Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Visited a website & got a virus warning from Avira. Ran scans. Am I safe now?


  • This topic is locked This topic is locked
20 replies to this topic

#1 skyfish

skyfish

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 11 January 2010 - 08:59 PM

Originally posted here:
http://www.bleepingcomputer.com/forums/t/285650/i-visited-a-web-site-and-got-a-warning-from-avira/
boopme told me to run a HJT log and post here to be safe. smile.gif

I visited a web site recently to check if the address had already been taken by someone else.
When I arrived at the site I got a javascript pop-up saying "You've been hacked! haha" (or something like that) and then got a warning from Avira in the mozilla cache folder. I selected the option to deny access.

I used these programs to help fight against anything that might have happened after visiting the site:
A-Squared Anti-Malware - normal scan and deep scan
Avira
TFC.exe
Link Advisor
Zone Alarm


I'm not noticing any recent bad symptoms on my computer but I want to be safe. Is everything okay? Did that site install a keylogger on my computer?

DDS & Root Repeal:


DDS (Ver_09-12-01.01) - NTFSx86
Run by summer at 19:37:10.54 on Mon 01/11/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6001.1.1252.1.1033.18.1917.897 [GMT -5:00]

AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Nero\Nero LiquidTV\NTTxSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Nero\Nero LiquidTV\NTCommunicationLogic.exe
C:\Program Files\Nero\Nero LiquidTV\NeroTiVoBackground.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\summer\Desktop\RootRepeal.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\summer\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Watch for Browser Events: {42a7ce31-cee7-4cce-a060-a44a7e52e062} - c:\progra~1\keyboa~1\kie.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {F67BEA7B-70D4-4417-9227-480B35DDD500} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PlayNC Launcher]
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [WTClient] WTClient.exe
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\summer\appdata\roaming\mozilla\firefox\profiles\pdhjrq7o.default\
FF - component: c:\program files\mozilla firefox\components\coFFPlgn.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\summer\appdata\roaming\mozilla\firefox\profiles\pdhjrq7o.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-1-23 11608]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20090310.005\IDSvix86.sys [2009-3-11 270384]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2010-1-9 1858144]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-1-23 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-1-23 151297]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CamthWDM.sys [2008-2-8 941784]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-1-23 52056]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\drivers\PTSimBus.sys [2007-6-7 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\drivers\PTSimHid.sys [2007-4-23 10752]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2008-2-28 281088]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-8-12 41008]
S1 aiptektp;Pen Pad;c:\windows\system32\drivers\aiptektp.sys [2008-12-23 22528]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-28 23888]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-5-31 12672]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-3-7 101936]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\system32\drivers\hcw72ADFilter.sys [2009-10-9 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\system32\drivers\hcw72ATV.sys [2009-11-23 1208448]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\system32\drivers\hcw72DTV.sys [2009-10-9 1217152]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 tivoir;TiVo IR Transceiver Driver;c:\windows\system32\drivers\tivoir.sys [2008-10-15 10496]
S3 XDva285;XDva285;c:\windows\system32\XDva285.sys [2009-9-16 55680]

=============== Created Last 30 ================

2010-01-11 08:04:31 0 d-----w- c:\windows\Internet Logs
2010-01-11 04:32:00 22528 ----a-w- c:\windows\system32\netiougc.exe
2010-01-11 04:32:00 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-01-11 04:29:53 0 d-----w- c:\programdata\CheckPoint
2010-01-11 02:37:51 0 d-----w- c:\users\summer\appdata\roaming\CallingID
2010-01-09 06:20:38 0 d-----w- c:\program files\a-squared Anti-Malware
2010-01-07 09:25:56 0 d-----w- c:\program files\Pixologic
2010-01-06 00:04:49 0 d-----w- c:\program files\MAXON
2010-01-05 23:54:18 0 d-----w- c:\users\summer\appdata\roaming\MAXON
2010-01-05 04:42:12 0 d-----w- C:\Python26
2010-01-05 04:34:20 0 d-----w- c:\program files\Blender Foundation
2009-12-29 18:35:18 0 d-----w- c:\program files\NCSoft
2009-12-28 00:44:31 0 d-----w- c:\programdata\ArcSoft
2009-12-28 00:41:42 0 d-----w- c:\users\summer\appdata\roaming\HP SimpleSave Application
2009-12-26 18:36:05 3847 ----a-w- c:\windows\Tablet8000x6000M.ini
2009-12-26 18:09:16 0 d-----w- c:\windows\system32\TabletPmt
2009-12-26 18:09:16 0 d-----w- c:\program files\TABLET

==================== Find3M ====================

2010-01-11 07:57:13 86016 ----a-w- c:\windows\inf\infstor.dat
2010-01-11 07:57:13 51200 ----a-w- c:\windows\inf\infpub.dat
2010-01-11 07:57:13 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-26 13:24:30 2149888 ----a-w- c:\windows\system32\python26.dll
2009-01-14 23:50:13 1974 ----a-w- c:\program files\trapcodehorizon.log
2009-01-14 23:37:21 3701 ----a-w- c:\program files\imageLounge.log
2009-01-13 09:51:38 36868 ----a-w- c:\program files\uninst-Particular.exe
2008-07-28 03:29:25 1230 ----a-w- c:\program files\wow-realmlist.txt
2008-06-11 07:07:56 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-06-07 07:04:39 197 --sha-w- c:\program files\common files\maxtreme.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-08-10 20:26:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-08-10 20:26:10 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-08-10 20:26:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-01-23 22:05:58 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2009-01-23 22:05:58 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012320090124\index.dat
2009-01-29 01:12:48 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009012820090129\index.dat
2009-06-09 02:36:55 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009060820090609\index.dat
2009-09-06 08:26:43 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009090620090907\index.dat

============= FINISH: 19:37:42.33 ===============

Edited by myrti, 29 January 2010 - 05:37 PM.
removed attachements upon user request.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 17 January 2010 - 02:50 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  1. Please download OTL from following mirror:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 January 2010 - 12:54 PM

Thanks for replying. I will download and run that program later when I'm at home. Based off of what I already posted does it look like there is anything wrong? I'm wondering if there's a keylogger or not.

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 19 January 2010 - 01:04 PM

Hi,

there are signs of active infection and previous rootkit infections. If you want to be on the safe side:
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

I will need scans with OTL and probably gmer to be able to say more, though.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 January 2010 - 07:22 PM

OTL logfile created on: 1/19/2010 5:40:48 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\summer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 52.51 Gb Free Space | 23.67% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.22 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUMMER-PC
Current User Name: summer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 12:29:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\summer\Desktop\OTL.exe
PRC - [2009/12/21 14:32:54 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Anti-Malware\a2service.exe
PRC - [2009/09/28 08:36:16 | 01,028,432 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/09/23 09:34:06 | 00,073,728 | ---- | M] (Tablet Driver) -- C:\Windows\System32\drivers\WTSrv.exe
PRC - [2009/07/02 08:15:29 | 02,364,712 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero LiquidTV\NTTxSvc.exe
PRC - [2009/07/02 08:14:56 | 01,353,000 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero LiquidTV\NTCommunicationLogic.exe
PRC - [2009/07/02 08:14:35 | 05,424,424 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero LiquidTV\NeroTiVoBackground.exe
PRC - [2009/05/16 15:19:48 | 01,277,952 | ---- | M] (CPUID) -- C:\Program Files\CPUID\HWMonitor\HWMonitor.exe
PRC - [2009/01/15 05:59:06 | 01,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2009/01/13 05:38:07 | 00,079,360 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2008/12/01 15:44:10 | 00,720,896 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\System32\Ati2evxx.exe
PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/09/02 11:48:12 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2008/09/02 11:40:46 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
PRC - [2008/01/20 21:25:31 | 00,300,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2008/01/20 21:24:24 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/20 21:23:52 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/20 21:23:40 | 00,244,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wisptis.exe
PRC - [2008/01/20 21:23:32 | 00,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2007/09/06 21:23:36 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Windows\sttray.exe
PRC - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/24 08:07:08 | 00,149,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/05/31 08:21:28 | 00,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdc.exe
PRC - [2007/04/26 04:38:34 | 00,865,840 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/04 23:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 12:29:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\summer\Desktop\OTL.exe
MOD - [2008/01/20 21:25:29 | 00,380,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2008/01/20 21:23:44 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (npggsvc)
SRV - [2009/11/13 15:13:04 | 00,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/01 16:03:14 | 01,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2009/09/28 08:36:16 | 01,028,432 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/23 09:34:06 | 00,073,728 | ---- | M] (Tablet Driver) [Auto | Running] -- C:\Windows\System32\Drivers\WTSRV.EXE -- (WinTabService)
SRV - [2009/07/02 08:15:29 | 02,364,712 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero LiquidTV\NTTxSvc.exe -- (NTTxSvc)
SRV - [2009/07/02 08:15:29 | 02,364,712 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero LiquidTV\NTTxSvc.exe -- (NTTxHTTP)
SRV - [2009/07/02 08:14:56 | 01,353,000 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero LiquidTV\NTCommunicationLogic.exe -- (NTCommunicationLogic)
SRV - [2009/07/02 08:14:35 | 05,424,424 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero LiquidTV\NeroTiVoBackground.exe -- (NTBackground)
SRV - [2009/05/01 02:35:45 | 00,322,032 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/15 05:59:06 | 01,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/01/13 05:38:07 | 00,079,360 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/01/08 17:27:16 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/01 15:44:10 | 00,720,896 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\System32\Ati2evxx.exe -- (Ati External Event Utility)
SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/08/15 05:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/24 12:26:18 | 00,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/03/10 00:04:52 | 00,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 14:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/09/06 21:25:12 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/31 11:49:50 | 00,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/24 08:07:08 | 00,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2007/08/24 08:07:08 | 00,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/08/24 08:07:08 | 00,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/08/24 08:07:08 | 00,149,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/08/24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007/08/22 23:35:22 | 03,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/08/21 10:21:30 | 00,055,640 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/07/24 14:17:08 | 00,229,376 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/05/31 08:21:24 | 00,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 08:21:18 | 00,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/01/19 15:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 17:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/04 23:10:12 | 00,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/10/09 16:16:08 | 01,217,152 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72DTV.sys -- (hcw72DTV)
DRV - [2009/10/09 16:08:18 | 00,028,928 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72ADFilter.sys -- (hcw72ADFilter)
DRV - [2009/09/19 15:26:12 | 00,006,784 | ---- | M] (SoftCamp Co., Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsk4.sys -- (scsk4)
DRV - [2009/09/18 12:42:52 | 00,037,867 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Tablet2k.cat -- (Tablet2k)
DRV - [2009/09/16 18:37:39 | 00,055,680 | ---- | M] (www.wiselogic.co.kr) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva285.sys -- (XDva285)
DRV - [2009/05/28 20:59:09 | 00,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 20:59:03 | 00,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 20:59:00 | 00,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/27 00:16:28 | 00,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/27 04:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/02/27 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/01/02 21:53:44 | 00,270,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20090310.005\IDSvix86.sys -- (IDSvix86)
DRV - [2008/12/01 17:14:33 | 04,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/10/15 05:12:58 | 00,010,496 | ---- | M] (TiVo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tivoir.sys -- (tivoir)
DRV - [2008/09/17 15:14:00 | 00,027,672 | R--- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Entech.sys -- (ENTECH)
DRV - [2008/09/08 09:10:24 | 00,014,848 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UCTblHid.sys -- (UCTblHid)
DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\adfs.sys -- (adfs)
DRV - [2008/07/30 17:42:12 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/28 06:57:30 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/07/10 08:35:22 | 00,032,000 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/04/01 02:35:58 | 01,208,448 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcw72ATV.sys -- (hcw72ATV)
DRV - [2008/02/28 04:45:53 | 00,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/02/08 23:58:22 | 00,941,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CamthWDM.sys -- (CamthWDM)
DRV - [2008/02/06 03:00:00 | 00,044,608 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/01/20 21:23:27 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 00,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 00,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 00,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 00,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 00,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 00,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 00,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:25 | 00,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV - [2008/01/20 21:23:24 | 01,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 00,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 00,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 00,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 00,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 00,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 00,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 00,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 00,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 00,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 00,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/10 03:00:00 | 00,009,200 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2007/12/10 03:00:00 | 00,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2007/10/03 03:18:12 | 00,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/27 20:33:26 | 00,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/09/06 21:26:04 | 00,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/17 00:23:28 | 00,446,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/08/12 23:50:34 | 00,188,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/12 23:50:34 | 00,096,432 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/08/12 23:50:34 | 00,041,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/08/12 23:50:34 | 00,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/08/12 23:50:34 | 00,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/08/09 03:27:54 | 00,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2007/08/09 03:27:54 | 00,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SymIM.sys -- (SymIM)
DRV - [2007/08/08 02:39:56 | 00,036,056 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2007/07/30 09:43:42 | 00,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/07/30 09:43:42 | 00,278,576 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/07/30 09:43:42 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/07/18 03:40:00 | 00,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/06/07 12:16:28 | 00,018,944 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimBus.sys -- (PTSimBus)
DRV - [2007/06/02 13:59:42 | 00,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2007/05/23 20:37:40 | 00,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/26 04:38:40 | 00,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/23 10:28:56 | 00,018,432 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TClass2k.sys -- (TClass2k)
DRV - [2007/04/23 10:28:56 | 00,010,752 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PTSimHid.sys -- (PTSimHid)
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2006/11/28 02:11:00 | 01,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:45 | 01,302,492 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/11/02 02:30:56 | 02,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:56 | 00,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/10/29 21:23:12 | 00,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [2006/06/06 09:51:06 | 00,022,528 | ---- | M] (WALTOP International Corp.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aiptektp.sys -- (aiptektp)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-614758702-3636996587-203661250-1000\S-1-5-21-614758702-3636996587-203661250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-614758702-3636996587-203661250-1000\S-1-5-21-614758702-3636996587-203661250-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}:1.0.3.93

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/21 14:33:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/21 14:33:01 | 00,000,000 | ---D | M]

[2008/08/27 20:18:36 | 00,000,000 | ---D | M] -- C:\Users\summer\AppData\Roaming\Mozilla\Extensions
[2010/01/18 22:42:21 | 00,000,000 | ---D | M] -- C:\Users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions
[2009/12/28 18:08:41 | 00,000,000 | ---D | M] () -- C:\Users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}
[2009/10/12 02:28:17 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/03/18 21:42:37 | 00,000,000 | ---D | M] -- C:\Users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions\SolidStateION@solidstatenetworks.com
[2008/06/04 18:20:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/27 20:18:33 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org
[2007/08/24 06:52:00 | 00,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2008/04/16 18:09:28 | 00,249,856 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npff_gdm.dll
[2009/01/28 22:08:04 | 00,132,528 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
[2008/09/10 02:39:42 | 00,075,184 | ---- | M] (NHN USA Inc. ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/08/13 14:33:28 | 00,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2009/10/01 17:02:50 | 00,000,060 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\real\realplayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Watch for Browser Events) - {42A7CE31-CEE7-4CCE-A060-A44A7E52E062} - C:\Program Files\Keyboard Express 3\kie.dll (Insight Software Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-614758702-3636996587-203661250-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-614758702-3636996587-203661250-1000\..\Toolbar\WebBrowser: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WTClient] C:\Windows\System32\WTClient.exe (Tablet Driver)
O4 - HKU\S-1-5-21-614758702-3636996587-203661250-1000..\Run: [AdobeUpdater6] C:\Program Files\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-614758702-3636996587-203661250-1000..\Run: [PlayNC Launcher] File not found
O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-614758702-3636996587-203661250-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-614758702-3636996587-203661250-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gateway.com/support/serialharvest/gwCID.CAB (compid Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\flower-bg2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\flower-bg2.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/13 05:23:05 | 00,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3ac665ae-f327-11de-9093-00e0b8e8859e}\Shell - "" = AutoRun
O33 - MountPoints2\{3ac665ae-f327-11de-9093-00e0b8e8859e}\Shell\AutoRun\command - "" = K:\HPLauncher.exe -- File not found
O33 - MountPoints2\{bfeb3a6c-190b-11de-a8af-00e0b8e8859e}\Shell - "" = AutoRun
O33 - MountPoints2\{bfeb3a6c-190b-11de-a8af-00e0b8e8859e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 12:29:21 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Users\summer\Desktop\OTL.exe
[2010/01/11 03:04:31 | 00,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2010/01/10 23:32:00 | 00,170,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010/01/10 23:32:00 | 00,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010/01/10 23:29:53 | 00,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2010/01/10 21:49:41 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/10 21:37:51 | 00,000,000 | ---D | C] -- C:\Users\summer\AppData\Roaming\CallingID
[2010/01/09 01:20:38 | 00,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2010/01/09 01:20:38 | 00,000,000 | ---D | C] -- C:\Users\summer\Documents\a-squared
[2010/01/08 02:08:59 | 00,000,000 | ---D | C] -- C:\Users\summer\Desktop\Art Stuff
[2010/01/07 04:25:56 | 00,000,000 | ---D | C] -- C:\Program Files\Pixologic
[2010/01/05 23:13:19 | 00,000,000 | ---D | C] -- C:\Users\summer\Documents\tex
[2010/01/05 19:04:49 | 00,000,000 | ---D | C] -- C:\Program Files\MAXON
[2010/01/05 18:54:18 | 00,000,000 | ---D | C] -- C:\Users\summer\AppData\Roaming\MAXON
[2010/01/05 17:35:51 | 00,000,000 | ---D | C] -- C:\Users\summer\Desktop\CINEMA 4D
[2010/01/04 23:42:12 | 00,000,000 | ---D | C] -- C:\Python26
[2010/01/04 23:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Blender Foundation
[2010/01/03 05:07:20 | 00,000,000 | ---D | C] -- C:\Users\summer\AppData\Local\Downloaded Installations
[2009/12/29 21:31:31 | 00,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2009/12/29 21:31:29 | 05,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2009/12/29 21:31:29 | 01,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2009/12/29 21:31:29 | 00,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2009/12/29 21:31:28 | 01,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2009/12/29 21:31:28 | 01,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2009/12/29 21:31:28 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2009/12/29 21:31:28 | 00,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2009/12/29 21:31:28 | 00,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2009/12/29 21:31:27 | 00,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2009/12/29 21:31:27 | 00,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2009/12/29 21:31:25 | 02,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2009/12/29 21:31:25 | 00,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2009/12/29 21:31:25 | 00,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2009/12/29 21:31:25 | 00,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2009/12/29 21:31:24 | 04,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2009/12/29 21:31:24 | 00,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2009/12/29 21:31:24 | 00,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2009/12/29 21:31:23 | 00,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2009/12/29 21:31:23 | 00,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2009/12/29 13:35:18 | 00,000,000 | ---D | C] -- C:\Program Files\NCSoft
[2009/12/27 19:44:31 | 00,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2009/12/27 19:41:53 | 00,000,000 | ---D | C] -- C:\Users\summer\AppData\Roaming\ArcSoft
[2009/12/27 19:41:42 | 00,000,000 | ---D | C] -- C:\Users\summer\AppData\Roaming\HP SimpleSave Application
[2009/12/26 13:09:16 | 00,000,000 | ---D | C] -- C:\Windows\System32\TabletPmt
[2009/12/26 13:09:16 | 00,000,000 | ---D | C] -- C:\Program Files\TABLET
[2009/03/20 00:43:55 | 01,654,869 | ---- | C] (Dynu Systems Inc.) -- C:\ProgramData\DynuEncrypt.dll

========== Files - Modified Within 30 Days ==========

[2010/01/19 12:40:43 | 05,767,168 | -HS- | M] () -- C:\Users\summer\ntuser.dat
[2010/01/19 12:29:22 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Users\summer\Desktop\OTL.exe
[2010/01/19 11:53:36 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 11:53:36 | 00,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/19 09:53:38 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/18 20:20:49 | 00,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - summer.job
[2010/01/18 09:35:36 | 00,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/01/17 19:23:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/17 19:22:54 | 20,112,83456 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/17 19:21:30 | 00,524,288 | -HS- | M] () -- C:\Users\summer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/17 19:21:30 | 00,065,536 | -HS- | M] () -- C:\Users\summer\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/17 13:06:17 | 07,374,500 | ---- | M] () -- C:\Users\summer\Documents\ship.blend
[2010/01/17 13:05:58 | 02,106,033 | ---- | M] () -- C:\Users\summer\Documents\ship.obj
[2010/01/17 13:05:58 | 00,000,045 | ---- | M] () -- C:\Users\summer\Documents\ship.mtl
[2010/01/17 09:12:44 | 00,327,680 | ---- | M] () -- C:\Users\summer\Desktop\neos-safekeys-2008-v2_3_2.exe
[2010/01/16 12:56:57 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/16 12:56:34 | 04,176,367 | -H-- | M] () -- C:\Users\summer\AppData\Local\IconCache.db
[2010/01/16 09:59:13 | 00,089,600 | ---- | M] () -- C:\Users\summer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/16 07:55:52 | 01,920,040 | ---- | M] () -- C:\Users\summer\Desktop\test-texture.PSD
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/01/11 18:55:42 | 00,000,000 | ---- | M] () -- C:\Users\summer\Desktop\settings.dat
[2010/01/11 05:30:02 | 21,578,688 | ---- | M] () -- C:\Users\summer\Documents\head-mad2.OBJ
[2010/01/11 05:30:02 | 00,000,104 | ---- | M] () -- C:\Users\summer\Documents\head-mad2.mtl
[2010/01/11 05:22:22 | 89,134,502 | ---- | M] () -- C:\Users\summer\Documents\head-mad.OBJ
[2010/01/11 05:22:22 | 00,000,103 | ---- | M] () -- C:\Users\summer\Documents\head-mad.mtl
[2010/01/10 23:53:32 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/10 08:16:13 | 00,704,434 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/10 08:16:13 | 00,604,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/10 08:16:13 | 00,105,376 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/09 01:20:55 | 00,000,815 | ---- | M] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010/01/07 20:39:26 | 16,854,662 | ---- | M] () -- C:\Users\summer\Documents\test-sphere.OBJ
[2010/01/07 20:39:26 | 03,145,782 | ---- | M] () -- C:\Users\summer\Documents\test-sphere.BMP
[2010/01/07 20:39:26 | 00,000,106 | ---- | M] () -- C:\Users\summer\Documents\test-sphere.mtl
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 02:15:06 | 03,158,000 | ---- | M] () -- C:\Users\summer\Documents\untitled.blend
[2010/01/04 23:36:18 | 00,001,885 | ---- | M] () -- C:\Users\summer\Desktop\Blender.lnk
[2009/12/28 18:10:29 | 00,001,688 | ---- | M] () -- C:\Users\summer\Desktop\Free Realms.lnk
[2009/12/26 13:36:05 | 00,003,847 | ---- | M] () -- C:\Windows\Tablet8000x6000M.ini
[2009/12/25 15:32:18 | 00,007,268 | ---- | M] () -- C:\Users\summer\AppData\Local\d3d9caps.dat
[2009/12/21 06:37:48 | 67,337,745 | ---- | M] () -- C:\Users\summer\Desktop\kp.zip

========== Files Created - No Company Name ==========

[2010/01/17 13:06:17 | 07,374,500 | ---- | C] () -- C:\Users\summer\Documents\ship.blend
[2010/01/17 13:05:58 | 00,000,045 | ---- | C] () -- C:\Users\summer\Documents\ship.mtl
[2010/01/17 13:05:57 | 02,106,033 | ---- | C] () -- C:\Users\summer\Documents\ship.obj
[2010/01/17 09:12:42 | 00,327,680 | ---- | C] () -- C:\Users\summer\Desktop\neos-safekeys-2008-v2_3_2.exe
[2010/01/16 07:55:46 | 01,920,040 | ---- | C] () -- C:\Users\summer\Desktop\test-texture.PSD
[2010/01/11 18:55:42 | 00,000,000 | ---- | C] () -- C:\Users\summer\Desktop\settings.dat
[2010/01/11 05:30:02 | 00,000,104 | ---- | C] () -- C:\Users\summer\Documents\head-mad2.mtl
[2010/01/11 05:29:59 | 21,578,688 | ---- | C] () -- C:\Users\summer\Documents\head-mad2.OBJ
[2010/01/11 05:22:22 | 00,000,103 | ---- | C] () -- C:\Users\summer\Documents\head-mad.mtl
[2010/01/11 05:22:08 | 89,134,502 | ---- | C] () -- C:\Users\summer\Documents\head-mad.OBJ
[2010/01/09 01:20:55 | 00,000,815 | ---- | C] () -- C:\Users\Public\Desktop\a-squared Anti-Malware.lnk
[2010/01/07 20:39:26 | 03,145,782 | ---- | C] () -- C:\Users\summer\Documents\test-sphere.BMP
[2010/01/07 20:39:26 | 00,000,106 | ---- | C] () -- C:\Users\summer\Documents\test-sphere.mtl
[2010/01/07 20:39:23 | 16,854,662 | ---- | C] () -- C:\Users\summer\Documents\test-sphere.OBJ
[2010/01/05 02:15:06 | 03,158,000 | ---- | C] () -- C:\Users\summer\Documents\untitled.blend
[2010/01/04 23:36:18 | 00,001,885 | ---- | C] () -- C:\Users\summer\Desktop\Blender.lnk
[2009/12/28 18:10:29 | 00,001,688 | ---- | C] () -- C:\Users\summer\Desktop\Free Realms.lnk
[2009/12/26 13:36:05 | 00,003,847 | ---- | C] () -- C:\Windows\Tablet8000x6000M.ini
[2009/12/21 06:34:27 | 67,337,745 | ---- | C] () -- C:\Users\summer\Desktop\kp.zip
[2009/04/27 20:31:47 | 00,000,126 | ---- | C] () -- C:\Windows\System32\msexcr.ini
[2009/04/25 03:35:21 | 01,073,152 | ---- | C] () -- C:\Windows\System32\libmysql_c.dll
[2009/04/21 17:25:34 | 00,000,000 | ---- | C] () -- C:\Users\summer\AppData\Roaming\wklnhst.dat
[2009/03/09 20:36:51 | 00,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/01/14 18:50:12 | 00,001,974 | ---- | C] () -- C:\Program Files\trapcodehorizon.log
[2009/01/14 18:37:20 | 00,003,701 | ---- | C] () -- C:\Program Files\imageLounge.log
[2009/01/13 04:51:38 | 00,036,868 | ---- | C] () -- C:\Program Files\uninst-Particular.exe
[2009/01/06 12:55:16 | 00,000,290 | ---- | C] () -- C:\Windows\game.ini
[2008/12/23 10:01:00 | 00,200,704 | ---- | C] () -- C:\Windows\System32\WinTab32.dll
[2008/12/23 10:01:00 | 00,005,511 | ---- | C] () -- C:\Windows\aiptbl.ini
[2008/11/06 04:48:41 | 00,000,110 | ---- | C] () -- C:\Windows\GMouse.ini
[2008/10/19 19:45:52 | 00,007,268 | ---- | C] () -- C:\Users\summer\AppData\Local\d3d9caps.dat
[2008/10/07 08:13:30 | 00,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 00,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/02 18:38:39 | 00,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2008/08/02 18:38:39 | 00,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/07/30 21:17:53 | 00,000,094 | ---- | C] () -- C:\Users\summer\AppData\Local\fusioncache.dat
[2008/07/28 07:51:16 | 00,040,960 | ---- | C] () -- C:\Windows\System32\psfind.dll
[2008/07/28 06:57:30 | 00,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/07/25 23:17:14 | 00,001,230 | ---- | C] () -- C:\Program Files\wow-realmlist.txt
[2008/07/08 16:50:53 | 00,516,096 | ---- | C] () -- C:\Windows\System32\RegisterDialog.dll
[2008/07/07 00:36:39 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/07/07 00:36:38 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/06/11 14:55:34 | 00,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2008/06/10 19:07:20 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/06/07 02:04:39 | 00,000,197 | -HS- | C] () -- C:\Program Files\Common Files\maxtreme.dat
[2008/06/06 00:25:33 | 00,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/06/06 00:25:33 | 00,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/06/05 03:15:12 | 00,089,600 | ---- | C] () -- C:\Users\summer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/05/22 17:18:54 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/02/28 04:21:40 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/28 04:21:14 | 01,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008/02/08 23:58:22 | 00,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CamthWDM.sys
[2007/11/14 20:24:14 | 00,003,584 | ---- | C] () -- C:\Windows\System32\wceprv.dll
[2007/04/24 14:31:12 | 00,010,240 | ---- | C] () -- C:\Windows\System32\ucinst32.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >














OTL Extras logfile created on: 1/19/2010 5:40:48 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Users\summer\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 52.51 Gb Free Space | 23.67% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.22 Gb Free Space | 47.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUMMER-PC
Current User Name: summer
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [SpaceMonger] -- "C:\Program Files\SpaceMonger\SpaceMonger.exe" ; show-free-space false ; show-system-space false ; set-root "%l" (Sixty-Five Software, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NCsoft\Exteel\System\Exteel.exe" = C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel -- File not found
"C:\Program Files\Persona\Persona.exe" = C:\Program Files\Persona\Persona.exe:*:Enabled:Persona -- (CDNetworks Co.,Ltd)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13A8AA24-4648-4C99-8DC2-5521FC61F91C}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{165CD530-1852-460D-BD01-0D0575F9854A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{19D827EE-CAAB-45A9-B2AC-EE381ABF9DE9}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{50F21AB9-82DA-40F1-AB79-33C32360573D}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54FCFA9F-9959-4C4A-9D58-6A7F2B1BBE49}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6CAB2853-DE9A-4103-B0C3-FA3DDE6E89D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6CF53F02-99F3-44ED-AAA8-9B91D560587F}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{800482B1-6E99-4717-94DA-B3F0F224F39D}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{A305DB03-B9A7-49BD-B971-530B2A92F9B3}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C4C0D52F-619D-4E43-8D9C-15FCCEEEDC64}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{C4FC2373-D345-4114-8906-13495CF63E5A}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D35ADAF0-5DD8-47A5-A53F-F8F013D32C1C}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{F872AA9D-0F45-4D85-A8C8-4B83CC80315F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7E18E3-07FA-47E4-997E-18F519668E0A}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nttxsvc.exe |
"{12448DF1-DB65-49E6-AD38-43C15DDEC95A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1D6AD88D-BADB-4350-A74A-7CEEE1A15C80}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1E23864A-4BC8-4038-912F-66D210372800}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{1E432C92-2363-423D-8264-575CA0644799}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1E76F0CF-C542-4E51-9814-7FC865A53807}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nttxh.exe |
"{23A38819-FD3A-4A53-BD1E-B781AD558530}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2444A72E-298D-4945-9E62-51570ED3A860}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2A45CE4C-41F4-4EF2-A56F-01C3850FC253}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2B8B97B7-6A5A-4EC9-AFE2-3C0CD62C3A8E}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{2D12BAAF-1797-4EE7-84AB-E95D24BA2A8B}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{2FEEE9C8-4734-4F11-8DC1-8CFE34049173}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nttxh.exe |
"{32834E87-5379-4D10-B256-8B7264F5048C}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nmdllhost.exe |
"{347D1AD0-D435-4B2B-AF58-76DDE82717FE}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{38394F99-6DFA-4AB3-B269-4A9AC4A50752}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{39ADF397-3554-49F7-8F8B-7E8AE866A09F}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{3F6E4374-7743-490D-994A-1A32350D23F1}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{45478425-4D82-4AE0-844F-9B54F1AFF5C2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49454DA5-A29F-441F-8BC4-E3E72BE00133}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4F599D9C-63B9-41D5-9CC8-563535C72103}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nttxh.exe |
"{515E6B5C-60E8-4274-B3B0-BC9AB877DDA1}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{668AAD82-CCD1-459E-A99C-D1AD9B40FC86}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{6E2E43C3-AB14-4787-BA30-31EFD17E8424}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{6F1C94F2-D0F4-4C39-B7B9-CE4411D9CE5A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{709F6765-F19D-413C-806E-A1875891658A}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{71720E70-0E26-4AF4-8491-9E361D23CFDC}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7586C7B5-D249-442A-896C-92E468D92A08}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{78720786-1C74-4183-8AF4-8A79C7330D87}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{7F3A4922-DAAE-4F2A-AE0A-A3F81424F03B}" = protocol=17 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{8420360B-7176-4503-A6E0-99A0E4E349EE}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nmdllhost.exe |
"{846A9A28-2CC5-4FFE-8220-A0AD1A59F53D}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{8B6E7B14-05F2-4035-A692-BB2DB489C74B}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{94739092-AF88-41CE-AAAA-56F3D13385B4}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nerotivobackground.exe |
"{969E836B-F3A1-45ED-9D67-99D54B2AC06B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{99425F92-A629-4079-AAA5-E0C1390B5662}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9A3E06F7-A7E4-41B4-A0D2-89D8F1A57F7A}" = protocol=6 | dir=in | app=c:\program files\autodesk\3ds max 2009\3dsmax.exe |
"{A2D802FD-1A0F-44C9-AB1E-82ECFED3E4FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A2DCF591-976D-4E85-91AD-2E7833DA76D3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A5C272B2-952B-4A66-91C4-F2FA728D5877}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nerotivobackground.exe |
"{AADB2056-ABA5-4E55-9E12-F752FE352710}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{AC6B1249-33EF-4B0B-B863-DC12745FDAD9}" = protocol=6 | dir=in | app=c:\ntreev\grand chase\main.exe |
"{B113C6C5-A669-4F41-A429-C7C5D304B25B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B4AF2918-B4B0-4B4D-A36A-E83042D29F65}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C1D26187-F8C1-4AD9-BBCB-76FDABF848EC}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nmdllhost.exe |
"{D1ACA3F3-5805-440A-90A6-0FA13268DB9E}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nmdllhost.exe |
"{D27BC4BE-4B90-4F1A-9B43-47103D103BB7}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{D76CBC74-7C62-41CB-B71D-271BEC85297E}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nttxh.exe |
"{D95570DC-EED1-4799-AAD3-F68866610E4D}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nerotivobackground.exe |
"{DB169498-BEEE-43B6-8E86-876C2EE44BD2}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{DBA1DD1B-7565-4159-B52A-D534E3C69A35}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nttxsvc.exe |
"{E417E6BF-417B-43E6-8E5A-8EE52004F439}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{E577732C-855D-4E4B-BC79-3FF2ECC9138C}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{EAAC5A05-54AA-4A21-9130-734C585A22A6}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{EE322C76-DBEA-4861-A8C3-9517AC0FB0EB}" = protocol=17 | dir=in | app=c:\program files\nero\nero liquidtv\nttxsvc.exe |
"{EF79728F-1337-4B60-95D7-CA0DB5677B36}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nttxsvc.exe |
"{F44D3635-A568-4995-A17E-6D95B14F7EE3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F7D2097E-CD73-4142-8D40-EAEEF4A5A520}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F813545B-3A33-4099-BF1F-933D530D08C3}" = protocol=6 | dir=in | app=c:\program files\nero\nero liquidtv\nerotivobackground.exe |
"{F90C1B9A-397E-4402-94CC-3AA5F2686441}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{FD25CC55-F961-406C-BAB3-98AC03CA82F0}" = protocol=17 | dir=in | app=c:\ntreev\grand chase\main.exe |
"{FF92F5E0-8952-49D2-BA54-9022E66061CB}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{4E4304F3-A33A-45A6-99DA-430A518A43EB}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{50692C0E-C643-4766-AC19-2BB5C1BC84FF}C:\program files\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=6 | dir=in | app=c:\program files\adobe\adobe after effects cs4\support files\afterfx.exe |
"TCP Query User{7CDCA7B6-5D66-4B85-B31D-C7B663B7B10E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{8A42DD97-4E3D-4482-8FFC-5722113EF845}C:\program files\maiet\gunz\gunzlauncher.exe" = protocol=6 | dir=in | app=c:\program files\maiet\gunz\gunzlauncher.exe |
"TCP Query User{8CF2C6B1-BE7F-4AF1-8C37-906BD39C72DB}C:\ijji\english\gunz\gunz.exe" = protocol=6 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"TCP Query User{993DAFF1-22B7-443A-9CD7-38A210ECCC85}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"TCP Query User{A3FCC3F1-DDE8-44F5-BD4E-8DB3E3BCB613}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{B649D8B0-4A10-49E0-BB16-A7C944190573}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{BA8E5CD9-3C2D-4612-92DA-958961E2540A}C:\program files\activision\marvel - ultimate alliance\game.exe" = protocol=6 | dir=in | app=c:\program files\activision\marvel - ultimate alliance\game.exe |
"TCP Query User{D31E174B-2FF8-44CB-822B-E1F6A162C887}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{F3C944F9-F652-4C32-AAF5-E781C36532B9}C:\program files\java\jre1.6.0_04\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\java.exe |
"UDP Query User{0A156BEC-4463-40A5-8647-1DB6E28EFA2A}C:\program files\maiet\gunz\gunzlauncher.exe" = protocol=17 | dir=in | app=c:\program files\maiet\gunz\gunzlauncher.exe |
"UDP Query User{35A6CE5C-A21C-4F59-87FF-026ADA98FFCF}C:\ijji\english\gunz\gunz.exe" = protocol=17 | dir=in | app=c:\ijji\english\gunz\gunz.exe |
"UDP Query User{57EE2840-C4A0-449E-8EB8-A390FC15D3D4}C:\program files\java\jre1.6.0_04\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\javaw.exe |
"UDP Query User{5C013248-E5C9-4E96-8314-3073F0D21888}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{A657EB05-1900-4311-ADB5-B92A65C76A4A}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BE7646E8-899E-49A2-8B8F-EE2F67BAA735}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{CF448706-93F8-4AD9-92B6-BF86C11120A7}C:\program files\activision\marvel - ultimate alliance\game.exe" = protocol=17 | dir=in | app=c:\program files\activision\marvel - ultimate alliance\game.exe |
"UDP Query User{CFE32277-19C0-487D-B61E-58FB3772670E}C:\program files\adobe\adobe after effects cs4\support files\afterfx.exe" = protocol=17 | dir=in | app=c:\program files\adobe\adobe after effects cs4\support files\afterfx.exe |
"UDP Query User{D7450E9E-FA48-4F85-8B58-F76FF307058F}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{E975DC8B-4D65-46F3-B6C7-ED3B5A1E8F7D}C:\program files\java\jre1.6.0_04\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_04\bin\java.exe |
"UDP Query User{FD6DEFF0-29F9-4546-9FCC-94673B84A64B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A47C6E1-9BB2-023C-BBEC-2D3DBEA91A9A}" = ATI Catalyst Install Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{1624E927-1F74-34E2-64FB-263CE6A6CD6F}" = CCC Help English
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1AE5DF31-3D37-4E78-A0EB-5DAE701A765F}" = Nero LiquidTV
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DBB1B09-8A5C-4CEA-8623-3EE473D4530E}" = SMV Converter Tool 3.0
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"{2A9196F5-9B7C-EA83-6BC8-944BF707143D}" = ccc-utility
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3D60292B-1C68-2751-E708-6E419318C9E1}" = Catalyst Control Center InstallProxy
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{41903DF9-6CB1-0EC3-4B1E-76D55FAD9C80}" = Catalyst Control Center HydraVision Full
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{4420B59B-9FEC-8F4C-75A3-3FE927D8AEA1}" = Catalyst Control Center Graphics Full Existing
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54D966AE-AEB7-7BC9-B09A-A7BB0EAC236C}" = ccc-core-static
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5E44C19D-3D1F-87F9-65D2-F87C6F66DF91}" = Catalyst Control Center Core Implementation
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DF68292-863C-2943-813E-144E41DB1908}" = Catalyst Control Center Graphics Previews Vista
"{6EC2F8D1-6303-4E49-9F17-4D537C648F5B}" = HexEdit
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737F8964-D019-5D45-5FF4-8924FE62F564}" = Catalyst Control Center Graphics Full New
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{79896C28-C277-42d5-990A-D98E10682654}" = Titan Quest
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7BE38C02-9CFD-78DC-B4F3-32168B004ACF}" = Catalyst Control Center Graphics Previews Common
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel™ - Ultimate Alliance
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C7DE589B-59FB-1A37-33DA-DED08CA88DC4}" = Skins
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB4319C-D746-475B-B604-3D42C5564383}" = Prince of Persia The Sands of Time (Demo)
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton AntiVirus Help
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAC09C92-93A7-38BC-BA47-8F20439C2781}" = Catalyst Control Center Graphics Light
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max 2009 32-bit
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"18_is1" = RBO Extra Scenario Vol.1
"35_is1" = RBO Extra Scenario Vol.2
"36_is1" = RBO Extra Scenario Vol.3
"5F3B3A7C3F83EA764CEC04ACBB54F122A4B5BE4F" = Windows Driver Package - TiVo (tivoir) USB (08/15/2008 1.0.1.0)
"7-Zip" = 7-Zip 4.58 beta
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.2" = Acoustica Mixcraft 4.2
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Age of Mythology 1.0" = Age of Mythology
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AIM_6" = AIM 6
"Antares Autotune DX v4.15" = Antares Autotune DX v4.15
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Any Video Converter_is1" = Any Video Converter 2.6.7
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.12
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.5
"AutoHotkey" = AutoHotkey 1.0.48.03
"AutoItv3" = AutoIt v3.3.0.0
"Blender" = Blender (remove only)
"C546A146A2DAD2706C4C592BA68D8607D39736D9" = Windows Driver Package - TiVo USB (10/15/2008 1.0.1.0)
"CEP - Colour Enable Packages_is1" = CEP (Color Enable Package) v.9.0 (beta)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"Download Manager" = Download Manager 2.3.6
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Free Realms Installer" = {PRODUCT_NAME}
"GetRight_is1" = GetRight
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}" = Age of Empires III - The WarChiefs
"InstallShield_{2A856E11-228D-459F-A196-6F4F7E104FFC}" = ZBrush 3.5 R3
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{932FB3F3-594D-4600-ABFA-F2DE80A14214}" = Marvel™ - Ultimate Alliance
"InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}" = Age of Empires III - The Asian Dynasties
"Keyboard Express 3" = Keyboard Express 3
"Macro Express 3" = Macro Express 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MAXONB6EC381C" = CINEMA 4D 11.514
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Money2007b" = Microsoft Money Essentials
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"particleIllusion 3.0" = particleIllusion 3.0
"PeerGuardian_is1" = PeerGuardian 2.0
"Persona" = Hybrid Downloader 1,0,2,6
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Ragnarok Battle Offline" = Ragnarok Battle Offline
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.80
"Rmtablet" = USB Tablet Manager
"Runic Games Torchlight" = Torchlight
"SMPlayer" = SMPlayer 0.6.8
"SpaceMonger" = SpaceMonger 2.1.1
"SpeedFan" = SpeedFan (remove only)
"SymSetup.{C1C185CA-C531-49F5-A6FA-B838405A049D}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TreeSize Free_is1" = TreeSize Free V2.2.1
"Trine Demo_is1" = Trine Demo (GamesPlanet)
"UnityWebPlayer" = Unity Web Player
"Veoh Web Player Beta" = Veoh Web Player Beta
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"WebcamMax" = WebcamMax
"WildTangent gateway Master Uninstall" = Gateway Games
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinRAR archiver" = WinRAR archiver
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-614758702-3636996587-203661250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ijji FireFox Launcher" = ijji FireFox Launcher 1.0
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

Error - 3/19/2009 11:13:20 PM | Computer Name = summer-PC | Source = Adobe Version Cue CS3 | ID = 3
Description =

[ Media Center Events ]
Error - 1/10/2010 1:24:54 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/10/2010 7:11:41 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/10/2010 7:49:57 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/11/2010 12:39:48 AM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/11/2010 4:02:24 AM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/14/2010 8:43:10 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/15/2010 4:53:13 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/16/2010 2:00:38 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/16/2010 11:06:01 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

Error - 1/17/2010 8:24:49 PM | Computer Name = summer-PC | Source = ehRecvr | ID = 4
Description =

[ OSession Events ]
Error - 8/15/2009 11:22:36 AM | Computer Name = summer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 80294
seconds with 600 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/27/2009 4:06:43 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 4:22:41 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 4:25:02 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 4:25:58 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.102 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 6:11:38 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 6:50:00 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/27/2009 8:25:13 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address XXXXXXXXXXXX has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/28/2009 12:02:35 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address XXXXXXXXXXXX.

Error - 6/28/2009 12:21:35 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address XXXXXXXXXXXX.

Error - 6/28/2009 12:23:16 PM | Computer Name = summer-PC | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address XXXXXXXXXXXX.


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 20 January 2010 - 02:11 PM

Hi,

please also provide a log from gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 20 January 2010 - 08:20 PM

Hi myrti smile.gif

I downloaded GMER from the Main Mirror and saved it to my desktop. After clicking Scan I waited a few minutes. I noticed my laptop was getting hot, then it suddenly shut off. I tried running the scan for a 2nd time but once again the computer shut down. sad.gif I also ran GMER in safe mode but after a minute it shut off. I ran the scan one more time in normal mode with a temperature monitor running and noticed I was right with my guess about why the computer was restarting... the temperature shot up to over 90° celcius (with 100% CPU Usage) and once again the laptop shut off.

So... I don't think GMER will work for me. sad.gif

Did you notice anything in the OTL logs?

Edited by skyfish, 20 January 2010 - 08:42 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 20 January 2010 - 08:48 PM

Hi,

please try the following:

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Afterwards try running gmer once more.

If gmer will not run, please try running MBR instead:

Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

Finally I see rests of Norton on your system, did you uninstall norton internet security?
As mentioned before there are signs of infection in your original logs, especially the rootrepeal log. Your OTL log is lookin rather fine though.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 20 January 2010 - 09:37 PM

Downloaded & ran DeFogger. No problems. Restarted when prompted.
I Ran GMER a few minutes after restarting. Almost immediately, CPU Usage shot to 100% & temp went to over 90° celcius. Comp restarted. sad.gif

Also downloaded mbr.exe as instructed.
From mbr.log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
kernel: MBR read successfully
user & kernel MBR OK

Edited by skyfish, 20 January 2010 - 09:43 PM.


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 20 January 2010 - 09:44 PM

Hi,

Please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 20 January 2010 - 10:33 PM

ComboFix log:



ComboFix 10-01-20.04 - summer 01/20/2010 21:56:53.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.813 [GMT -5:00]
Running from: c:\users\summer\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\windows\system32\twain_32.dll

.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.

2010-01-21 03:08 . 2010-01-21 03:08 -------- d-----w- c:\users\summer\AppData\Local\temp
2010-01-21 03:08 . 2010-01-21 03:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-01-21 03:08 . 2010-01-21 03:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-21 02:56 . 2010-01-21 02:56 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-01-21 02:51 . 2010-01-21 02:55 -------- d-----w- C:\32788R22FWJFW
2010-01-21 02:22 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2010-01-21 02:22 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2010-01-21 02:21 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2010-01-21 02:21 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-01-21 02:21 . 2009-08-07 00:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-01-21 02:21 . 2009-08-06 23:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-01-21 02:04 . 2010-01-21 02:04 77312 ----a-w- C:\mbr.exe
2010-01-11 08:04 . 2010-01-11 08:04 -------- d-----w- c:\windows\Internet Logs
2010-01-11 04:32 . 2008-02-23 04:38 170496 ----a-w- c:\windows\system32\tcpipcfg.dll
2010-01-11 04:32 . 2008-02-23 02:41 22528 ----a-w- c:\windows\system32\netiougc.exe
2010-01-11 04:29 . 2010-01-11 04:29 -------- d-----w- c:\programdata\CheckPoint
2010-01-11 02:37 . 2010-01-11 02:53 -------- d-----w- c:\users\summer\AppData\Roaming\CallingID
2010-01-09 06:20 . 2010-01-10 12:23 -------- d-----w- c:\program files\a-squared Anti-Malware
2010-01-07 09:25 . 2010-01-07 09:25 -------- d-----w- c:\program files\Pixologic
2010-01-06 00:04 . 2010-01-06 00:04 -------- d-----w- c:\program files\MAXON
2010-01-05 23:54 . 2010-01-06 00:31 -------- d-----w- c:\users\summer\AppData\Roaming\MAXON
2010-01-05 04:42 . 2010-01-05 04:43 -------- d-----w- C:\Python26
2010-01-05 04:34 . 2010-01-05 04:34 -------- d-----w- c:\program files\Blender Foundation
2010-01-03 10:07 . 2010-01-05 02:22 -------- d-----w- c:\users\summer\AppData\Local\Downloaded Installations
2009-12-29 18:35 . 2010-01-04 21:35 -------- d-----w- c:\program files\NCSoft
2009-12-28 23:08 . 2009-10-20 01:15 127800 ----a-w- c:\users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
2009-12-28 00:44 . 2009-12-28 00:44 -------- d-----w- c:\programdata\ArcSoft
2009-12-26 18:09 . 2009-12-26 18:14 -------- d-----w- c:\program files\TABLET
2009-12-26 18:09 . 2009-12-26 18:10 -------- d-----w- c:\windows\system32\TabletPmt

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 02:05 . 2008-07-02 14:01 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-14 16:12 . 2009-10-03 06:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-11 04:53 . 2009-01-23 18:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 02:49 . 2009-08-22 09:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-07 21:07 . 2009-01-23 18:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-01-23 18:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 09:27 . 2008-02-28 09:47 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 23:04 . 2008-08-28 04:34 -------- d-----w- c:\users\summer\AppData\Roaming\GetRight
2009-12-30 18:08 . 2008-02-28 10:12 -------- d-----w- c:\programdata\WildTangent
2009-12-30 18:06 . 2008-07-09 22:11 14631208 ----a-w- c:\programdata\WildTangent\Gateway Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-12-29 18:41 . 2008-08-03 01:54 -------- d-----w- c:\program files\Download Manager
2009-12-29 18:41 . 2008-08-03 01:54 -------- d-----w- c:\users\summer\AppData\Roaming\IGN_DLM
2009-12-29 18:37 . 2008-06-08 20:32 -------- d-----w- c:\users\summer\AppData\Roaming\GetRightToGo
2009-12-28 22:34 . 2008-12-15 21:54 -------- d-----w- c:\users\summer\AppData\Roaming\Any Video Converter
2009-12-28 00:41 . 2009-12-28 00:41 -------- d-----w- c:\users\summer\AppData\Roaming\ArcSoft
2009-12-28 00:41 . 2009-12-28 00:41 -------- d-----w- c:\users\summer\AppData\Roaming\HP SimpleSave Application
2009-12-27 03:58 . 2009-05-02 03:41 -------- d-----w- c:\program files\Blackout Ragnarok Online
2009-12-25 20:32 . 2008-10-20 00:45 7268 ----a-w- c:\users\summer\AppData\Local\d3d9caps.dat
2009-12-20 04:03 . 2008-12-23 15:01 -------- d-----w- c:\programdata\Tablet
2009-12-20 04:03 . 2008-10-10 20:20 -------- d-----w- c:\programdata\FLEXnet
2009-12-02 22:41 . 2009-12-02 22:41 46 ----a-w- c:\windows\system32\DonationCoder_urlsnooper_InstallInfo.dat
2009-12-02 22:41 . 2009-12-02 22:41 -------- d-----w- c:\users\summer\AppData\Roaming\DonationCoder
2009-12-02 22:23 . 2008-06-06 05:23 -------- d-----w- c:\program files\Common Files\Real
2009-12-02 22:23 . 2009-12-02 22:23 -------- d-----w- c:\program files\Common Files\xing shared
2009-12-02 22:23 . 2009-12-02 22:23 -------- d-----w- c:\program files\real
2009-12-01 12:14 . 2009-11-23 01:46 439816 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\setup.exe
2009-11-28 14:35 . 2009-09-28 13:36 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-24 05:37 . 2009-11-24 05:37 -------- d-----w- c:\programdata\Nero
2009-11-24 05:37 . 2009-11-24 05:37 -------- d-----w- c:\users\summer\AppData\Roaming\Nero
2009-11-24 05:20 . 2008-06-04 23:10 82616 ----a-w- c:\users\summer\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-24 05:05 . 2009-11-24 05:05 -------- d-----w- c:\program files\DIFX
2009-11-24 05:00 . 2009-11-24 05:00 -------- d-----w- c:\program files\Nero
2009-11-24 05:00 . 2009-11-24 05:00 -------- d-----w- c:\program files\Common Files\Nero
2009-11-23 09:48 . 2009-11-23 09:47 17237488 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\rp\RealPlayerSPGold.exe
2009-11-23 09:47 . 2009-11-23 09:47 8405312 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-23 09:47 . 2009-11-23 09:47 149000 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\chr_helper\LaunchHelper.exe
2009-11-23 09:47 . 2009-11-23 09:47 10309448 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\chr\ChromeInstaller.exe
2009-11-23 09:47 . 2009-11-23 09:47 79368 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe
2009-11-23 09:47 . 2009-11-23 09:47 64000 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gcapi_dll.dll
2009-11-23 09:47 . 2009-11-23 09:47 52288 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\gtapi.dll
2009-11-23 09:47 . 2009-11-23 09:47 50688 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\fftbapi.dll
2009-11-23 09:47 . 2009-11-23 09:47 118784 ----a-w- c:\users\summer\AppData\Roaming\Real\Update\setup3.09\RUP\inst_config\compat.dll
2009-10-26 13:24 . 2009-10-26 13:24 2149888 ----a-w- c:\windows\system32\python26.dll
2009-01-14 23:50 . 2009-01-14 23:50 1974 ----a-w- c:\program files\trapcodehorizon.log
2009-01-14 23:37 . 2009-01-14 23:37 3701 ----a-w- c:\program files\imageLounge.log
2009-01-13 09:51 . 2009-01-13 09:51 36868 ----a-w- c:\program files\uninst-Particular.exe
2008-07-28 03:29 . 2008-07-26 04:17 1230 ----a-w- c:\program files\wow-realmlist.txt
2008-06-07 07:04 . 2008-06-07 07:04 197 --sha-w- c:\program files\Common Files\maxtreme.dat
2007-08-24 11:52 . 2008-06-04 23:20 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-06_09.07.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-06 03:14 . 2009-11-06 03:14 54272 c:\windows\winsxs\x86_microsoft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.21022.8_none_ecdf8c290e547f39\vcomp90.dll
+ 2009-11-06 03:14 . 2009-11-06 03:14 46592 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90KOR.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 47104 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90JPN.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 59392 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90ITA.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 60416 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90FRA.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 59392 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90ESP.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 59392 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90ESN.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 54272 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90ENU.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 60928 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90DEU.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 41984 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90CHT.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 41472 c:\windows\winsxs\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b59bae9d65014b98\MFC90CHS.DLL
+ 2009-11-06 03:14 . 2009-11-06 03:14 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfcm90u.dll
+ 2009-11-06 03:14 . 2009-11-06 03:14 59904 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfcm90.dll
+ 2010-01-21 02:22 . 2009-08-07 02:24 44768 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wups2.dll
+ 2010-01-21 02:22 . 2009-08-07 02:24 53472 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuauclt.exe
+ 2010-01-21 02:21 . 2009-08-06 23:44 33792 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuapp.exe
+ 2010-01-21 02:21 . 2009-08-07 02:24 35552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wups.dll
+ 2010-01-21 02:21 . 2009-08-07 01:44 87552 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wudriver.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\avicap32.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 31232 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvidc32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 12800 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msrle32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 82944 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\mciavi32.dll
+ 2006-11-02 09:03 . 2006-11-02 09:46 65024 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\avicap32.dll
+ 2010-01-11 04:32 . 2008-02-23 02:41 22528 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\netiougc.exe
+ 2010-01-11 04:32 . 2008-02-23 04:37 49664 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\netiomig.dll
+ 2010-01-11 04:32 . 2008-02-23 02:40 22016 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\netiougc.exe
+ 2010-01-11 04:32 . 2008-02-23 04:35 49152 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\netiomig.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 53248 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\tsgqec.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 37888 c:\windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18119_none_39716f4d70ea0119\printcom.dll
+ 2010-01-11 04:32 . 2008-02-23 02:39 85504 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\FWPKCLNT.SYS
+ 2008-01-21 02:25 . 2008-01-21 02:25 53248 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\rrinstaller.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 98816 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfps.dll
+ 2008-01-21 02:25 . 2008-01-21 02:25 24576 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mfpmp.exe
+ 2006-11-02 07:28 . 2006-11-02 08:48 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18049_none_798eed5458a4f83c\INETRES.dll
+ 2009-09-16 23:37 . 2009-09-16 23:37 55680 c:\windows\System32\XDva285.sys
+ 2009-12-30 02:31 . 2009-09-04 22:44 69464 c:\windows\System32\XAPOFX1_3.dll
+ 2009-12-30 02:31 . 2008-10-27 15:04 70992 c:\windows\System32\XAPOFX1_2.dll
+ 2009-12-30 02:31 . 2009-03-16 19:18 22360 c:\windows\System32\X3DAudio1_6.dll
+ 2009-12-30 02:31 . 2008-10-27 15:04 23376 c:\windows\System32\X3DAudio1_5.dll
+ 2009-08-19 18:24 . 2009-08-19 18:24 32768 c:\windows\System32\WTClient.exe
+ 2008-01-21 01:58 . 2010-01-21 02:09 45164 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-05 08:14 . 2010-01-21 02:16 11312 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-614758702-3636996587-203661250-1000_UserData.bin
+ 2009-09-23 12:12 . 2009-09-23 12:12 56320 c:\windows\System32\UCMfg.exe
+ 2007-04-24 19:31 . 2007-04-24 19:31 10240 c:\windows\System32\ucinst32.dll
+ 2010-01-11 04:32 . 2008-02-23 04:37 49664 c:\windows\System32\migration\netiomig.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 49664 c:\windows\System32\migration\netiomig.dll
+ 2009-11-22 13:51 . 2009-11-22 13:51 85173 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
+ 2004-05-10 15:33 . 2004-05-10 15:33 36864 c:\windows\System32\lhtool.exe
+ 2009-10-09 21:08 . 2009-10-09 21:08 44032 c:\windows\System32\hcw72Co.dll
+ 2008-10-15 10:12 . 2008-10-15 10:12 10496 c:\windows\System32\DriverStore\FileRepository\tivoir.inf_38c5b169\tivoir.sys
+ 2007-04-24 19:31 . 2007-04-24 19:31 10240 c:\windows\System32\DriverStore\FileRepository\tablet2k.inf_e3e12915\ucinst32.dll
+ 2008-09-08 14:10 . 2008-09-08 14:10 14848 c:\windows\System32\DriverStore\FileRepository\tablet2k.inf_e3e12915\drivers\UCTblHid.sys
+ 2007-04-23 15:28 . 2007-04-23 15:28 18432 c:\windows\System32\DriverStore\FileRepository\tablet2k.inf_e3e12915\drivers\TClass2k.sys
+ 2007-04-23 15:28 . 2007-04-23 15:28 10752 c:\windows\System32\DriverStore\FileRepository\ptsimhid.inf_2ac54b52\drivers\PTSimHid.sys
+ 2007-06-07 17:16 . 2007-06-07 17:16 18944 c:\windows\System32\DriverStore\FileRepository\ptsimbus.inf_e9e96d7f\drivers\PTSimBus.sys
+ 2009-11-24 04:14 . 2008-04-01 07:34 43008 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_895ab6f1\Driver72\hcw72Co.dll
+ 2009-11-24 04:14 . 2008-04-01 07:34 27904 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_895ab6f1\Driver72\hcw72ADFilter.sys
+ 2009-10-09 21:08 . 2009-10-09 21:08 44032 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_5c7c6a81\Driver72\hcw72Co.dll
+ 2009-10-09 21:08 . 2009-10-09 21:08 28928 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_5c7c6a81\Driver72\hcw72ADFilter.sys
+ 2009-09-23 14:34 . 2009-09-23 14:34 73728 c:\windows\System32\drivers\WTSrv.exe
+ 2008-01-21 02:23 . 2008-01-21 02:23 73088 c:\windows\System32\drivers\USBAUDIO.sys
+ 2008-09-08 14:10 . 2008-09-08 14:10 14848 c:\windows\System32\drivers\UCTblHid.sys
+ 2008-10-15 10:12 . 2008-10-15 10:12 10496 c:\windows\System32\drivers\tivoir.sys
+ 2007-04-23 15:28 . 2007-04-23 15:28 18432 c:\windows\System32\drivers\TClass2k.sys
+ 2007-04-23 15:28 . 2007-04-23 15:28 10752 c:\windows\System32\drivers\PTSimHid.sys
+ 2007-06-07 17:16 . 2007-06-07 17:16 18944 c:\windows\System32\drivers\PTSimBus.sys
+ 2009-10-09 21:08 . 2009-10-09 21:08 28928 c:\windows\System32\drivers\hcw72ADFilter.sys
- 2008-06-04 23:02 . 2009-09-06 08:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-04 23:02 . 2010-01-21 02:22 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-10 23:53 . 2010-01-21 02:22 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-04 23:02 . 2009-09-06 08:40 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-04 23:02 . 2010-01-21 02:22 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-07 00:23 . 2009-08-07 00:23 73288 c:\windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupV.exe
+ 2010-01-05 04:43 . 2010-01-05 04:43 94208 c:\windows\Installer\{E7394A0F-3F80-45B1-87FC-ABCD51893246}\python_icon.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 49152 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\UNINST_Uninstall_Z_4E9E958D84F74780A22003F73C24D298.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 40960 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\NewShortcut4_4559CEBD99844A209052E16206887F4B.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 40960 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\NewShortcut3_E2543C64F8A24E6CB73D056984AD6BC3.exe
+ 2009-11-24 04:59 . 2009-11-24 04:59 49152 c:\windows\Installer\{1AE5DF31-3D37-4E78-A0EB-5DAE701A765F}\UNINST_Uninstall_N_A54C852DC85940BF80794FC8A6426651.exe
- 2006-11-02 10:25 . 2009-01-21 06:34 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-01-11 07:57 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-01-11 07:57 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-01-26 20:59 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 08:26 . 2006-11-02 09:41 2048 c:\windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_885590b496e78ad1\msxml6r.dll
+ 2006-11-02 12:35 . 2006-11-02 12:35 2048 c:\windows\winsxs\x86_microsoft-windows-mediafoundation_31bf3856ad364e35_6.0.6001.18096_none_9c03e1ac0d053e06\mferror.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 9728 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
+ 2008-01-21 02:25 . 2008-01-21 02:25 6656 c:\windows\winsxs\x86_microsoft-windows-ehome-devices-mcrmgr_31bf3856ad364e35_6.0.6001.18322_none_34164ed7da089430\McrMgr.dll
+ 2006-11-02 07:11 . 2006-11-02 07:11 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6002.18101_none_0e09b1f3ef71cee4\AcRes.dll
+ 2008-06-05 08:33 . 2008-03-08 01:58 2560 c:\windows\winsxs\x86_microsoft-windows-a..ence-mitigations-c1_31bf3856ad364e35_6.0.6001.18320_none_0c0c9e03f25c9b24\AcRes.dll
+ 2008-08-10 23:42 . 2010-01-09 22:14 2756 c:\windows\System32\WDI\ERCQueuedResolutions.dat
+ 2009-12-02 22:23 . 2009-12-02 22:23 5632 c:\windows\System32\pndx5032.dll
- 2008-06-06 05:23 . 2008-06-06 05:23 5632 c:\windows\System32\pndx5032.dll
- 2008-06-06 05:23 . 2008-06-06 05:23 6656 c:\windows\System32\pndx5016.dll
+ 2009-12-02 22:23 . 2009-12-02 22:23 6656 c:\windows\System32\pndx5016.dll
+ 2009-05-31 08:01 . 2009-09-19 20:26 6784 c:\windows\System32\drivers\scsk4.sys
- 2009-05-31 08:01 . 2009-08-05 13:36 6784 c:\windows\System32\drivers\scsk4.sys
+ 2010-01-21 02:07 . 2010-01-21 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-01-21 02:07 . 2010-01-21 02:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-09-06 09:05 . 2009-09-06 09:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-11-06 03:14 . 2009-11-06 03:14 161784 c:\windows\winsxs\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.21022.8_none_bdf22a22ab9e15d5\ATL90.dll
+ 2010-01-21 02:21 . 2009-08-07 00:23 171608 c:\windows\winsxs\x86_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.4.7600.226_none_79951cca15140d1a\wuwebv.dll
+ 2010-01-21 02:21 . 2009-08-07 02:23 575704 c:\windows\winsxs\x86_microsoft-windows-w..owsupdateclient-aux_31bf3856ad364e35_7.4.7600.226_none_cf8a5c896f5cdb1e\wuapi.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6002.18049_none_93f62b2f8600b455\msvfw32.dll
+ 2008-01-21 02:24 . 2008-01-21 02:24 123904 c:\windows\winsxs\x86_microsoft-windows-video-for-windows_31bf3856ad364e35_6.0.6001.18270_none_91e6450388fad1ce\msvfw32.dll
+ 2010-01-11 04:32 . 2008-02-23 04:38 170496 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6001.22121_none_61fa9319a8869bbb\tcpipcfg.dll
+ 2010-01-11 04:32 . 2008-02-23 04:36 167424 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\tcpipcfg.dll
+ 2010-01-11 04:32 . 2008-02-23 02:41 806400 c:\windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.20778_none_5fe546ddab8247e0\tcpip.sys
+ 2010-01-11 04:32 . 2008-02-23 04:41 890936 c:\windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22121_none_b3930f8f7f9331f9\tcpip.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 136192 c:\windows\winsxs\x86_microsoft-windows-t..s-clientactivexcore_31bf3856ad364e35_6.0.6001.18266_none_2fb32dbcc5d3707b\aaclient.dll
+ 2010-01-11 04:32 . 2008-02-23 04:34 438272 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\IKEEXT.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:34 595456 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\FWPUCLNT.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:41 101432 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\FWPKCLNT.SYS
+ 2010-01-11 04:32 . 2008-02-23 04:32 328704 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.22121_none_cd996d2643b7c90c\BFE.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:34 416768 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\IKEEXT.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:33 543232 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\FWPUCLNT.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:33 317440 c:\windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6000.20778_none_cb8420ea46b37531\BFE.DLL
+ 2010-01-11 04:32 . 2008-02-23 04:41 223288 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6001.22121_none_57106a12ce7a7862\netio.sys
+ 2010-01-11 04:32 . 2008-02-23 04:39 217144 c:\windows\winsxs\x86_microsoft-windows-netio-infrastructure_31bf3856ad364e35_6.0.6000.20778_none_54fb1dd6d1762487\netio.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 441400 c:\windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\ksecdd.sys
+ 2008-01-21 02:24 . 2008-01-21 02:24 860160 c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFaultSecure.exe
+ 2008-01-21 02:24 . 2008-01-21 02:24 217088 c:\windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.0.6001.18145_none_6fe0e04a3ce53cd7\WerFault.exe
+ 2009-12-30 02:31 . 2009-09-04 22:44 515416 c:\windows\System32\XAudio2_5.dll
+ 2009-12-30 02:31 . 2009-03-16 19:18 517448 c:\windows\System32\XAudio2_4.dll
+ 2009-12-30 02:31 . 2008-10-27 15:04 514384 c:\windows\System32\XAudio2_3.dll
+ 2009-12-30 02:31 . 2009-09-04 22:44 238936 c:\windows\System32\xactengine3_5.dll
+ 2009-12-30 02:31 . 2009-03-16 19:18 235352 c:\windows\System32\xactengine3_4.dll
+ 2009-12-30 02:31 . 2008-10-27 15:04 235856 c:\windows\System32\xactengine3_3.dll
+ 2008-12-23 15:01 . 2009-09-11 10:10 200704 c:\windows\System32\WinTab32.dll
+ 2008-06-05 00:16 . 2010-01-20 18:15 562100 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-01-21 02:16 100894 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-10-20 08:48 . 2009-08-19 09:18 107864 c:\windows\System32\tsccvid.dll
+ 2009-09-28 09:58 . 2009-09-28 09:58 352256 c:\windows\System32\tabcfg.exe
+ 2009-12-02 22:23 . 2009-12-02 22:23 185920 c:\windows\System32\rmoc3260.dll
- 2008-06-06 05:23 . 2008-06-06 05:23 278528 c:\windows\System32\pncrt.dll
+ 2008-06-06 05:23 . 2009-12-02 22:23 278528 c:\windows\System32\pncrt.dll
+ 2006-11-02 10:33 . 2010-01-10 13:16 604452 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-08-18 17:27 604452 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-01-10 13:16 105376 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-08-18 17:27 105376 c:\windows\System32\perfc009.dat
+ 2009-08-10 11:13 . 2009-08-10 11:13 227328 c:\windows\System32\MyDrawLineWindowDll.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2007-12-10 11:54 . 2007-12-10 11:54 802816 c:\windows\System32\imagXRA7.dll
+ 2007-12-10 11:54 . 2007-12-10 11:54 258048 c:\windows\System32\imagXR7.dll
+ 2007-12-10 11:54 . 2007-12-10 11:54 497296 c:\windows\System32\imagXpr7.dll
- 2008-01-21 02:23 . 2008-01-21 02:23 438272 c:\windows\System32\IKEEXT.DLL
+ 2008-07-08 21:48 . 2008-05-28 03:19 438272 c:\windows\System32\IKEEXT.DLL
+ 2008-07-08 21:47 . 2008-05-28 03:19 595456 c:\windows\System32\FWPUCLNT.DLL
- 2008-01-21 02:23 . 2008-01-21 02:23 595456 c:\windows\System32\FWPUCLNT.DLL
+ 2008-07-08 21:48 . 2008-04-26 08:08 891448 c:\windows\System32\drivers\tcpip.sys
- 2008-07-08 21:48 . 2008-04-26 08:26 891448 c:\windows\System32\drivers\tcpip.sys
- 2008-01-21 02:24 . 2008-01-21 02:24 223288 c:\windows\System32\drivers\netio.sys
+ 2008-07-08 21:48 . 2008-05-28 03:27 223288 c:\windows\System32\drivers\netio.sys
+ 2008-07-08 21:48 . 2008-05-28 03:28 101432 c:\windows\System32\drivers\FWPKCLNT.SYS
- 2008-01-21 02:23 . 2008-01-21 02:23 101432 c:\windows\System32\drivers\FWPKCLNT.SYS
+ 2009-12-30 02:31 . 2009-09-04 22:29 235344 c:\windows\System32\d3dx11_42.dll
+ 2009-12-30 02:31 . 2009-09-04 22:29 453456 c:\windows\System32\d3dx10_42.dll
+ 2009-12-30 02:31 . 2009-03-09 20:27 453456 c:\windows\System32\d3dx10_41.dll
+ 2009-12-30 02:31 . 2008-10-10 09:52 452440 c:\windows\System32\d3dx10_40.dll
+ 2008-07-08 21:47 . 2008-05-28 03:17 328704 c:\windows\System32\BFE.DLL
- 2008-01-21 02:23 . 2008-01-21 02:23 328704 c:\windows\System32\BFE.DLL
+ 2009-08-06 17:48 . 2009-08-06 17:48 335872 c:\windows\SetupX32.EXE
+ 2010-01-05 04:43 . 2010-01-05 04:43 588288 c:\windows\Installer\694406.msi
+ 2010-01-05 02:20 . 2010-01-05 02:20 228352 c:\windows\Installer\5a4a611.msi
+ 2009-11-06 03:14 . 2009-11-06 03:14 228352 c:\windows\Installer\524e6f4.msi
+ 2009-10-20 08:48 . 2009-10-20 08:48 680448 c:\windows\Installer\{A589DA26-51BD-475D-8C32-E19E34145842}\IconEF5C48881.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 327680 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\NewShortcut2_B035DB47EEAD4497B4E736113874A1DF.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 327680 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\NewShortcut1_87C83A07657E46F6827E43D04279855F.exe
+ 2010-01-07 09:27 . 2010-01-07 09:27 327680 c:\windows\Installer\{2A856E11-228D-459F-A196-6F4F7E104FFC}\ARPPRODUCTICON.exe
+ 2009-11-24 04:59 . 2009-11-24 04:59 528384 c:\windows\Installer\{1AE5DF31-3D37-4E78-A0EB-5DAE701A765F}\Programs_NeroLiqui_00A83541EA0B4B51AE68743CE1956AB2.exe
+ 2009-11-24 04:59 . 2009-11-24 04:59 528384 c:\windows\Installer\{1AE5DF31-3D37-4E78-A0EB-5DAE701A765F}\Desktop_NeroLiquid_011D3E52CCEE477EA774752263312224.exe
+ 2009-11-24 04:59 . 2009-11-24 04:59 528384 c:\windows\Installer\{1AE5DF31-3D37-4E78-A0EB-5DAE701A765F}\ARPPRODUCTICON.exe
+ 2006-11-02 10:25 . 2010-01-11 07:57 143360 c:\windows\inf\infstrng.dat
+ 2009-11-06 03:14 . 2009-11-06 03:14 1162744 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfc90u.dll
+ 2009-11-06 03:14 . 2009-11-06 03:14 1156600 c:\windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.21022.8_none_b81d038aaf540e86\mfc90.dll
+ 2009-11-24 05:06 . 2009-11-24 05:06 1233920 c:\windows\winsxs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d\msxml4.dll
+ 2010-01-21 02:21 . 2009-08-07 01:45 2421760 c:\windows\winsxs\x86_microsoft-windows-windowsupdateclient-ui_31bf3856ad364e35_7.4.7600.226_none_672645e7fba0c4cc\wucltux.dll
+ 2010-01-21 02:21 . 2009-08-07 02:23 1929952 c:\windows\winsxs\x86_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.4.7600.226_none_e979223d5b9c821b\wuaueng.dll
+ 2008-06-05 08:33 . 2008-03-08 04:21 1695744 c:\windows\winsxs\x86_microsoft-windows-gameexplorer_31bf3856ad364e35_6.0.6001.18320_none_41eab4e8c14d30d2\gameux.dll
+ 2009-11-24 04:58 . 2008-08-20 03:33 1315328 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.22247_none_ac8308630b891e9a\ole32.dll
+ 2009-11-24 04:58 . 2008-08-20 03:17 1315328 c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6000.20899_none_aa68bab50e894c0c\ole32.dll
+ 2006-11-02 10:22 . 2010-01-21 02:22 6291456 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2009-06-11 20:59 6291456 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-11-24 04:58 . 2008-08-20 03:33 1315328 c:\windows\System32\ole32.dll
- 2008-01-21 02:24 . 2008-01-21 02:24 1315328 c:\windows\System32\ole32.dll
+ 2003-04-18 14:46 . 2003-04-18 14:46 1233920 c:\windows\System32\msxml4.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2007-12-10 11:54 . 2007-12-10 11:54 1757184 c:\windows\System32\imagX7.dll
+ 2001-09-06 01:00 . 2001-09-06 01:00 1700352 c:\windows\System32\gdiplus.dll
+ 2006-11-02 12:47 . 2009-11-24 05:15 2454720 c:\windows\System32\FNTCACHE.DAT
+ 2009-11-24 04:14 . 2008-04-01 07:40 1200640 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_895ab6f1\Driver72\hcw72DTV.sys
+ 2009-11-24 04:14 . 2008-04-01 07:35 1208448 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_895ab6f1\Driver72\hcw72ATV.sys
+ 2009-10-09 21:16 . 2009-10-09 21:16 1217152 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_5c7c6a81\Driver72\hcw72DTV.sys
+ 2009-10-09 21:10 . 2009-10-09 21:10 1214848 c:\windows\System32\DriverStore\FileRepository\hcw72bda.inf_5c7c6a81\Driver72\hcw72ATV.sys
+ 2009-10-09 21:16 . 2009-10-09 21:16 1217152 c:\windows\System32\drivers\hcw72DTV.sys
+ 2009-11-24 04:14 . 2008-04-01 07:35 1208448 c:\windows\System32\drivers\hcw72ATV.sys
+ 2009-12-30 02:31 . 2009-09-04 22:29 1892184 c:\windows\System32\D3DX9_42.dll
+ 2009-11-24 04:57 . 2009-03-09 20:27 4178264 c:\windows\System32\D3DX9_41.dll
+ 2009-12-30 02:31 . 2008-10-10 09:52 4379984 c:\windows\System32\D3DX9_40.dll
- 2008-07-24 23:09 . 2007-07-19 22:14 3727720 c:\windows\System32\d3dx9_35.dll
+ 2009-11-24 04:57 . 2007-07-19 23:14 3727720 c:\windows\System32\d3dx9_35.dll
+ 2009-12-30 02:31 . 2009-09-04 22:29 5501792 c:\windows\System32\d3dcsx_42.dll
+ 2009-12-30 02:31 . 2009-09-04 22:29 1974616 c:\windows\System32\D3DCompiler_42.dll
+ 2009-12-30 02:31 . 2009-03-09 20:27 1846632 c:\windows\System32\D3DCompiler_41.dll
+ 2009-12-30 02:31 . 2008-10-10 09:52 2036576 c:\windows\System32\D3DCompiler_40.dll
+ 2010-01-07 09:27 . 2010-01-07 09:27 1996288 c:\windows\Installer\3228d54.msi
+ 2009-10-20 08:48 . 2009-10-20 08:48 1653248 c:\windows\Installer\{A589DA26-51BD-475D-8C32-E19E34145842}\IconEF5C48883.exe
+ 2010-01-21 02:55 . 2010-01-21 02:55 6258688 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2008-02-05 05:27 . 2010-01-21 02:43 46301628 c:\windows\winsxs\ManifestCache\6.0.6001.18000_001c50b5_blobs.bin
+ 2009-10-20 08:48 . 2009-10-20 08:48 10196992 c:\windows\Installer\74b17ae.msi
+ 2009-11-24 05:06 . 2009-11-24 05:06 18653696 c:\windows\Installer\5d7524f.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-08-24 51048]
"SigmatelSysTrayApp"="sttray.exe" [2007-09-07 405504]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"WTClient"="WTClient.exe" [2009-08-19 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2008-01-19 40072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BigFix.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BigFix.lnk
backup=c:\windows\pss\BigFix.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^summer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GameSpot Download Manager.lnk]
path=c:\users\summer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameSpot Download Manager.lnk
backup=c:\windows\pss\GameSpot Download Manager.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^summer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\summer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^summer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Ubisoft register.lnk]
path=c:\users\summer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ubisoft register.lnk
backup=c:\windows\pss\Ubisoft register.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 06:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 03:06 2321600 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater6]
2009-03-17 03:37 2521464 ----a-w- c:\program files\Common Files\Adobe\Updater6\Adobe_Updater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2008-03-25 20:21 50528 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-07-10 13:47 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\atwtusb]
2007-03-20 22:43 315392 ----a-w- c:\windows\System32\ATWTUSB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2008-06-12 18:28 266497 ----a-w- c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
2007-09-13 22:09 638976 ----a-w- c:\program files\Camera Assistant Software for Gateway\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
2008-04-24 17:25 202560 ----a-w- c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashMute]
2006-03-11 19:49 221184 ----a-w- c:\program files\FlashMute\flashmute.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
2009-05-15 00:03 1103216 ----a-w- c:\program files\Download Manager\DLM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-07-10 14:51 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-07 21:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2007-01-19 20:54 5674352 ----a-w- c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
2006-09-06 20:12 323216 ----a-w- c:\program files\Napster\napster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NTDSysTray]
2009-07-02 13:15 2204968 ----a-w- c:\program files\Nero\Nero LiquidTV\NTDSysTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-05-27 14:50 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-05-01 07:35 1410296 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-12-14 11:42 144784 ----a-w- c:\program files\Java\jre1.6.0_04\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-12-02 22:23 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2008-12-16 17:07 3528440 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxMoniter]
2008-02-09 04:58 456024 ----a-w- c:\program files\WebcamMax\wcmmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090310.005\IDSvix86.sys [3/11/2009 9:11 PM 270384]
R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared Anti-Malware\a2service.exe [1/9/2010 1:20 AM 1858144]
R2 CamthWDM;WebcamMax, WDM Video Capture;c:\windows\System32\drivers\CamthWDM.sys [2/8/2008 11:58 PM 941784]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\ccSvcHst.exe [8/24/2007 8:07 AM 149864]
R2 NTBackground;Nero LiquidTV Background Service;c:\program files\Nero\Nero LiquidTV\NeroTiVoBackground.exe [7/2/2009 8:14 AM 5424424]
R2 NTCommunicationLogic;Nero LiquidTV Communication Service;c:\program files\Nero\Nero LiquidTV\NTCommunicationLogic.exe [7/2/2009 8:14 AM 1353000]
R2 NTTxSvc;Nero LiquidTV Transfer Service;c:\program files\Nero\Nero LiquidTV\NTTxSvc.exe [7/2/2009 8:15 AM 2364712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/6/2008 12:07 AM 24652]
R3 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [5/31/2009 5:38 AM 12672]
R3 PTSimBus;PenTablet Bus Enumerator;c:\windows\System32\drivers\PTSimBus.sys [6/7/2007 12:16 PM 18944]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\System32\drivers\PTSimHid.sys [4/23/2007 10:28 AM 10752]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8187B.sys [2/28/2008 4:51 AM 281088]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [8/12/2007 11:50 PM 41008]
S1 aiptektp;Pen Pad;c:\windows\System32\drivers\aiptektp.sys [12/23/2008 10:01 AM 22528]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 5:46 AM 284016]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [5/28/2007 11:55 PM 23888]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/7/2009 7:58 PM 101936]
S3 hcw72ADFilter;WinTV HVR-950 USB Audio Filter Driver;c:\windows\System32\drivers\hcw72ADFilter.sys [10/9/2009 4:08 PM 28928]
S3 hcw72ATV;WinTV HVR-950 NTSC;c:\windows\System32\drivers\hcw72ATV.sys [11/23/2009 11:14 PM 1208448]
S3 hcw72DTV;WinTV HVR-950 ATSC/QAM;c:\windows\System32\drivers\hcw72DTV.sys [10/9/2009 4:16 PM 1217152]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [11/2/2006 5:25 AM 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 NTTxHTTP;Nero LiquidTV HTTP Service;c:\program files\Nero\Nero LiquidTV\NTTxSvc.exe [7/2/2009 8:15 AM 2364712]
S3 tivoir;TiVo IR Transceiver Driver;c:\windows\System32\drivers\tivoir.sys [10/15/2008 5:12 AM 10496]
S3 XDva285;XDva285;c:\windows\System32\XDva285.sys [9/16/2009 6:37 PM 55680]
S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [7/28/2008 6:57 AM 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-01-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 13:36]

2010-01-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - summer.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 09:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
FF - ProfilePath - c:\users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
FF - plugin: c:\progra~1\SONYON~1\npsoe.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\summer\AppData\Roaming\Mozilla\Firefox\Profiles\pdhjrq7o.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
AddRemove-Antares Autotune DX v4.15 - c:\progra~1\Antares\AUTOTU~1\ANTARE~1\UNWISE.EXE
AddRemove-Trine Demo_is1 - c:\program files\Nobilis\TrineDemo(GamesPlanet)\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 22:08
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-20 22:11:29
ComboFix-quarantined-files.txt 2010-01-21 03:11
ComboFix2.txt 2009-09-06 09:17

Pre-Run: 54,344,949,760 bytes free
Post-Run: 54,412,083,200 bytes free

- - End Of File - - 3784958F24238ED922BCB924B68AFB8C


#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 21 January 2010 - 06:41 AM

Hi,

this looks better, is your PC still doing fine?

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 21 January 2010 - 05:27 PM

Yes, for the most part my PC still seems to be okay. smile.gif
Since visiting that site I haven't noticed any negative symptoms other than Avira's warning. I clicked deny access from Avira when the warning first came about a suspicious file in the mozilla cache folder. I have no idea what that site tried to do. I'm just trying to be careful and want to make sure there's nothing like a keylogger present.

The ESET scan took over 3 hours. This is what the text file for ESET says:

C:\Windows\Installer\5d7524f.msi Win32/Toolbar.AskSBar application


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:38 PM

Posted 22 January 2010 - 11:38 AM

Hi,

things are looking good. Before getting to the final step I would like you to update java:

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 skyfish

skyfish
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 January 2010 - 01:56 PM

Hi smile.gif

I uninstalled my older version of Java and installed the newer Java Runtime Environment (JRE) Version 6.
Should I remove the file (C:\Windows\Installer\5d7524f.msi Win32/Toolbar.AskSBar application) that ESET found?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users