Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

worm.win32.netsky & internet security 2010


  • This topic is locked This topic is locked
10 replies to this topic

#1 commsgeek

commsgeek

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 07 January 2010 - 07:51 AM

Am infected with something but not sure what - getting a message on boot for netsky infection and some software titled "Internet Security 2010" has installed itself. Here is my HJT log - hope someone can help as am at my wits end.

Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:37, on 07/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\i-sure Data Backup\AgentService.exe
C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\V0470Mon.exe
C:\Program Files\Ubiquiti\UCU.exe
C:\Program Files\i-sure Data Backup\Agent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
C:\WINDOWS\system32\smss32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\DOCUME~1\Paul\LOCALS~1\Temp\d8qjoz0l.exe
C:\Documents and Settings\Paul\.COMMgr\complmgr.exe
C:\Documents and Settings\Paul\Application Data\SystemProc\lsass.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IObit\IObit Security 360\IS360Updater.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe
O4 - HKLM\..\Run: [UCU] "C:\Program Files\Ubiquiti\UCU.exe" -nogui
O4 - HKLM\..\Run: [BVRPLiveUpdate] C:\Program Files\Avanquest update\Engine\Setup.exe -s /PATCH,/SRCUPDATEC:\DOCUME~1\ALLUSE~1\APPLIC~1\SONYER~1\SONYER~1\LIVEUP~1\LISTOF~1.DAT
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\i-sure Data Backup\Agent.exe" -ni -sss -e http://localhost:16386/
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AirControlMonitor] "C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe" //MS//AirControl
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\4.0"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [ygua8e7yhuiesfha876yfauy8fe] C:\DOCUME~1\Paul\LOCALS~1\Temp\d8qjoz0l.exe
O4 - HKCU\..\Run: [asg984jgkfmgasi8ug98jgkfgfb] C:\DOCUME~1\Paul\LOCALS~1\Temp\notepad.exe
O4 - HKCU\..\Run: [COM+ Manager] "C:\Documents and Settings\Paul\.COMMgr\complmgr.exe"
O4 - HKCU\..\Run: [LREC75DND7] C:\DOCUME~1\Paul\LOCALS~1\Temp\c.exe
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Paul\Application Data\SystemProc\lsass.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{014C1714-199E-4141-96E6-1DF6257898E8}: NameServer = 212.104.130.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7B9C739-4C26-4B57-846A-05532AB2A1D2}: NameServer = 212.104.130.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{014C1714-199E-4141-96E6-1DF6257898E8}: NameServer = 212.104.130.9
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ubiquiti Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\i-sure Data Backup\AgentService.exe
O23 - Service: Ubiquiti AirControl (AirControl) - Apache Software Foundation - C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc. - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolarWinds TFTP Server - SolarWinds - C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

--
End of file - 9961 bytes


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 14 January 2010 - 09:56 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 commsgeek

commsgeek
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 14 January 2010 - 08:40 PM

hi

thanks for getting back to me. understand you guys must be busy so understand it takes a while. Since I posted I found the following howto on here to remove the rogue Internet Security 2010: http://www.bleepingcomputer.com/virus-remo...t-security-2010

I've also run a number of scans with MBAM, SAS, ComboFix, IOBit Security and Norton AV which have all found and fixed various trojans, rootkits, etc. The latest scans all seem to come back clean but I'm still not 100% convinced the machine is clean so would appreciate some help checking. The main reason I'm suspecting problems still is that I'm seeing a lot of google adwords on sites for malware tools so still a bit suspect.. maybe I'm just being paranoid though ;)

I've followed your instructions for OTL and the logs are below/

Thanks again.

OTL logfile created on: 15/01/2010 01:33:11 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.20 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 2.04 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxxxxxxx
Current User Name: xxxxxxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/01/07 23:20:18 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/05 07:56:02 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/06 22:19:52 | 00,107,792 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe
PRC - [2009/09/23 22:37:56 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/23 22:37:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/07/24 15:05:26 | 00,762,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
PRC - [2009/03/11 17:57:22 | 00,358,312 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\OpenManage\Client\Iap.exe
PRC - [2009/02/06 16:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/07/31 16:16:18 | 00,013,312 | ---- | M] (Tenable Network Security) -- C:\Program Files\Tenable\Nessus\nessusd.exe
PRC - [2008/04/25 19:31:40 | 00,524,288 | ---- | M] (Radica) -- C:\Program Files\Radica\Stylin' Studio\SS_MW.exe
PRC - [2008/04/24 17:51:14 | 06,311,936 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\i-sure Data Backup\AgentService.exe
PRC - [2008/04/24 17:51:14 | 00,239,104 | ---- | M] (Iron Mountain Incorporated) -- C:\Program Files\i-sure Data Backup\Agent.exe
PRC - [2008/03/17 14:56:30 | 00,561,152 | ---- | M] (Ubiquiti Networks, Inc.) -- C:\Program Files\Ubiquiti\ucu.exe
PRC - [2007/10/03 09:35:44 | 00,454,741 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007/06/04 01:01:00 | 00,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0470Mon.exe
PRC - [2007/04/14 14:50:30 | 01,556,480 | ---- | M] (D-Link) -- C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
PRC - [2007/03/14 21:01:30 | 00,071,216 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007/01/19 10:49:04 | 00,049,152 | ---- | M] (Wireless Service) -- C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
PRC - [2007/01/09 01:25:30 | 00,272,024 | R--- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/03/23 00:13:46 | 01,591,808 | ---- | M] (YourWare Solutions ™) -- C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
PRC - [2005/07/06 18:52:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2004/08/03 23:56:58 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2004/08/03 23:56:50 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2000/12/22 06:51:00 | 00,430,080 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2000/12/22 06:51:00 | 00,053,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2000/12/22 06:51:00 | 00,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 16:12:40 | 00,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE


========== Modules (SafeList) ==========

MOD - [2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2005/07/06 18:52:00 | 01,466,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2005/07/06 18:52:00 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2004/08/03 23:57:02 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/11/14 11:51:22 | 00,312,592 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/10/06 22:19:52 | 00,107,792 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe -- (AirControl)
SRV - [2009/09/23 22:37:55 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/08/27 15:05:04 | 00,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/04/21 06:11:10 | 00,851,968 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2009/03/11 17:57:22 | 00,358,312 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\OpenManage\Client\Iap.exe -- (Iap)
SRV - [2008/10/30 08:52:37 | 00,168,432 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/10/09 18:46:25 | 00,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/07/31 16:16:18 | 00,013,312 | ---- | M] (Tenable Network Security) [Auto | Running] -- C:\Program Files\Tenable\Nessus\nessusd.exe -- (Tenable Nessus)
SRV - [2008/04/24 17:51:14 | 06,311,936 | ---- | M] (Iron Mountain Incorporated) [Auto | Running] -- C:\Program Files\i-sure Data Backup\AgentService.exe -- (AgentService)
SRV - [2007/12/05 08:58:32 | 00,061,440 | ---- | M] (SolarWinds) [On_Demand | Stopped] -- C:\Program Files\SolarWinds\Engineer's Toolset\SolarWinds TFTP Server.exe -- (SolarWinds TFTP Server)
SRV - [2007/11/06 20:22:26 | 00,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/03 09:35:44 | 00,454,741 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007/01/19 10:49:26 | 00,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2007/01/09 01:25:30 | 00,272,024 | R--- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2005/11/10 21:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/07/06 18:52:00 | 00,127,044 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2000/12/22 06:51:00 | 00,430,080 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2000/12/22 06:51:00 | 00,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/01/13 09:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100113.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/01/13 09:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100113.009\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/05 07:56:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/05 07:56:04 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/05 07:56:02 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/09/14 18:16:40 | 00,036,928 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk41.sys -- (PsSdk41)
DRV - [2009/07/24 15:05:26 | 01,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/02 01:58:00 | 00,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/06/02 01:58:00 | 00,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/05/18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV - [2009/01/19 00:19:05 | 00,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/09 17:51:23 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/08/21 05:38:10 | 00,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2008/04/24 17:51:14 | 00,045,384 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LV_Tracker.sys -- (LV_Tracker)
DRV - [2008/03/17 14:46:46 | 01,337,472 | ---- | M] (Ubiquiti Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netsrx.sys -- (SRX)
DRV - [2008/02/19 21:39:54 | 00,058,016 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007/12/10 13:22:22 | 00,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM)
DRV - [2007/12/10 13:22:22 | 00,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex)
DRV - [2007/12/10 13:22:20 | 00,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM)
DRV - [2007/12/10 13:22:20 | 00,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS)
DRV - [2007/12/10 13:22:18 | 00,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm)
DRV - [2007/12/10 13:22:18 | 00,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl)
DRV - [2007/12/10 13:22:14 | 00,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM)
DRV - [2007/11/06 20:22:06 | 00,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/10/03 16:20:14 | 00,008,192 | ---- | M] (AirMagnet, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\AmDriver.sys -- (AmDriver)
DRV - [2007/05/09 01:00:00 | 00,146,720 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0470Vid.sys -- (VF0470Vid) Live! Cam Notebook (VF0470)
DRV - [2006/11/02 16:51:58 | 00,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4C74-92FE-5B863F82066B})
DRV - [2006/05/10 14:00:16 | 00,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/12/11 10:55:38 | 00,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005/11/10 21:49:24 | 01,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/03 03:39:00 | 00,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005/07/06 18:52:00 | 03,208,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/08/03 23:07:56 | 00,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/03 21:59:52 | 00,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2004/03/24 02:12:34 | 00,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2003/10/23 16:04:00 | 00,076,160 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gticard.sys -- (GTICARD)
DRV - [2003/08/29 14:56:12 | 00,052,080 | ---- | M] (Texas Instruments Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tiumfwl.sys -- (tiumfwl)
DRV - [2002/12/24 20:18:56 | 00,003,712 | ---- | M] (Hitachi Global Storage Technologies) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cfadisk.sys -- (cfadisk)
DRV - [2002/12/10 15:13:22 | 00,007,552 | ---- | M] (Texas Instruments Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tiumflt.sys -- (DevUpper)
DRV - [2002/09/16 17:14:32 | 00,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/03/25 19:02:14 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2001/08/23 12:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SONYPVU1.SYS -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2000/12/22 06:51:00 | 00,171,872 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2000/12/22 06:51:00 | 00,007,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1682526488-839522115-1003\S-1-5-21-57989841-1682526488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/07 23:20:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/07 23:20:23 | 00,000,000 | ---D | M]

[2009/08/13 13:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2009/08/13 13:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\home2@tomtom.com
[2010/01/14 11:17:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions
[2008/11/05 19:52:18 | 00,000,000 | ---D | M] (InFormEnter) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}
[2010/01/14 16:59:24 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/13 18:34:21 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/09/13 18:34:21 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/09/13 18:34:21 | 00,000,759 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/09/13 18:34:21 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [AgentUiRunKey] C:\Program Files\i-sure Data Backup\Agent.exe (Iron Mountain Incorporated)
O4 - HKLM..\Run: [AirControlMonitor] C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe (Apache Software Foundation)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe (IObit)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SS_MW] C:\Program Files\Radica\Stylin' Studio\SS_MW.exe (Radica)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCU] C:\Program Files\Ubiquiti\UCU.exe (Ubiquiti Networks, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [V0470Mon.exe] C:\WINDOWS\V0470Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX3000] C:\WINDOWS\vVX3000.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-57989841-1682526488-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1682526488-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-57989841-1682526488-839522115-1003\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/0/A...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl..._3_1_02-win.cab (Java Plug-in 1.3.1_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.78.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: d:\My Documents\Business\CBR Networks\Graphics\CBR Logo - V3_1 - 300 by 145 - Black Background - Bitmap for Win Desktop - smaller.bmp
O24 - Desktop BackupWallPaper: d:\My Documents\Business\CBR Networks\Graphics\CBR Logo - V3_1 - 300 by 145 - Black Background - Bitmap for Win Desktop - smaller.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/09 16:10:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/12/12 11:40:14 | 00,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/12/12 11:40:14 | 00,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/15 01:32:28 | 00,544,256 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/01/15 01:29:27 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/14 16:16:57 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/14 16:14:54 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/14 16:14:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/14 16:14:54 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/14 16:14:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/14 16:13:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/14 16:12:29 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/14 11:15:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/01/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\SUPERAntiSpyware.com
[2010/01/14 11:13:24 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/01/14 11:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/01/14 10:26:40 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/14 10:26:36 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/09 21:06:38 | 00,000,000 | ---D | C] -- C:\_Films
[2010/01/07 23:59:03 | 00,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/01/07 23:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/01/07 23:58:17 | 00,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/01/07 23:57:30 | 00,000,000 | ---D | C] -- C:\Program Files\AutoGK
[2010/01/07 23:33:04 | 00,000,000 | ---D | C] -- C:\WAR
[2010/01/07 23:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/01/07 20:44:03 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/01/07 19:45:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2010/01/07 19:36:39 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Paul\Desktop\RootRepeal.exe
[2010/01/06 20:48:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Paul\.COMMgr
[2010/01/05 22:07:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\dvdcss
[2009/12/29 18:40:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2009/12/29 18:40:04 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2009/12/29 18:37:27 | 00,000,000 | ---D | C] -- C:\Program Files\Radica
[2009/12/29 18:22:52 | 00,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2009/12/28 23:39:41 | 00,000,000 | ---D | C] -- d:\My Documents\googleearth
[2009/12/28 23:28:06 | 00,000,000 | ---D | C] -- C:\Program Files\YourWare Solutions
[2009/12/28 23:02:48 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wkssvc.dll
[2009/12/28 23:02:32 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/12/28 23:02:17 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tlntsess.exe
[2009/12/28 23:02:17 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\telnet.exe
[2009/12/28 23:02:02 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2009/12/28 23:01:19 | 00,655,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/12/28 23:00:32 | 00,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2009/12/28 23:00:09 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqutil.dll
[2009/12/28 23:00:09 | 00,225,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqoa.dll
[2009/12/28 23:00:09 | 00,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsec.dll
[2009/12/28 23:00:09 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqupgrd.dll
[2009/12/28 23:00:09 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqdscli.dll
[2009/12/28 23:00:09 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqise.dll
[2009/12/28 23:00:09 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsvc.exe
[2009/12/28 23:00:08 | 00,186,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtrig.dll
[2009/12/28 23:00:08 | 00,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqad.dll
[2009/12/28 23:00:08 | 00,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqtgsvc.exe
[2009/12/28 23:00:08 | 00,091,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqac.sys
[2009/12/28 23:00:08 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqbkup.exe
[2009/12/28 23:00:07 | 00,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqqm.dll
[2009/12/28 23:00:07 | 00,517,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqsnap.dll
[2009/12/28 23:00:07 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrt.dll
[2009/12/28 23:00:07 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msmqocm.dll
[2009/12/28 23:00:07 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mqrtdep.dll
[2009/12/28 22:59:31 | 00,449,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2009/12/28 22:59:31 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/12/28 22:59:31 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2009/12/28 22:59:31 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2009/12/28 22:59:30 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/12/28 22:59:30 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inseng.dll
[2009/12/28 22:59:30 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009/12/28 22:59:30 | 00,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2009/12/28 22:59:29 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2009/12/28 22:59:28 | 00,474,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shlwapi.dll
[2009/12/28 22:59:28 | 00,251,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2009/12/28 22:59:27 | 00,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2009/12/28 22:59:27 | 00,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdfview.dll
[2009/12/28 22:59:26 | 00,659,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/12/28 22:59:26 | 00,205,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2009/12/28 22:59:25 | 01,054,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\danim.dll
[2009/12/28 22:59:25 | 01,023,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browseui.dll
[2009/12/28 22:59:24 | 01,506,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/12/28 22:59:24 | 00,532,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2009/12/28 22:59:22 | 03,062,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/12/28 22:58:34 | 00,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/12/28 22:58:17 | 01,846,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/12/28 22:58:03 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/12/28 22:57:48 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2009/12/28 22:57:47 | 00,986,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2009/12/28 22:57:33 | 00,351,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winhttp.dll
[2009/12/28 22:57:13 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2009/12/28 22:57:12 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2009/12/28 22:57:11 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2009/12/28 22:57:11 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxclu.dll
[2009/12/28 22:57:11 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2009/12/28 22:57:10 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2009/12/28 22:56:36 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/12/28 22:56:33 | 00,728,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/12/28 22:56:30 | 02,142,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/12/28 22:56:28 | 02,186,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/12/28 22:56:27 | 02,020,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/12/28 22:56:25 | 02,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2009/12/28 22:56:07 | 00,352,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/12/28 22:55:39 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schannel.dll
[2009/12/28 22:55:24 | 00,333,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/12/28 22:54:41 | 00,283,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2009/12/28 22:54:28 | 00,247,326 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\strmdll.dll
[2009/12/28 22:54:15 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/12/28 22:54:00 | 01,106,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2009/12/28 22:53:45 | 00,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/12/28 22:53:31 | 00,253,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\es.dll
[2009/12/28 22:53:17 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mscms.dll
[2009/12/28 22:52:49 | 00,683,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/12/28 22:52:36 | 00,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/12/28 22:52:35 | 00,417,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vbscript.dll
[2009/12/28 22:52:16 | 00,360,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2009/12/28 22:52:16 | 00,138,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2009/12/28 22:52:15 | 00,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2009/12/28 22:52:15 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\6to4svc.dll
[2009/12/28 22:52:01 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/12/28 22:51:20 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/12/28 22:51:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/12/28 22:07:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2009/12/28 22:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/12/24 19:54:47 | 01,961,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\VX3000.sys
[2009/12/24 19:54:47 | 00,762,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.exe
[2009/12/24 19:54:47 | 00,676,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\LCCoin30.dll
[2009/12/24 19:54:47 | 00,227,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\vVX3000.dll
[2009/12/24 19:54:47 | 00,175,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cVX3000.dll
[2009/12/24 19:54:47 | 00,101,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\VX3000.dll
[2009/12/24 19:43:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/12/24 19:43:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/12/24 19:43:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/12/24 19:43:24 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/12/24 19:42:40 | 00,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2009/12/24 19:42:40 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2009/12/24 19:42:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2009/12/24 19:42:39 | 01,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2009/12/24 19:42:39 | 00,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2009/12/24 19:42:39 | 00,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2009/12/24 19:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/12/24 18:49:34 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/12/24 18:49:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/12/22 22:53:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\AVS4YOU
[2009/12/22 22:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/12/22 22:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2009/12/22 22:48:02 | 00,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2009/12/22 22:37:54 | 00,000,000 | ---D | C] -- C:\output media
[2009/12/22 22:36:28 | 00,000,000 | ---D | C] -- C:\Program Files\Free Convert All Movie Video Converter Gold
[2009/12/22 22:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\DVDx
[2009/12/22 21:28:34 | 00,000,000 | -H-D | C] -- d:\My Documents\ShadowEditFiles
[2009/12/22 21:27:55 | 00,000,000 | ---D | C] -- d:\My Documents\CyberLink
[2009/12/22 21:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\CyberLink
[2009/12/22 21:25:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/12/22 21:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/12/16 16:52:43 | 00,000,000 | ---D | C] -- C:\Netgear
[2009/07/08 10:21:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/02/01 15:41:11 | 00,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/10/22 21:38:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/10/09 16:14:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/10/09 16:14:54 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/09 16:14:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/15 01:32:28 | 00,544,256 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2010/01/14 16:42:55 | 00,077,449 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/01/14 16:42:24 | 00,030,098 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/01/14 16:41:42 | 00,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/01/14 16:41:07 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/14 16:40:17 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/14 16:34:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/14 16:34:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/14 16:33:22 | 09,175,040 | -H-- | M] () -- C:\Documents and Settings\Paul\NTUSER.DAT
[2010/01/14 16:33:22 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Paul\ntuser.ini
[2010/01/14 16:17:05 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/14 16:14:08 | 03,824,871 | R--- | M] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2010/01/14 11:13:30 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 10:26:44 | 00,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 09:57:30 | 00,000,980 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Logs.lnk
[2010/01/14 09:48:57 | 00,000,015 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2010/01/13 09:41:26 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/11 08:54:25 | 00,182,272 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/11 00:00:04 | 00,000,816 | ---- | M] () -- C:\WINDOWS\System32\tversity.cookies
[2010/01/10 19:18:08 | 00,077,449 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/01/08 09:11:25 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\AutoGK.ini
[2010/01/07 23:29:33 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\DVD Decrypter.lnk
[2010/01/07 20:53:13 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Paul\Desktop\mbam-setup.exe
[2010/01/07 20:11:10 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2010/01/07 19:36:46 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Paul\Desktop\RootRepeal.exe
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/06 21:32:11 | 02,656,656 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2009/12/30 17:04:00 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\PUTTY.RND
[2009/12/29 19:51:31 | 00,058,525 | ---- | M] () -- C:\Documents and Settings\Paul\ss_pic_temp.jpg
[2009/12/29 19:47:21 | 00,216,281 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_2.jpg
[2009/12/29 19:45:17 | 00,202,370 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_hawaii_1.jpg
[2009/12/29 19:43:00 | 00,193,161 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_1.jpg
[2009/12/29 19:42:07 | 00,086,321 | ---- | M] () -- C:\Documents and Settings\Paul\ss_s1.jpg
[2009/12/29 19:25:41 | 00,100,946 | ---- | M] () -- C:\Documents and Settings\Paul\ss_pic.jpg
[2009/12/29 18:57:58 | 00,445,238 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/29 18:57:58 | 00,072,756 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/29 18:57:56 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/29 18:45:41 | 01,508,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/29 18:42:08 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/12/29 18:38:42 | 00,000,861 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Stylin' Studio.lnk
[2009/12/28 23:02:58 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/28 22:07:31 | 00,000,735 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/26 21:17:04 | 00,164,352 | ---- | M] () -- d:\My Documents\AandLreset.doc
[2009/12/25 09:18:03 | 00,049,624 | ---- | M] () -- C:\WINDOWS\System32\GDIPFONTCACHEV1.DAT
[2009/12/24 20:03:24 | 00,921,624 | ---- | M] () -- C:\img2-001.raw
[2009/12/22 22:50:20 | 00,000,948 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2009/12/22 22:48:59 | 00,000,899 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\AVS Video Converter 6.lnk
[2009/12/22 22:36:46 | 00,000,034 | -H-- | M] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2009/12/22 22:15:04 | 00,000,628 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\DVDx.lnk
[2009/12/22 21:07:23 | 00,001,723 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink DVD Suite.lnk
[2009/12/18 00:38:51 | 00,019,968 | ---- | M] () -- d:\My Documents\0800533433 yell.doc
[2009/12/17 13:13:22 | 01,488,896 | ---- | M] () -- d:\My Documents\netgear setup.doc
[2009/12/16 20:41:28 | 03,973,120 | ---- | M] () -- d:\My Documents\DG834Gv4_V5.01.14.img
[2009/12/16 15:26:30 | 00,000,862 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/14 16:17:05 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/14 16:17:00 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/14 16:14:54 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/14 16:14:54 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/14 16:14:54 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/14 16:14:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/14 16:14:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/14 11:17:10 | 03,824,871 | R--- | C] () -- C:\Documents and Settings\Paul\Desktop\ComboFix.exe
[2010/01/14 11:13:30 | 00,000,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/01/14 10:26:44 | 00,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/14 09:57:30 | 00,000,980 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Logs.lnk
[2010/01/08 09:11:25 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\AutoGK.ini
[2010/01/07 23:29:33 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\DVD Decrypter.lnk
[2010/01/07 20:10:52 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2010/01/07 19:37:34 | 00,000,015 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2009/12/29 20:12:03 | 00,000,861 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Stylin' Studio.lnk
[2009/12/29 19:50:32 | 00,058,525 | ---- | C] () -- C:\Documents and Settings\Paul\ss_pic_temp.jpg
[2009/12/29 19:47:21 | 00,216,281 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_2.jpg
[2009/12/29 19:45:17 | 00,202,370 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_hawaii_1.jpg
[2009/12/29 19:42:59 | 00,193,161 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ss_livemode_scuba_1.jpg
[2009/12/29 19:42:07 | 00,086,321 | ---- | C] () -- C:\Documents and Settings\Paul\ss_s1.jpg
[2009/12/29 18:53:39 | 00,100,946 | ---- | C] () -- C:\Documents and Settings\Paul\ss_pic.jpg
[2009/12/28 22:58:49 | 01,290,752 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/12/28 22:07:31 | 00,000,735 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2009/12/24 20:03:24 | 00,921,624 | ---- | C] () -- C:\img2-001.raw
[2009/12/24 19:54:47 | 00,524,144 | ---- | C] () -- C:\WINDOWS\System32\LcProxy.ax
[2009/12/24 19:54:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2009/12/24 19:54:47 | 00,013,023 | ---- | C] () -- C:\WINDOWS\VX3000.src
[2009/12/24 19:44:31 | 00,156,984 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/12/22 22:50:20 | 00,000,948 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\AVS4YOU Software Navigator.lnk
[2009/12/22 22:48:59 | 00,000,899 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\AVS Video Converter 6.lnk
[2009/12/22 22:36:46 | 00,000,034 | -H-- | C] () -- C:\WINDOWS\System32\Converter_sysquict.dat
[2009/12/22 22:15:04 | 00,000,628 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\DVDx.lnk
[2009/12/22 21:07:23 | 00,001,723 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink DVD Suite.lnk
[2009/12/18 00:38:50 | 00,019,968 | ---- | C] () -- d:\My Documents\0800533433 yell.doc
[2009/12/17 12:54:37 | 01,488,896 | ---- | C] () -- d:\My Documents\netgear setup.doc
[2009/12/16 20:40:29 | 03,973,120 | ---- | C] () -- d:\My Documents\DG834Gv4_V5.01.14.img
[2009/08/14 12:36:49 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/06/27 01:38:20 | 00,014,211 | R--- | C] () -- C:\WINDOWS\twacker.ini
[2009/06/27 01:37:56 | 00,158,720 | ---- | C] () -- C:\WINDOWS\System32\LFCMP62N.DLL
[2009/06/27 01:37:56 | 00,078,336 | ---- | C] () -- C:\WINDOWS\System32\LTIMG62N.DLL
[2009/06/27 01:37:56 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\LTFIL62N.DLL
[2009/06/27 01:37:56 | 00,022,016 | ---- | C] () -- C:\WINDOWS\System32\LFBMP62N.DLL
[2009/06/27 01:37:11 | 00,000,036 | ---- | C] () -- C:\WINDOWS\WebCamC.ini
[2009/04/22 18:40:14 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/22 18:40:14 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/19 15:41:05 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS64.DLL
[2009/02/01 15:41:11 | 00,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2009/01/25 21:10:48 | 00,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/10 00:14:27 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\PUTTY.RND
[2009/01/08 23:01:22 | 00,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/15 23:28:44 | 00,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/12/09 11:15:31 | 00,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/12/04 16:57:22 | 00,262,217 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2008/10/09 22:39:59 | 00,182,272 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/09 22:28:53 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2008/10/09 20:10:36 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\fusioncache.dat
[2008/10/09 17:50:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2008/10/09 17:44:08 | 00,000,862 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 17:51:14 | 00,045,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\LV_Tracker.sys
[2007/12/05 08:38:32 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\vsppg8.dll
[2007/12/05 08:38:30 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\MabryCHM.DLL
[2007/11/06 20:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/07/05 00:00:00 | 00,011,863 | ---- | C] () -- C:\WINDOWS\System32\Wlan.ini
[2005/03/06 21:06:44 | 00,331,846 | ---- | C] () -- C:\WINDOWS\System32\geoStarsLib.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/15 22:54:04 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/03/25 19:02:14 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2000/12/22 06:51:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2000/09/18 16:12:40 | 00,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
< End of report >



OTL Extras logfile created on: 15/01/2010 01:33:12 - Run 1
OTL by OldTimer - Version 3.1.24.1 Folder = C:\Documents and Settings\xxxxxxxx\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

511.00 Mb Total Physical Memory | 65.00 Mb Available Physical Memory | 13.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 37.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 2.20 Gb Free Space | 5.64% Space Free | Partition Type: NTFS
Drive D: | 35.47 Gb Total Space | 2.04 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: xxxxxxxx
Current User Name: xxxxxxxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Program Files\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify AB)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe" = C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice -- (Microsoft Corporation)
"C:\Program Files\RealVNC\VNC4\vncviewer.exe" = C:\Program Files\RealVNC\VNC4\vncviewer.exe:*:Disabled:VNC Viewer Free Edition for Win32 -- (RealVNC Ltd.)
"C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe" = C:\Program Files\Ubiquiti Networks\AirControl\bin\aircontrol.exe:*:Enabled:Ubiquiti AirControl -- (Apache Software Foundation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\APC\APC Back-UPS HS\CFGUtil.exe" = C:\Program Files\APC\APC Back-UPS HS\CFGUtil.exe:*:Disabled:CFGUtil -- ()
"C:\Program Files\SolarWinds\Engineer's Toolset\Cisco-Config-Viewer.exe" = C:\Program Files\SolarWinds\Engineer's Toolset\Cisco-Config-Viewer.exe:*:Disabled:Cisco Config Viewer -- (SolarWinds)
"C:\Program Files\i-sure Data Backup\Agent.exe" = C:\Program Files\i-sure Data Backup\Agent.exe:*:Disabled:Connected Backup Agent -- (Iron Mountain Incorporated)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" = C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Disabled:Dreamweaver MX 2004 -- (Macromedia, Inc.)
"C:\Program Files\Java\j2re1.4.2\bin\javaw.exe" = C:\Program Files\Java\j2re1.4.2\bin\javaw.exe:*:Disabled:javaw -- ()
"C:\Program Files\SolarWinds\Engineer's Toolset\SNMP-Brute-Force-Attack.exe" = C:\Program Files\SolarWinds\Engineer's Toolset\SNMP-Brute-Force-Attack.exe:*:Disabled:SNMP Brute Force Attack -- (SolarWinds)
"C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Disabled:Sony Ericsson Media Manager 1.1 -- (Sony Creative Software Inc.)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector\PDR.exe" = C:\Program Files\CyberLink\PowerDirector\PDR.exe:*:Enabled:CyberLink PowerDirector -- (CyberLink Corp.)
"C:\Program Files\TVersity\Media Server\MediaServer.exe" = C:\Program Files\TVersity\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0096A731-71DB-4969-AF1A-651698B246A5}" = Sony Ericsson Media Manager 1.1
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{07f69bca-de5a-460a-b4eb-919040ae18bd}" = Nero 9 Essentials
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}" = Tenable Nessus
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Ubiquiti Client Installation Program
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 4.010.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36C753B1-DB3B-4853-9D77-B5037DD63E73}" = AirMagnet Surveyor
"{393E4C89-67E9-43BF-AD29-94D19F7624F7}" = i-sure business unlimited Data Backup Agent
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = CardBus
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1" = DVDx 2
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}" = OMCI
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F87F082-F68F-49DA-981F-5DC86A9AEBF1}" = AirMagnet Laptop
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{E1E729C7-1B3E-41FA-8788-B26E362EFF70}" = SolarWinds Engineer's Toolset v9
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{E7DF4F40-A0CE-430E-8B3B-DB7C8DF1C1A2}" = ActivePerl 5.10.1 Build 1006
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1A1FA1C-5973-4355-A7DC-FED4AEA7D1BC}" = APC Back-UPS HS
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCB10DE3-E190-4A7E-B06A-FAC61567ABFC}" = MySQL Tools for 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"AMP Font Viewer" = AMP Font Viewer
"ATI Display Driver" = ATI Display Driver
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative VF0470" = Creative Live! Cam Notebook Driver (1.01.01.00)
"Creative WebCam Control" = Creative WebCam Control
"Creative WebCam Monitor" = Creative WebCam Monitor
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}" = Tenable Nessus
"InstallShield_{4ABC1F75-7060-4BAE-9972-F2DCBF1D5F1F}" = PCI 7510 CardBus Controller with SmartCard and Software
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{E1E729C7-1B3E-41FA-8788-B26E362EFF70}" = SolarWinds Engineer's Toolset v9
"IObit Security 360_is1" = IObit Security 360
"JRE 1.3.1_02" = Java 2 Runtime Environment Standard Edition v1.3.1_02
"LiveUpdate" = LiveUpdate 2.0 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0272)" = Magic ISO Maker v5.5 (build 0272)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"Nero8Lite_is1" = Nero 8 Lite
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Radio Mobile Deluxe" = Radio Mobile Deluxe 7.6.3
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Free Edition 4.1.3
"Spotify" = Spotify
"Stylin' Studio_is1" = Stylin' Studio v1.0
"SystemRequirementsLab" = System Requirements Lab
"Tag&Rename_is1" = Tag&Rename 3.2
"TightVNC_is1" = TightVNC 1.2.9
"TomTom HOME" = TomTom HOME 2.7.2.1825
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server " = TVersity Media Server 1.5 Beta
"Ubiquiti AirControl" = Ubiquiti AirControl (remove only)
"Ultravnc2_is1" = UltraVNC 1.0.8.0
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.1
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.0.6
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1682526488-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Radio Mobile" = Radio Mobile
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/01/2010 17:21:39 | Computer Name = xxxxxxxx | Source = Application Error | ID = 1000
Description = Faulting application c.exe, version 0.0.0.0, faulting module urlmon.dll,
version 6.0.2900.3592, fault address 0x000053c6.

Error - 07/01/2010 17:46:50 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.FakeAV in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\owxsermnca.tmp by: Realtime Protection scan. Action: Clean failed
: Quarantine succeeded : Access denied

Error - 09/01/2010 14:16:51 | Computer Name = xxxxxxxx | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/01/2010 16:56:27 | Computer Name = xxxxxxxx | Source = nview_info | ID = 11141121
Description =

Error - 14/01/2010 05:31:00 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Downloader in File: C:\ydbkaxo.exe by: Realtime
Protection scan. Action: Clean failed : Quarantine succeeded : Access denied

Error - 14/01/2010 05:34:26 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan.Zbot in File: C:\WINDOWS\Temp\xtap.tmp\svchost.exe
by: Realtime Protection scan. Action: Clean failed : Quarantine succeeded : Access
denied

Error - 14/01/2010 05:34:28 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\wncoasmerx.tmp by: Realtime Protection scan. Action: Clean failed
: Quarantine succeeded : Access denied

Error - 14/01/2010 05:34:28 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: C:\Documents and Settings\xxxxxxxx\Local
Settings\Temp\xQHF.dll by: Realtime Protection scan. Action: Clean failed : Quarantine
succeeded : Access denied

Error - 14/01/2010 21:17:58 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir
by: Manual scan. Action: Clean failed : Quarantine failed : Virus Found!Virus
name: Backdoor.Tidserv!inf in File: C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir_
by: Manual scan. Action: Clean failed : Quarantine failed : Virus Found!Virus
name: JS.Downloader in File: D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown1d1f8.data
by: Manual scan. Action: Clean failed : Quarantine succeeded : Virus Found!Virus
name: Bloodhound.Exploit.213 in File: D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown20034.data
by: Manual scan. Action: Clean failed : Quarantine succeeded :

Error - 14/01/2010 21:18:32 | Computer Name = xxxxxxxx | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Trojan Horse in File: D:\phone backup 2 jun\PHONE
CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT>>Unknown25548.data by: Manual scan.
Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: in File:
D:\phone backup 2 jun\PHONE CARD (G)\Webpage\saved_pages\CHIPPE~1.MHT by: Manual
scan. Action: Clean failed : Quarantine succeeded :

[ System Events ]
Error - 15/11/2009 19:28:33 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 15/11/2009 19:28:33 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 15/11/2009 19:28:35 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 15/11/2009 19:33:01 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 15/11/2009 19:33:01 | Computer Name = xxxxxxxx | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 15/11/2009 19:33:21 | Computer Name = xxxxxxxx | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{276008DE-EA3D-45A1-A38B-599A4A879BE4}
because another computer on the network has the same name. The server could not
start.

Error - 15/11/2009 19:57:44 | Computer Name = xxxxxxxx | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.


< End of report >

Edited by commsgeek, 14 January 2010 - 08:54 PM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 14 January 2010 - 08:42 PM

Hi,

please also provide the log from ComboFix you ran.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 commsgeek

commsgeek
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 14 January 2010 - 08:57 PM

no probs.. here it is:

ComboFix 10-01-13.0C - Paul 14/01/2010 16:23:22.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.511.22 [GMT 0:00]
Running from: c:\documents and settings\Paul\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Paul\Application Data\SystemProc
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
C:\s
C:\Thumbs.db
c:\windows\system32\11639.exe
c:\windows\system32\12178.exe
c:\windows\system32\13060.exe
c:\windows\system32\13129.exe
c:\windows\system32\13363.exe
c:\windows\system32\14324.exe
c:\windows\system32\18967.exe
c:\windows\system32\19723.exe
c:\windows\system32\20854.exe
c:\windows\system32\21067.exe
c:\windows\system32\22833.exe
c:\windows\system32\23308.exe
c:\windows\system32\28587.exe
c:\windows\system32\7009.exe
c:\windows\system32\7368.exe
c:\windows\system32\8141.exe
c:\windows\system32\9078.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Files Created from 2009-12-14 to 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 11:15 . 2010-01-14 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-14 11:13 . 2010-01-14 11:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 11:13 . 2010-01-14 11:13 -------- d-----w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com
2010-01-14 11:13 . 2010-01-14 11:13 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-14 10:26 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-14 10:26 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-09 21:06 . 2010-01-09 21:06 -------- d-----w- C:\_Films
2010-01-07 23:59 . 2010-01-07 23:59 -------- d-----w- c:\program files\XviD
2010-01-07 23:58 . 2010-01-07 23:58 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-07 23:58 . 2010-01-07 23:58 -------- d-----w- c:\program files\Gabest
2010-01-07 23:57 . 2010-01-07 23:59 -------- d-----w- c:\program files\AutoGK
2010-01-07 23:33 . 2010-01-07 23:33 -------- d-----w- C:\WAR
2010-01-07 23:29 . 2010-01-07 23:29 -------- d-----w- c:\program files\DVD Decrypter
2010-01-07 20:50 . 2010-01-07 20:50 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
2010-01-07 19:45 . 2010-01-07 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-01-06 20:48 . 2010-01-07 22:15 -------- d-sh--w- c:\documents and settings\Paul\.COMMgr
2010-01-05 22:07 . 2010-01-10 20:57 -------- d-----w- c:\documents and settings\Paul\Application Data\dvdcss
2009-12-29 18:37 . 2009-12-29 18:37 -------- d-----w- c:\program files\Radica
2009-12-29 18:22 . 2009-12-29 18:22 -------- d-----w- c:\program files\SigmaTel
2009-12-28 23:28 . 2009-12-28 23:28 -------- d-----w- c:\program files\YourWare Solutions
2009-12-28 23:02 . 2009-06-10 06:32 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-12-28 23:02 . 2009-08-05 09:11 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-12-28 23:02 . 2009-06-12 11:50 80896 -c----w- c:\windows\system32\dllcache\tlntsess.exe
2009-12-28 23:02 . 2009-06-12 11:50 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-12-28 23:02 . 2009-07-17 18:55 58880 -c----w- c:\windows\system32\dllcache\atl.dll
2009-12-28 23:01 . 2009-07-10 13:42 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-28 23:01 . 2009-06-05 07:42 655872 -c----w- c:\windows\system32\dllcache\mstscax.dll
2009-12-28 22:58 . 2009-06-03 19:27 1290752 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-12-28 22:58 . 2009-04-15 15:11 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-12-28 22:58 . 2009-04-17 09:58 1846656 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-12-28 22:58 . 2009-05-07 15:44 344064 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-12-28 22:57 . 2009-02-03 20:08 55808 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-12-28 22:57 . 2009-03-21 14:18 986112 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-12-28 22:57 . 2008-12-16 12:47 351232 -c----w- c:\windows\system32\dllcache\winhttp.dll
2009-12-28 22:57 . 2008-06-12 14:16 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2009-12-28 22:57 . 2008-06-12 14:16 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2009-12-28 22:57 . 2008-06-12 14:16 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2009-12-28 22:57 . 2008-06-12 14:16 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2009-12-28 22:57 . 2008-06-12 14:16 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2009-12-28 22:57 . 2008-06-12 14:16 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2009-12-28 22:55 . 2008-12-05 07:12 144896 -c----w- c:\windows\system32\dllcache\schannel.dll
2009-12-28 22:55 . 2008-12-11 11:57 333184 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-28 22:54 . 2008-10-23 13:01 283648 -c----w- c:\windows\system32\dllcache\gdi32.dll
2009-12-28 22:54 . 2008-10-03 10:15 247326 -c----w- c:\windows\system32\dllcache\strmdll.dll
2009-12-28 22:54 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-28 22:54 . 2008-09-04 16:42 1106944 -c----w- c:\windows\system32\dllcache\msxml3.dll
2009-12-28 22:53 . 2008-10-15 16:57 332800 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-28 22:53 . 2008-07-07 20:32 253952 -c----w- c:\windows\system32\dllcache\es.dll
2009-12-28 22:53 . 2008-06-24 16:23 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2009-12-28 22:52 . 2008-04-11 18:50 683520 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-28 22:52 . 2007-12-18 14:40 450560 -c----w- c:\windows\system32\dllcache\jscript.dll
2009-12-28 22:52 . 2007-12-18 14:40 417792 -c----w- c:\windows\system32\dllcache\vbscript.dll
2009-12-28 22:52 . 2008-08-14 09:51 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2009-12-28 22:52 . 2008-06-20 10:45 360320 -c----w- c:\windows\system32\dllcache\tcpip.sys
2009-12-28 22:52 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2009-12-28 22:52 . 2006-08-16 11:58 100352 -c----w- c:\windows\system32\dllcache\6to4svc.dll
2009-12-28 22:52 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-28 22:51 . 2009-12-28 23:03 -------- d--h--w- c:\windows\$hf_mig$
2009-12-28 22:07 . 2009-12-28 22:07 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-12-28 22:07 . 2009-12-28 22:07 -------- d-----w- c:\program files\IObit
2009-12-24 19:54 . 2009-07-24 15:05 762208 ----a-w- c:\windows\vVX3000.exe
2009-12-24 19:54 . 2009-07-24 15:05 676720 ----a-w- c:\windows\system32\LCCoin30.dll
2009-12-24 19:54 . 2009-07-24 15:05 227680 ----a-w- c:\windows\vVX3000.dll
2009-12-24 19:54 . 2009-07-24 15:05 1961328 ----a-w- c:\windows\system32\drivers\VX3000.sys
2009-12-24 19:54 . 2009-07-24 15:05 175456 ----a-w- c:\windows\system32\cVX3000.dll
2009-12-24 19:54 . 2009-07-24 15:05 101232 ----a-w- c:\windows\VX3000.dll
2009-12-24 19:44 . 2009-12-25 11:54 156984 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-24 19:43 . 2009-12-24 19:43 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-24 19:43 . 2009-12-24 19:43 -------- d-----w- c:\program files\MSBuild
2009-12-24 19:43 . 2009-12-24 19:43 -------- d-----w- c:\program files\Reference Assemblies
2009-12-24 19:43 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-24 19:42 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-24 19:42 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-24 19:42 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-24 19:42 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-24 19:42 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-24 19:42 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-24 19:42 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-24 19:42 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-24 19:37 . 2009-12-24 19:37 -------- d-----w- c:\program files\MSXML 6.0
2009-12-24 18:49 . 2007-07-19 18:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-12-24 18:49 . 2009-12-24 18:49 -------- d-----w- c:\windows\Logs
2009-12-22 22:53 . 2009-12-22 22:53 -------- d-----w- c:\documents and settings\Paul\Application Data\AVS4YOU
2009-12-22 22:53 . 2009-12-22 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-12-22 22:48 . 2009-12-22 22:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-12-22 22:48 . 2009-12-22 22:50 -------- d-----w- c:\program files\AVS4YOU
2009-12-22 22:37 . 2009-12-22 22:38 -------- d-----w- C:\output media
2009-12-22 22:36 . 2009-12-22 22:36 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2009-12-22 22:36 . 2009-12-22 22:43 -------- d-----w- c:\program files\Free Convert All Movie Video Converter Gold
2009-12-22 22:14 . 2009-12-22 22:15 -------- d-----w- c:\program files\DVDx
2009-12-22 21:26 . 2009-12-22 22:01 -------- d-----w- c:\documents and settings\Paul\Application Data\CyberLink
2009-12-22 21:25 . 2009-12-22 22:01 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-22 21:07 . 2009-12-22 21:18 -------- d-----w- c:\program files\CyberLink
2009-12-16 16:52 . 2009-12-17 12:26 -------- d-----w- C:\Netgear

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:36 . 2009-07-05 19:46 -------- d-----w- c:\program files\i-sure Data Backup
2010-01-14 11:17 . 2010-01-14 11:17 52224 ----a-w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-14 11:16 . 2010-01-14 11:16 117760 ----a-w- c:\documents and settings\Paul\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-14 10:26 . 2008-12-15 17:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 19:45 . 2008-11-11 21:09 -------- d-----w- c:\documents and settings\Paul\Application Data\Skype
2010-01-10 19:34 . 2008-11-11 21:10 -------- d-----w- c:\documents and settings\Paul\Application Data\skypePM
2010-01-10 19:18 . 2009-06-14 02:17 77449 ----a-w- c:\windows\system32\nvModes.dat
2010-01-09 18:20 . 2008-10-14 08:25 -------- d-----w- c:\documents and settings\Paul\Application Data\uTorrent
2009-12-28 22:35 . 2008-10-29 11:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Birdstep Technology
2009-12-28 22:35 . 2008-10-09 16:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-28 22:33 . 2009-02-01 16:54 -------- d-----w- c:\program files\Nucleus Kernel Access Recovery
2009-12-28 22:30 . 2009-07-22 23:27 -------- d-----w- c:\program files\eMule
2009-12-28 22:28 . 2008-10-09 18:45 -------- d-----w- c:\program files\Common Files\Macromedia
2009-12-28 22:28 . 2008-10-09 18:45 -------- d-----w- c:\program files\Macromedia
2009-12-28 22:28 . 2008-10-09 17:44 -------- d-----w- c:\program files\Symantec
2009-12-28 22:28 . 2008-10-09 17:43 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-28 22:26 . 2008-12-25 16:25 -------- d-----w- c:\program files\Free UPnP Entertainment Service
2009-12-25 09:18 . 2008-11-26 11:27 49624 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-12-16 14:42 . 2009-12-18 21:55 872960 ----a-w- c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 14:42 . 2009-12-18 21:55 43008 ----a-w- c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 14:42 . 2009-12-18 21:55 340480 ----a-w- c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 14:41 . 2009-12-18 21:55 346624 ----a-w- c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-15 13:14 . 2009-12-15 13:14 -------- d-----w- c:\program files\UltraVNC
2009-11-29 16:32 . 2009-11-29 16:32 -------- d-----w- c:\program files\TagRename
2009-11-29 16:27 . 2008-10-13 12:19 -------- d-----w- c:\documents and settings\Paul\Application Data\Apple Computer
2009-11-29 16:24 . 2009-11-29 16:23 -------- d-----w- c:\program files\iTunes
2009-11-29 16:24 . 2009-11-29 16:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-29 16:23 . 2009-11-29 16:23 -------- d-----w- c:\program files\iPod
2009-11-29 16:23 . 2008-10-13 12:16 -------- d-----w- c:\program files\Common Files\Apple
2009-11-29 16:23 . 2008-10-13 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-29 16:23 . 2009-11-29 16:22 -------- d-----w- c:\program files\QuickTime
2009-11-29 16:20 . 2009-11-29 16:20 -------- d-----w- c:\program files\Apple Software Update
2009-11-29 16:19 . 2009-11-29 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-24 00:29 . 2009-11-24 00:29 -------- d-----w- c:\program files\Ubiquiti Networks
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-05 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-10 344064]
"vptray"="c:\program files\NavNT\vptray.exe" [2000-12-22 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2007-04-14 1556480]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"UCU"="c:\program files\Ubiquiti\UCU.exe" [2008-03-17 561152]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-06 7118848]
"nwiz"="nwiz.exe" [2005-07-06 1519616]
"AgentUiRunKey"="c:\program files\i-sure Data Backup\Agent.exe" [2008-04-24 239104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-23 149280]
"AirControlMonitor"="c:\program files\Ubiquiti Networks\AirControl\bin\aircontrol.exe" [2009-10-06 107792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"VX3000"="c:\windows\vVX3000.exe" [2009-07-24 762208]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-11-14 1278736]
"SS_MW"="c:\program files\Radica\Stylin' Studio\SS_MW.exe" [2008-04-25 524288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\vncviewer.exe"=
"c:\\Program Files\\Ubiquiti Networks\\AirControl\\bin\\aircontrol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\APC\\APC Back-UPS HS\\CFGUtil.exe"=
"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\Cisco-Config-Viewer.exe"=
"c:\\Program Files\\i-sure Data Backup\\Agent.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver MX 2004\\Dreamweaver.exe"=
"c:\\Program Files\\Java\\j2re1.4.2\\bin\\javaw.exe"=
"c:\\Program Files\\SolarWinds\\Engineer's Toolset\\SNMP-Brute-Force-Attack.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 cfadisk;CompactFlash Filter Driver;c:\windows\system32\drivers\cfadisk.sys [15/12/2008 02:18 3712]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [05/01/2010 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/01/2010 07:56 74480]
R2 AgentService;AgentService;c:\program files\i-sure Data Backup\AgentService.exe [24/04/2008 17:51 6311936]
R2 AirControl;Ubiquiti AirControl;c:\program files\Ubiquiti Networks\AirControl\bin\aircontrol.exe [06/10/2009 22:19 107792]
R2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [24/04/2008 17:51 45384]
R3 GTICARD;GTICARD;c:\windows\system32\drivers\gticard.sys [23/10/2003 16:04 76160]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/01/2010 07:56 7408]
R3 SRX;Ubiquiti Wireless Mobility Network Adapter Service;c:\windows\system32\drivers\netsrx.sys [04/12/2008 16:56 1337472]
S0 zmrqohq;zmrqohq; [x]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [28/12/2009 22:07 312592]
S3 AmDriver;AmDriver;c:\windows\system32\AmDriver.sys [09/12/2008 13:03 8192]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [02/06/2009 01:58 13224]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [06/11/2007 20:22 34064]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [05/12/2008 19:34 36928]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\system32\drivers\s3017bus.sys [01/06/2009 23:12 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\system32\drivers\s3017mdfl.sys [01/06/2009 23:12 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\system32\drivers\s3017mdm.sys [01/06/2009 23:12 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s3017mgmt.sys [01/06/2009 23:12 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\system32\drivers\s3017nd5.sys [01/06/2009 23:12 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\system32\drivers\s3017obex.sys [01/06/2009 23:12 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\system32\drivers\s3017unic.sys [01/06/2009 23:12 110120]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [16/11/2008 20:05 146720]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {014C1714-199E-4141-96E6-1DF6257898E8} = 212.104.130.9
TCP: {A7B9C739-4C26-4B57-846A-05532AB2A1D2} = 212.104.130.9
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\birw5r0v.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BVRPLiveUpdate - c:\program files\Avanquest update\Engine\Setup.exe
AddRemove-Soft-Central SC-PassUnleash - c:\program files\Soft-Central\SC-PassUnleash\Uninstall



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 16:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1104)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\NavLogon.dll

- - - - - - - > 'explorer.exe'(2984)
c:\windows\system32\nview.dll
c:\windows\system32\msi.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\system32\acs.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\NavNT\defwatch.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NavNT\rtvscan.exe
c:\windows\system32\nvsvc32.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Tenable\Nessus\nessusd.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\windows\system32\MsgSys.EXE
c:\windows\System32\vssvc.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-01-14 16:56:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-14 16:55

Pre-Run: 2,535,964,672 bytes free
Post-Run: 2,623,365,120 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 489E6FC00A40B5748AE15DBF35ED073C


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 14 January 2010 - 09:05 PM

Hi,

that log is actually looking rather good. smile.gif It seems ComboFix did a nice job.

There are a couple of things I wouldn like to draw your attention to, for one One last word of advice though:

You're running low on diskspace.
Windows usually needs at least 15% of the systempartition to be free, to function without problems.
You currently only have about 5%

In order to free up some space you could do the following:
  • uninstall all unneeded programs.
    As an example you do not need several anti spyware programs. One should be enough. smile.gif
  • clean out all your temporary files
    eg with ATF cleaner from Atribune
  • Finally another way of gaining some disk space is to turn of the indexing service.[list]
  • Go to Start, My Computer Right-click on the hard-drive letter for the system, (usually C: )
  • Uncheck the box labeled "Allow Indexing Service to index this disk for fast file searching"
  • If it asks whether to apply to all files and folders, answer Yes.
    You may have to wait while it resets the file attributes

Related to this I see that you have several old java versions installed:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 17.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Finally I noticed that you have IObit, there has been quite some discussion about this program, you can read more on this here: http://www.bleepingcomputer.com/forums/t/268761/iobit-steals-malwarebytes-intellectual-property/

I would like you to run a scan with gmer to check for remaining rootkits:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 commsgeek

commsgeek
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 15 January 2010 - 05:01 AM

thanks for all the advice myrti. Have cleaned up the xp partition - it now has about 25% / 8GB free. Had been meaning to do it for some time but never knew windows liked to have at least 15% free! Have uninstalled all the old versions of java - and have installed the latest version only - its update 18 now btw. Have also uninstalled IOBit after reading that thread - thanks for pointing it out - I didn't realise they appear to have ripped MBAMs definitions off. With how useful MBAM has been for me over the past couple of years theres no way I'll be using IOBit again.

Followed your guide to run a GMER scan. It took hours so left running overnight. When I got up this morning it was showing an error and when I tried to save the log manually it locked the machine. Luckily I managed to get a screenshot showing the error and the results so might help in the meantime. As you suggest, I'll have a go running in safe mode to see if that helps.

cheers

commsgeek

Attached Files



#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 15 January 2010 - 04:11 PM

Hi,

if you can not run gmer successfully please run the following two tools instead:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.

And MBR:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 commsgeek

commsgeek
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:18 AM

Posted 19 January 2010 - 05:18 PM

sorry for taking so long to get back - have been busy at work.

I've pasted the RootRepeal output below. couldn't appear to get MBR to run correctly though - saved to the root, ran with those switches from command line but have only got a blank mbr.log file in the root. didn't see any dos window popup either.

RootRepeal Log:

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/19 22:09
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF5A6F000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B5E000 Size: 8192 File Visible: No Signed: -
Status: -

Name: mbr.sys
Image Path: C:\DOCUME~1\Paul\LOCALS~1\Temp\mbr.sys
Address: 0xF8966000 Size: 20864 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB9236000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\paul\local settings\temp\perflib_perfdata_66c.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\paul\application data\superantispyware.com\superantispyware\applogs\superantispyware-1-19-2010( 17-47-46 ).sdb
Status: Allocation size mismatch (API: 16384, Raw: 4096)

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Paul\Local Settings\Apps\2.0\WG553KJE.Z4O\VRAAVD3C.T9X\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xf5b870b0

==EOF==

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 20 January 2010 - 02:01 PM

Hi,

please try running the following batch then:

Open Notepad and copy/paste the code box below into a new text file.
CODE
@echo off
c:\mbr.exe -t >"C:\mbr.log"
notepad C:\mbr.log
  • Save the file as query.bat by choosing save as *All Files, and save it to your Desktop.
  • Locate "query.bat" and double-click on it to run. (It is important that you run the script from the drive where your operating system is installed).
  • It will open a text file, please copy the content in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:18 AM

Posted 25 January 2010 - 08:46 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users