsoft"=-
    DirLook::
    c:\program files\windowsnt
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
  • Refering to the picture above, drag CFScript into ComboFix.exe.
  • When finished, it shall produce a log for you at "C:\ComboFix.txt"
  • Please post the contents of the Combofix log in your next reply.
Upload Samples by ComboFix

When Combofix finishes running, the ComboFix log will open along with a message box. With the above script, ComboFix captured some files to submit for analysis.
  • Important: Ensure you are connected to the internet before clicking OK on the message box.
  • A blue-screen would appear auto-uploading the zipped file I requested.
  • After the uploading is done you should see a message near the bottom saying "Upload was Succesfull".
**NOTE**
=================
  • IF for some reason Combofix fails to upload anything please do the following:
  • Go to Start >> My Computer > C:\
  • Then Navigate to the C:\Qoobox\Quarantine folder.
  • Find the archive zip file called "[68]-Submit_Date_Time.zip"
  • Simply go to This Channel and upload the submit.zip archive file to me.
  • Follow the instructions on that page to copy/paste/send the requested file.

Let me know how it goes and if the upload went successfully or not in your next reply.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 soulesskiller21

soulesskiller21
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:57 AM

Posted 23 October 2009 - 08:02 PM

It successfully uploaded. The combofix wanted me to update it I hit no so if i need to I can do another scan.


ComboFix 09-10-20.03 - T 10/23/2009 20:23.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1242 [GMT -4:00]
Running from: c:\documents and settings\T\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\T\Desktop\CFSCript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

file zipped: c:\program files\windowsnt\NT32.exe
file zipped: c:\windows\snsrv21.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\windowsnt\NT32.exe
c:\windows\snsrv21.exe

.
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.

2009-10-23 19:02 . 2009-10-23 19:02 70672 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-23 14:24 . 2009-10-23 14:24 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-10-23 14:24 . 2009-10-23 14:24 -------- d-----w- c:\windows\system32\xlive
2009-10-23 04:08 . 2009-10-23 18:51 -------- d-----w- c:\windows\LastGood
2009-10-23 03:06 . 2009-10-23 04:06 25 ----a-w- c:\windows\popcinfot.dat
2009-10-20 23:10 . 2009-10-20 23:10 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-20 23:10 . 2009-10-20 23:10 -------- d-----w- c:\windows\system32\AGEIA
2009-10-20 23:10 . 2009-03-09 19:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-10-20 23:10 . 2009-03-09 19:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-10-20 23:10 . 2009-03-09 19:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-10-20 23:09 . 2009-03-16 18:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-10-20 23:09 . 2009-03-16 18:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-10-20 23:09 . 2009-03-16 18:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-10-20 23:09 . 2009-03-16 18:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll
2009-10-17 15:57 . 2009-10-17 15:57 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-17 15:57 . 2009-10-17 15:57 -------- d-----w- c:\documents and settings\T\Application Data\SystemRequirementsLab
2009-10-14 14:44 . 2009-10-24 00:29 -------- d-----w- c:\program files\windowsnt
2009-10-11 02:04 . 2009-10-11 02:04 -------- d-----w- c:\program files\Valve
2009-10-07 00:13 . 2009-10-07 00:13 -------- d-----r- c:\documents and settings\T\Application Data\Brother
2009-10-06 21:44 . 2004-08-10 04:42 77824 ------w- c:\windows\system32\brlmw03a.dll
2009-10-06 21:44 . 2009-10-06 21:44 -------- d-----w- c:\program files\Brownie
2009-10-06 21:44 . 2009-10-06 21:44 34 ----a-w- c:\windows\system32\bd2140.dat
2009-10-06 21:37 . 2009-10-06 21:44 -------- d-----w- c:\program files\Brother
2009-10-06 21:37 . 2007-08-19 16:34 94208 ----a-w- c:\windows\system32\BRRBTOOL.EXE
2009-10-06 21:37 . 2007-04-24 05:30 192512 ------w- c:\windows\system32\Pdrvinst.dll
2009-10-06 21:37 . 2006-12-21 02:23 176128 ----a-w- c:\windows\system32\BROSNMP.DLL
2009-10-06 21:37 . 2004-09-23 15:00 24223 ----a-w- c:\windows\system32\BRLM03A.DLL
2009-10-05 21:54 . 2009-10-05 21:58 -------- d-----w- c:\documents and settings\T\Application Data\U3
2009-10-05 00:18 . 2005-05-11 00:49 37376 ----a-w- c:\windows\system32\hpz3l3xu.dll
2009-10-05 00:12 . 2009-10-05 00:12 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-05 00:12 . 2009-10-05 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-05 00:11 . 2004-09-29 16:14 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2009-10-05 00:11 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2009-10-05 00:11 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2009-10-05 00:11 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-05 00:10 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2009-10-05 00:10 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2009-10-05 00:10 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2009-10-05 00:10 . 2009-10-05 00:12 -------- d-----w- c:\program files\HP
2009-10-05 00:08 . 2009-10-05 00:18 79408 ----a-w- c:\windows\hpfins05.dat
2009-10-05 00:08 . 2005-07-15 22:15 1350 ------w- c:\windows\hpfmdl05.dat
2009-10-05 00:07 . 2009-10-05 00:07 -------- d-----w- c:\documents and settings\T\Application Data\HP
2009-10-05 00:07 . 2005-04-28 01:38 372736 ----a-w- c:\windows\system32\hpzidi01.dll
2009-10-05 00:07 . 2005-04-28 01:37 77824 ----a-w- c:\windows\system32\hpzids01.dll
2009-09-27 03:32 . 2009-09-27 03:32 -------- d-----w- c:\program files\WebEx
2009-09-27 03:31 . 2009-07-07 18:48 25392 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-09-27 03:31 . 2009-07-07 18:48 26672 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-09-27 03:31 . 2009-09-27 03:31 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-09-27 03:27 . 2009-09-27 03:27 -------- d-----w- c:\windows\system32\LogFiles
2009-09-27 02:11 . 2009-09-27 02:11 -------- d-----w- c:\program files\Pure Networks
2009-09-27 02:10 . 2009-09-27 03:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-09-27 01:29 . 2009-09-27 02:28 -------- d-----w- c:\program files\Linksys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-24 00:26 . 2009-01-27 04:20 -------- d-----w- c:\documents and settings\T\Application Data\DNA
2009-10-24 00:21 . 2009-01-27 04:20 -------- d-----w- c:\documents and settings\T\Application Data\BitTorrent
2009-10-23 19:03 . 2009-01-26 22:06 18192 ----a-w- c:\documents and settings\T\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-23 04:08 . 2009-09-11 22:43 -------- d-----w- c:\program files\McAfee
2009-10-22 05:42 . 2009-01-27 04:20 -------- d-----w- c:\program files\DNA
2009-10-20 23:10 . 2009-09-13 01:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-06 21:37 . 2009-01-25 02:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 21:02 . 2009-08-05 23:30 -------- d-----w- c:\program files\PERIMETER GOLD
2009-09-30 20:52 . 2009-08-08 03:47 -------- d-----w- c:\program files\Atari
2009-09-27 03:32 . 2009-09-27 02:10 8892928 ----a-w- c:\documents and settings\All Users\Application Data\atscie.msi
2009-09-16 01:39 . 2009-09-16 01:39 -------- d-----w- c:\program files\Ubisoft
2009-09-16 01:22 . 2009-04-01 19:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-09-16 01:04 . 2009-09-16 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-09-16 01:00 . 2009-01-26 22:01 -------- d-----w- c:\program files\ATI Technologies
2009-09-15 23:20 . 2009-09-15 23:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2009-09-15 04:23 . 2009-09-15 04:23 -------- d-----w- c:\documents and settings\T\Application Data\Petroglyph
2009-09-15 04:17 . 2009-09-15 03:56 -------- d-----w- c:\program files\LucasArts
2009-09-13 01:20 . 2009-09-13 01:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-13 01:11 . 2009-09-13 01:11 -------- d-----w- c:\documents and settings\T\Application Data\SUPERAntiSpyware.com
2009-09-12 02:26 . 2009-03-29 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-11 22:46 . 2009-09-11 22:46 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SACore
2009-09-11 22:46 . 2009-09-11 22:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-11 22:43 . 2009-09-11 22:43 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-11 14:18 . 2001-08-23 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 22:50 . 2009-09-10 22:50 -------- d-----w- c:\program files\CPUID
2009-09-10 18:54 . 2009-03-29 19:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-03-29 19:44 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 20:52 . 2009-09-08 20:52 405504 --sh--r- C:\Diskrun.exe
2009-09-04 21:03 . 2001-08-23 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 00:36 . 2009-03-12 19:53 -------- d-----w- c:\program files\ATI
2009-09-01 21:02 . 2009-09-01 21:02 -------- d-----w- c:\program files\Respondus LockDown Browser
2009-08-29 08:08 . 2006-06-23 16:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2009-01-26 21:18 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-20 13:42 . 2009-02-24 07:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 13:42 . 2009-02-24 07:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 13:42 . 2009-02-24 07:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 04:27 . 2006-01-25 03:52 4485632 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-08-14 02:28 . 2009-02-04 04:56 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-08-14 02:27 . 2006-01-25 03:52 345600 ----a-w- c:\windows\system32\ati2dvag.dll
2009-08-14 02:10 . 2006-01-25 03:47 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-08-14 02:10 . 2006-01-25 03:47 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-08-14 02:09 . 2006-01-25 03:46 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-08-14 02:09 . 2006-01-25 03:46 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-08-14 02:09 . 2006-01-25 03:46 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-08-14 02:08 . 2006-01-25 03:45 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-08-14 02:06 . 2006-01-25 03:44 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-08-14 02:00 . 2009-01-26 22:01 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-08-14 01:58 . 2006-01-25 03:36 3492576 ----a-w- c:\windows\system32\ati3duag.dll
2009-08-14 01:47 . 2006-01-25 03:13 12959744 ----a-w- c:\windows\system32\atioglxx.dll
2009-08-14 01:42 . 2006-01-25 03:30 2081920 ----a-w- c:\windows\system32\ativvaxx.dll
2009-08-14 01:42 . 2009-02-04 04:13 887724 ----a-w- c:\windows\system32\ativva6x.dat
2009-08-14 01:42 . 2009-02-04 04:13 3 ----a-w- c:\windows\system32\ativva5x.dat
2009-08-14 01:25 . 2009-08-14 01:25 49664 ----a-w- c:\windows\system32\atimpc32.dll
2009-08-14 01:25 . 2009-02-04 03:58 49664 ----a-w- c:\windows\system32\amdpcom32.dll
2009-08-14 01:21 . 2006-01-25 03:16 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-08-14 01:21 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-08-14 01:20 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-08-14 01:19 . 2009-02-04 02:40 3469312 ----a-w- c:\windows\system32\aticaldd.dll
2009-08-14 01:19 . 2009-02-04 03:53 163840 ----a-w- c:\windows\system32\atiadlxx.dll
2009-08-14 01:18 . 2006-01-25 03:16 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-08-14 01:17 . 2006-01-25 03:15 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-08-14 01:17 . 2009-02-04 05:03 376832 ----a-w- c:\windows\system32\atiok3x2.dll
2009-08-14 01:12 . 2006-01-25 03:10 614400 ----a-w- c:\windows\system32\ati2cqag.dll
2009-08-14 01:05 . 2009-01-26 22:01 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-08-10 22:41 . 2009-08-10 22:41 0 ----a-w- c:\windows\PowerReg.dat
2009-08-08 03:54 . 2009-08-08 03:54 18048 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-08-08 03:54 . 2009-08-08 03:54 165376 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-06 23:24 . 2009-01-26 21:28 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2009-01-26 21:28 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2009-01-26 21:28 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2008-10-16 19:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2009-01-26 21:18 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2009-01-26 21:17 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2009-01-26 21:28 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2009-01-26 21:18 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2009-01-26 21:51 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2001-08-23 12:00 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2001-08-17 13:48 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-29 04:37 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2006-06-10 02:10 . 2006-06-10 02:10 317440 --sha-r- c:\windows\plugin.dat
2005-08-30 06:06 . 2005-08-30 06:06 293376 --sha-r- c:\windows\system32\sn\plugin.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\windowsnt ----

2009-10-14 14:44 . 2009-10-22 05:37 479331 ---ha-w- c:\program files\windowsnt\winupdatelog.txt
2009-10-14 14:44 . 2009-10-14 14:44 204800 ----a-w- c:\program files\windowsnt\NT32.exe


((((((((((((((((((((((((((((( SnapShot@2009-10-22_05.55.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-03-24 00:26 . 2008-07-30 11:20 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2009-03-24 00:26 . 2008-07-31 14:41 68616 c:\windows\system32\XAPOFX1_1.dll
+ 2001-08-23 12:00 . 2009-10-23 19:01 88818 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-10-14 03:41 88818 c:\windows\system32\perfc009.dat
+ 2009-10-23 14:23 . 2005-12-05 23:07 61136 c:\windows\LastGood\system32\xinput9_1_0.dll
+ 2009-10-23 14:23 . 2007-04-04 23:53 81768 c:\windows\LastGood\system32\xinput1_3.dll
+ 2009-10-23 14:23 . 2006-07-28 14:30 62744 c:\windows\LastGood\system32\xinput1_2.dll
+ 2009-10-23 14:23 . 2006-03-31 17:39 62672 c:\windows\LastGood\system32\xinput1_1.dll
+ 2009-10-23 18:51 . 2009-03-16 18:18 69448 c:\windows\LastGood\system32\XAPOFX1_3.dll
+ 2009-10-23 18:51 . 2008-10-27 15:04 70992 c:\windows\LastGood\system32\XAPOFX1_2.dll
+ 2009-10-23 14:23 . 2008-07-30 11:20 68616 c:\windows\LastGood\system32\XAPOFX1_1.dll
+ 2009-10-23 14:23 . 2008-05-30 19:17 65032 c:\windows\LastGood\system32\XAPOFX1_0.dll
+ 2009-10-23 18:51 . 2009-03-16 18:18 22360 c:\windows\LastGood\system32\X3DAudio1_6.dll
+ 2009-10-23 18:51 . 2008-10-27 15:04 23376 c:\windows\LastGood\system32\X3DAudio1_5.dll
+ 2009-10-23 14:23 . 2008-05-30 19:17 25608 c:\windows\LastGood\system32\X3DAudio1_4.dll
+ 2009-10-23 14:23 . 2008-03-05 21:00 25608 c:\windows\LastGood\system32\X3DAudio1_3.dll
+ 2009-10-23 14:23 . 2007-10-22 08:37 17928 c:\windows\LastGood\system32\x3daudio1_2.dll
+ 2009-10-23 14:23 . 2007-03-05 17:42 15128 c:\windows\LastGood\system32\x3daudio1_1.dll
+ 2009-10-23 14:23 . 2006-02-03 13:41 14032 c:\windows\LastGood\system32\x3daudio1_0.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2009-10-14 03:41 . 2009-10-14 03:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2008-10-28 21:19 . 2008-10-28 21:19 134144 c:\windows\system32\xlive\sqmapi.dll
- 2009-03-24 00:26 . 2008-07-30 11:20 509448 c:\windows\system32\XAudio2_2.dll
+ 2009-03-24 00:26 . 2008-07-31 14:40 509448 c:\windows\system32\XAudio2_2.dll
- 2009-03-24 00:26 . 2008-07-30 11:20 238088 c:\windows\system32\xactengine3_2.dll
+ 2009-03-24 00:26 . 2008-07-31 14:41 238088 c:\windows\system32\xactengine3_2.dll
+ 2001-08-23 12:00 . 2009-10-23 19:01 488140 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-10-14 03:41 488140 c:\windows\system32\perfh009.dat
- 2009-03-24 00:26 . 2008-07-10 16:01 467984 c:\windows\system32\d3dx10_39.dll
+ 2009-03-24 00:26 . 2008-07-12 12:18 467984 c:\windows\system32\d3dx10_39.dll
- 2009-08-21 03:26 . 2009-08-21 03:26 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-10-23 19:02 . 2009-10-23 19:02 652800 c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\vs_setup.msi
+ 2009-10-23 18:51 . 2009-03-16 18:18 517448 c:\windows\LastGood\system32\XAudio2_4.dll
+ 2009-10-23 18:51 . 2008-10-27 15:04 514384 c:\windows\LastGood\system32\XAudio2_3.dll
+ 2009-10-23 14:23 . 2008-07-30 11:20 509448 c:\windows\LastGood\system32\XAudio2_2.dll
+ 2009-10-23 14:23 . 2008-05-30 19:19 507400 c:\windows\LastGood\system32\XAudio2_1.dll
+ 2009-10-23 14:23 . 2008-03-05 21:03 479752 c:\windows\LastGood\system32\XAudio2_0.dll
+ 2009-10-23 18:51 . 2009-03-16 18:18 235352 c:\windows\LastGood\system32\xactengine3_4.dll
+ 2009-10-23 18:51 . 2008-10-27 15:04 235856 c:\windows\LastGood\system32\xactengine3_3.dll
+ 2009-10-23 14:23 . 2008-07-30 11:20 238088 c:\windows\LastGood\system32\xactengine3_2.dll
+ 2009-10-23 14:23 . 2008-05-30 19:18 238088 c:\windows\LastGood\system32\xactengine3_1.dll
+ 2009-10-23 14:23 . 2008-03-05 21:03 238088 c:\windows\LastGood\system32\xactengine3_0.dll
+ 2009-10-23 14:23 . 2007-07-20 05:57 267112 c:\windows\LastGood\system32\xactengine2_9.dll
+ 2009-10-23 14:23 . 2007-06-21 01:46 266088 c:\windows\LastGood\system32\xactengine2_8.dll
+ 2009-10-23 14:23 . 2007-04-04 23:55 261480 c:\windows\LastGood\system32\xactengine2_7.dll
+ 2009-10-23 14:23 . 2007-01-24 20:27 255848 c:\windows\LastGood\system32\xactengine2_6.dll
+ 2009-10-23 14:23 . 2006-12-08 17:02 251672 c:\windows\LastGood\system32\xactengine2_5.dll
+ 2009-10-23 14:23 . 2006-09-28 21:05 237848 c:\windows\LastGood\system32\xactengine2_4.dll
+ 2009-10-23 14:23 . 2006-07-28 14:30 236824 c:\windows\LastGood\system32\xactengine2_3.dll
+ 2009-10-23 14:23 . 2006-05-31 12:24 230168 c:\windows\LastGood\system32\xactengine2_2.dll
+ 2009-10-23 14:23 . 2007-10-22 08:39 267272 c:\windows\LastGood\system32\xactengine2_10.dll
+ 2009-10-23 14:23 . 2006-03-31 17:39 229584 c:\windows\LastGood\system32\xactengine2_1.dll
+ 2009-10-23 14:23 . 2006-02-03 13:42 230096 c:\windows\LastGood\system32\xactengine2_0.dll
+ 2009-10-23 18:51 . 2009-03-09 19:27 453456 c:\windows\LastGood\system32\d3dx10_41.dll
+ 2009-10-23 18:51 . 2008-10-15 10:22 452440 c:\windows\LastGood\system32\d3dx10_40.dll
+ 2009-10-23 14:23 . 2008-07-10 16:01 467984 c:\windows\LastGood\system32\d3dx10_39.dll
+ 2009-10-23 14:23 . 2008-05-30 19:11 467984 c:\windows\LastGood\system32\d3dx10_38.dll
+ 2009-10-23 14:23 . 2008-02-06 04:07 462864 c:\windows\LastGood\system32\d3dx10_37.dll
+ 2009-10-23 14:23 . 2007-10-02 14:56 444776 c:\windows\LastGood\system32\d3dx10_36.dll
+ 2009-10-23 14:23 . 2007-07-19 23:14 444776 c:\windows\LastGood\system32\d3dx10_35.dll
+ 2009-10-23 14:23 . 2007-05-16 21:45 443752 c:\windows\LastGood\system32\d3dx10_34.dll
+ 2009-10-23 14:23 . 2007-03-15 21:57 443752 c:\windows\LastGood\system32\d3dx10_33.dll
+ 2009-10-23 19:02 . 2009-10-23 19:02 357376 c:\windows\Installer\8042243.msi
+ 2009-10-23 14:24 . 2009-10-23 14:24 827904 c:\windows\Installer\704fb40.msi
+ 2009-10-23 14:24 . 2009-10-23 14:24 850944 c:\windows\Installer\704fb38.msi
+ 2009-10-23 19:02 . 2009-10-23 19:02 125036 c:\windows\Installer\{D5395E5F-4D45-4665-8F00-234FA33678AF}\SdxIconBlack.exe
- 2009-10-14 03:41 . 2009-10-14 03:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2007-08-27 19:41 . 2007-08-27 19:41 1089440 c:\windows\system32\msidcrl40.dll
- 2009-03-24 00:26 . 2008-07-10 16:00 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-03-24 00:26 . 2008-07-12 12:18 3851784 c:\windows\system32\D3DX9_39.dll
+ 2009-03-24 00:26 . 2008-07-12 12:18 1493528 c:\windows\system32\D3DCompiler_39.dll
- 2009-03-24 00:26 . 2008-07-10 16:00 1493528 c:\windows\system32\D3DCompiler_39.dll
+ 2009-10-23 18:51 . 2009-03-09 19:27 4178264 c:\windows\LastGood\system32\D3DX9_41.dll
+ 2009-10-23 18:51 . 2008-10-15 10:22 4379984 c:\windows\LastGood\system32\D3DX9_40.dll
+ 2009-10-23 14:23 . 2008-07-10 16:00 3851784 c:\windows\LastGood\system32\D3DX9_39.dll
+ 2009-10-23 14:23 . 2008-05-30 19:11 3850760 c:\windows\LastGood\system32\D3DX9_38.dll
+ 2009-10-23 14:23 . 2008-03-05 20:56 3786760 c:\windows\LastGood\system32\D3DX9_37.dll
+ 2009-10-23 14:23 . 2007-10-12 20:14 3734536 c:\windows\LastGood\system32\d3dx9_36.dll
+ 2009-10-23 14:23 . 2007-07-19 23:14 3727720 c:\windows\LastGood\system32\d3dx9_35.dll
+ 2009-10-23 14:23 . 2007-05-16 21:45 3497832 c:\windows\LastGood\system32\d3dx9_34.dll
+ 2009-10-23 14:23 . 2007-03-12 21:42 3495784 c:\windows\LastGood\system32\d3dx9_33.dll
+ 2009-10-23 14:23 . 2006-11-29 18:06 3426072 c:\windows\LastGood\system32\d3dx9_32.dll
+ 2009-10-23 14:23 . 2006-09-28 21:05 2414360 c:\windows\LastGood\system32\d3dx9_31.dll
+ 2009-10-23 14:23 . 2006-03-31 17:40 2388176 c:\windows\LastGood\system32\d3dx9_30.dll
+ 2009-10-23 14:23 . 2006-02-03 13:43 2332368 c:\windows\LastGood\system32\d3dx9_29.dll
+ 2009-10-23 14:23 . 2005-12-05 23:09 2323664 c:\windows\LastGood\system32\d3dx9_28.dll
+ 2009-10-23 14:23 . 2005-07-23 00:59 2319568 c:\windows\LastGood\system32\d3dx9_27.dll
+ 2009-10-23 14:23 . 2005-05-26 20:34 2297552 c:\windows\LastGood\system32\d3dx9_26.dll
+ 2009-10-23 14:23 . 2005-03-18 22:19 2337488 c:\windows\LastGood\system32\d3dx9_25.dll
+ 2009-10-23 14:23 . 2005-02-06 00:45 2222800 c:\windows\LastGood\system32\d3dx9_24.dll
+ 2009-10-23 18:51 . 2009-03-09 19:27 1846632 c:\windows\LastGood\system32\D3DCompiler_41.dll
+ 2009-10-23 18:51 . 2008-10-15 10:22 2036576 c:\windows\LastGood\system32\D3DCompiler_40.dll
+ 2009-10-23 14:23 . 2008-07-10 16:00 1493528 c:\windows\LastGood\system32\D3DCompiler_39.dll
+ 2009-10-23 14:23 . 2008-05-30 19:11 1491992 c:\windows\LastGood\system32\D3DCompiler_38.dll
+ 2009-10-23 14:23 . 2008-03-05 20:56 1420824 c:\windows\LastGood\system32\D3DCompiler_37.dll
+ 2009-10-23 14:23 . 2007-10-12 20:14 1374232 c:\windows\LastGood\system32\D3DCompiler_36.dll
+ 2009-10-23 14:23 . 2007-07-19 23:14 1358192 c:\windows\LastGood\system32\D3DCompiler_35.dll
+ 2009-10-23 14:23 . 2007-05-16 21:45 1124720 c:\windows\LastGood\system32\D3DCompiler_34.dll
+ 2009-10-23 14:23 . 2007-03-12 21:42 1123696 c:\windows\LastGood\system32\D3DCompiler_33.dll
+ 2009-10-23 19:03 . 2009-10-23 19:03 5428224 c:\windows\assembly\NativeImages_v2.0.50727_32\SlimDX\4f55348bcda96e5734d666e527015fbb\SlimDX.ni.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-10-23 19:02 . 2009-10-23 19:02 2404352 c:\windows\assembly\GAC_32\SlimDX\2.0.7.41__b1b0c32fd1ffe4f9\SlimDX.dll
- 2009-10-14 03:41 . 2009-10-14 03:41 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-10-23 19:01 . 2009-10-23 19:01 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-10-23 18:51 . 2009-10-23 18:51 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2009-10-20 23:09 . 2009-10-20 23:09 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-10-28 21:41 . 2008-10-28 21:41 13643936 c:\windows\system32\xlivefnt.dll
+ 2008-10-28 21:41 . 2008-10-28 21:41 14303392 c:\windows\system32\xlive.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-27 342848]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Steam"="c:\program files\valve\steam\steam.exe" [2009-10-11 1217784]
"Intel"="c:\program files\Intel\IntelInf.exe" [2005-08-12 217088]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"Media Codec Update Service"="c:\program files\Essentials Codec Pack\WECPUpdate.exe" [2009-01-25 196608]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-17 2025752]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-14 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2008-09-18 880640]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-04-15 77824]
"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

c:\documents and settings\T\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-03-02 14:13 16680 ----a-w- c:\program files\Citrix\GoToAssist\560\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-03-01 08:11 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 13:42 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\EA GAMES\\The Battle for Middle-earth ™\\game.dat"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II\\game.dat"=
"c:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Starcraft\\StarCraft.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Dungeon Siege 2\\DungeonSiege2.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"c:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War\\GameData\\sweaw.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Empire at War Forces of Corruption\\swfoc.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's H.A.W.X\\HAWX.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\watergod\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\batman arkham asylum - demo\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\common\\dawn of war ii - spd\\DOW2.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Starcraft bnet
"6112:UDP"= 6112:UDP:Starcraft bnet

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/24/2009 3:09 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/24/2009 3:09 AM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/4/2009 2:50 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/4/2009 2:49 PM 74480]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/26/2009 3:18 PM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/26/2009 3:18 PM 297752]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [9/10/2009 6:50 PM 12672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/11/2009 6:43 PM 92296]
S2 0298071256270945mcinstcleanup;McAfee Application Installer Cleanup (0298071256270945);c:\windows\TEMP\029807~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\029807~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/4/2009 2:50 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FONTCACHE3.0.0.0

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2W10I2R1-FLG4-OHW5-40DI-703CF1N44024}]
c:\program files\Intel\IntelInf.exe
.
.
------- Supplementary Scan -------
.
uStart Page = Yahoo.com
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
TCP: {6279482C-9C7F-4FC9-AE62-A6AC7F3930DC} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\T\Application Data\Mozilla\Firefox\Profiles\x7o8ka7b.default\
FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Microsoft Silverlight\npctrl.1.0.20926.0.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-23 20:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:db,42,ec,42,ad,0a,35,38,a4,d1,53,63,6c,53,e8,e0,b7,90,ba,8e,fe,98,d3,
d5,ac,92,c0,7a,3b,89,92,57,07,2b,af,c4,61,82,ac,71,19,14,88,eb,38,d3,a5,1b,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-1715567821-1500820517-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7b,cc,03,1b,93,90,3c,9d,f4,03,0c,8b,33,bd,a6,b0,3f,63,f8,55,53,
d7,4e,45,27,81,9b,c0,da,36,d8,b7,e2,92,0f,07,bb,7c,13,ca,37,62,e2,cc,7c,a2,\
"rkeysecu"=hex:1e,9f,c5,87,13,a3,45,9c,51,b5,ef,41,b8,c1,49,f5
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\560\G2AWinLogon.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
.
Completion time: 2009-10-24 20:33
ComboFix-quarantined-files.txt 2009-10-24 00:33
ComboFix2.txt 2009-10-22 05:58
ComboFix3.txt 2009-03-20 21:20

Pre-Run: 8,308,690,944 bytes free
Post-Run: 8,319,725,568 bytes free

- - End Of File - - B7152BFEFBFEBBC4E63CD2690EB403C2
Upload was successful








Malwarebytes' Anti-Malware 1.41
Database version: 3021
Windows 5.1.2600 Service Pack 3

10/23/2009 8:50:07 PM
mbam-log-2009-10-23 (20-50-07).txt

Scan type: Quick Scan
Objects scanned: 105592
Time elapsed: 1 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2w10i2r1-flg4-ohw5-40di-703cf1n44024} (Generic.Bot.H) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
I:\autorun.inf (Worm.Agent.H) -> Delete on reboot.
C:\Program Files\Intel\IntelInf.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Local Settings\temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\T\Local Settings\temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:57 AM

Posted 23 October 2009 - 08:17 PM

It successfully uploaded. The combofix wanted me to update it I hit no so if i need to I can do another scan.

This time run it again by double-clicking on it and let it be updated when asked.

Run flash-drive disinfector first... then run Combofix...

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users