Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trojan-spy.win 32 green screen


  • This topic is locked This topic is locked
15 replies to this topic

#1 terrarium

terrarium

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 16 January 2010 - 08:53 PM

got rid of green screen and popups with malwarebytes anti malware but now computer is running slow and awkward. desktop icons have highlighted box around them.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 18:00:45.01 on Sat 01/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.435 [GMT -7:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

I:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
I:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\system32\igfxpers.exe
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\Program Files\McAfee.com\Agent\mcagent.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
I:\Program Files\Common Files\Sonic Shared\CineTray.exe
I:\Program Files\OpenOffice.org 2.2\program\soffice.exe
I:\Program Files\SpywareGuard\sgmain.exe
I:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
svchost.exe
I:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
I:\Program Files\IncrediMail\bin\IMApp.exe
I:\Program Files\SpywareGuard\sgbhp.exe
I:\WINDOWS\system32\svchost.exe -k hpdevmgmt
I:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
I:\Program Files\McAfee\MPF\MPFSrv.exe
I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
I:\WINDOWS\system32\svchost.exe -k imgsvc
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
I:\WINDOWS\System32\svchost.exe -k HPZ12
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Program Files\Windows Live\Contacts\wlcomm.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\IncrediMail\bin\IncMail.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\IncrediMail\bin\IncMail.exe
I:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://search.imesh.com/sidebar.html?src=ssb
uSearch Bar = hxxp://search.imesh.com/sidebar.html?src=ssb
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - i:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - i:\program files\hp\smart web printing\hpswp_framework.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - i:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - i:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - i:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - i:\program files\mcafee\virusscan\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - i:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - i:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - i:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - i:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - i:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - i:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - i:\program files\google\google toolbar\GoogleToolbar.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: {315108E4-E3AF-460F-B264-F2ACC9E1ACEB} - No File
uRun: [ctfmon.exe] i:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "i:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [swg] "i:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IncrediMail] i:\program files\incredimail\bin\IncMail.exe /c
mRun: [igfxtray] i:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] i:\windows\system32\hkcmd.exe
mRun: [igfxpers] i:\windows\system32\igfxpers.exe
mRun: [HP Software Update] i:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "i:\program files\quicktime\qttask.exe" -atboottime
mRun: [mcagent_exe] "i:\program files\mcafee.com\agent\mcagent.exe" /runkey
StartupFolder: i:\docume~1\owner\startm~1\programs\startup\openof~1.lnk - i:\program files\openoffice.org 2.2\program\quickstart.exe
StartupFolder: i:\docume~1\owner\startm~1\programs\startup\spywar~1.lnk - i:\program files\spywareguard\sgmain.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - i:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - i:\program files\mcafee security scan\1.0.150\SSScheduler.exe
StartupFolder: i:\docume~1\alluse~1\startm~1\programs\startup\sonicc~1.lnk - i:\program files\common files\sonic shared\CineTray.exe
IE: &Search
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - i:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - i:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - i:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - i:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - i:\progra~1\spybot~1\SDHelper.dll
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///I:/Program%20Files/Zuma/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} - hxxp://cached.gamedesire.com/g_bin/eng/cards_2_0_0_80.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///I:/Program%20Files/Zuma/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - i:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - i:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - i:\program files\spywareguard\spywareguard.dll
Hosts: 91.212.127.226 osguard-pro.microsoft.com
Hosts: 91.212.127.226 osguard-pro.com
Hosts: 91.212.127.226 www.osguard-pro.com

================= FIREFOX ===================

FF - ProfilePath - i:\docume~1\owner\applic~1\mozilla\firefox\profiles\jk2gwp79.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - plugin: i:\documents and settings\owner\application data\mozilla\firefox\profiles\jk2gwp79.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: i:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: i:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: i:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: i:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - i:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - i:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
i:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;i:\windows\system32\drivers\mfehidk.sys [2008-4-27 214664]
R2 McProxy;McAfee Proxy Service;i:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-4-27 359952]
R2 McShield;McAfee Real-time Scanner;i:\progra~1\mcafee\viruss~1\mcshield.exe [2008-4-27 144704]
R3 McSysmon;McAfee SystemGuards;i:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-4-27 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;i:\windows\system32\drivers\mfeavfk.sys [2008-4-27 79816]
R3 mfebopk;McAfee Inc. mfebopk;i:\windows\system32\drivers\mfebopk.sys [2008-4-27 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;i:\windows\system32\drivers\mfesmfk.sys [2008-4-27 40552]
S2 gupdate1ca1268f034db18;Google Update Service (gupdate1ca1268f034db18);i:\program files\google\update\GoogleUpdate.exe [2009-7-31 133104]
S3 mferkdk;McAfee Inc. mferkdk;i:\windows\system32\drivers\mferkdk.sys [2008-4-27 34248]
S3 SaiH0255;SaiH0255;i:\windows\system32\drivers\SaiH0255.sys [2008-9-12 121984]

=============== Created Last 30 ================

2010-01-16 04:00:49 0 ----a-w- i:\windows\system32\19169.exe
2010-01-16 03:40:48 0 ----a-w- i:\windows\system32\26500.exe
2010-01-16 03:19:16 0 ----a-w- i:\windows\system32\6334.exe
2010-01-16 02:59:15 0 ----a-w- i:\windows\system32\18467.exe
2010-01-13 12:21:28 471552 -c----w- i:\windows\system32\dllcache\aclayers.dll
2010-01-07 11:07:19 118784 ----a-w- i:\windows\system32\MSSTDFMT.DLL
2010-01-07 11:07:19 0 d-----w- i:\program files\SpywareBlaster
2010-01-07 06:27:19 0 d-----w- i:\program files\SpywareGuard
2009-12-21 09:16:59 4 ----a-w- i:\windows\system32\proc625010911.bin
2009-12-21 09:16:59 0 d-----w- i:\docume~1\owner\applic~1\GanymedeNet
2009-12-19 11:55:23 54156 ---ha-w- i:\windows\QTFont.qfn
2009-12-19 11:55:23 1409 ----a-w- i:\windows\QTFont.for

==================== Find3M ====================

2010-01-07 23:07:14 38224 ----a-w- i:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07:04 19160 ----a-w- i:\windows\system32\drivers\mbam.sys
2009-10-29 07:45:38 916480 ----a-w- i:\windows\system32\wininet.dll
2009-10-23 22:04:12 411368 ----a-w- i:\windows\system32\deploytk.dll
2009-10-21 05:38:36 75776 ----a-w- i:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- i:\windows\system32\httpapi.dll
2008-10-28 05:10:33 32768 -csha-w- i:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008102720081028\index.dat
2008-10-07 19:12:11 16384 -csha-w- i:\windows\temp\cookies\index.dat
2008-10-07 19:12:11 32768 -csha-w- i:\windows\temp\history\history.ie5\index.dat
2008-10-07 19:12:11 49152 -csha-w- i:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 18:01:33.37 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 23 January 2010 - 09:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
[We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 24 January 2010 - 06:53 PM

OTL logfile created on: 1/24/2010 4:38:39 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = I:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): I:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.04 Gb Total Space | 119.17 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Computer Name: FEDOREK-68FB4B1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/24 16:37:19 | 00,547,328 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2009/12/22 10:41:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- I:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- i:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee\VirusScan\Mcshield.exe
PRC - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee\VirusScan\mcsysmon.exe
PRC - [2009/07/27 17:19:10 | 00,199,184 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- I:\Program Files\McAfee\MSC\mcmscsvc.exe
PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- i:\Program Files\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- i:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/01/27 13:10:16 | 00,251,264 | ---- | M] (IncrediMail, Ltd.) -- I:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2009/01/27 13:10:06 | 00,189,824 | ---- | M] (IncrediMail, Ltd.) -- I:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- I:\WINDOWS\explorer.exe
PRC - [2007/10/08 19:30:09 | 00,068,856 | ---- | M] (Google Inc.) -- I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2007/03/11 21:34:40 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- I:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2007/03/11 21:32:42 | 00,151,552 | ---- | M] (Hewlett-Packard Co.) -- I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/09/14 06:56:06 | 00,102,400 | ---- | M] () -- I:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/07/25 02:01:00 | 00,114,688 | ---- | M] (Sonic Solutions) -- I:\Program Files\Common Files\Sonic Shared\CineTray.exe
PRC - [2006/02/07 08:40:02 | 00,118,784 | ---- | M] (Intel Corporation) -- I:\WINDOWS\system32\igfxpers.exe
PRC - [2006/02/07 08:36:06 | 00,077,824 | ---- | M] (Intel Corporation) -- I:\WINDOWS\system32\hkcmd.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- I:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- I:\Program Files\SpywareGuard\sgbhp.exe


========== Modules (SafeList) ==========

MOD - [2010/01/24 16:37:19 | 00,547,328 | ---- | M] (OldTimer Tools) -- I:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2007/05/20 15:54:12 | 00,138,216 | ---- | M] (Babylon Ltd.) -- I:\Program Files\IncrediMail\bin\B4ImApp.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- I:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)
SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- I:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- I:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- I:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2009/07/31 22:28:35 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- I:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1ca1268f034db18) Google Update Service (gupdate1ca1268f034db18)
SRV - [2009/07/31 22:27:39 | 00,190,448 | ---- | M] (Google) [Auto | Stopped] -- I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- I:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- i:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- i:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2007/03/11 22:02:52 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- I:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/03/11 21:37:52 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- I:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2006/10/31 13:56:28 | 00,052,736 | ---- | M] (Hewlett-Packard) [Auto | Running] -- I:\WINDOWS\system32\HPZIPM12.DLL -- (Pml Driver HPZ12)
SRV - [2006/10/31 13:56:24 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- I:\WINDOWS\system32\HPZINW12.DLL -- (Net Driver HPZ12)
SRV - [2006/09/14 06:56:06 | 00,102,400 | ---- | M] () [Auto | Running] -- I:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 00,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/09/16 09:22:48 | 00,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 00,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/07/16 11:32:26 | 00,120,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- I:\WINDOWS\system32\drivers\Mpfp.sys -- (MPFP)
DRV - [2008/04/13 09:36:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/27 18:32:13 | 00,020,640 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- I:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/06/18 19:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/06/15 01:47:26 | 01,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/03/07 21:20:50 | 00,021,568 | R--- | M] (HP) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2007/03/07 21:20:49 | 00,016,496 | R--- | M] (HP) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2007/03/07 21:20:48 | 00,049,920 | R--- | M] (HP) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/10/31 14:15:24 | 00,165,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\e100b325.sys -- (E100B) Intel®
DRV - [2006/02/28 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2006/02/07 09:04:34 | 01,399,615 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2006/01/25 15:24:30 | 01,149,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/01/10 09:15:30 | 00,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 00,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- I:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/22 02:00:36 | 00,121,984 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- I:\WINDOWS\system32\drivers\SaiH0255.sys -- (SaiH0255)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-776561741-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
IE - HKU\S-1-5-21-776561741-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-776561741-1547161642-839522115-1003\S-1-5-21-776561741-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 8
FF - prefs.js..extensions.enabledItems: 2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/01/18 19:05:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/01/06 21:49:55 | 00,000,000 | ---D | M]

[2010/01/06 21:50:17 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/23 18:10:26 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jk2gwp79.default\extensions
[2010/01/06 21:50:17 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jk2gwp79.default\extensions\firefox@tvunetworks.com
[2010/01/23 18:10:26 | 00,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/10/25 15:59:31 | 00,000,146 | ---- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
O1 - Hosts: 91.212.127.226 osguard-pro.com
O1 - Hosts: 91.212.127.226 www.osguard-pro.com
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - I:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - I:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - I:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-776561741-1547161642-839522115-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-776561741-1547161642-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-776561741-1547161642-839522115-1003..\Run: [IncrediMail] I:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-776561741-1547161642-839522115-1003..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = I:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = I:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: I:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = I:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O4 - Startup: I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = I:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///I:/Program%20Files/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_80.cab (GameDesire Card Games)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///I:/Program%20Files/Zuma/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.100 75.154.133.68
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - I:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - I:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - I:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - I:\WINDOWS\system32\ias [2002/01/08 05:16:02 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - I:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - I:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootMin: MCODS - I:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: mcmscsvc - I:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SafeBootNet: MCODS - I:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: MpfService - I:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection I:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - I:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - i:\WINDOWS\system32\Rundll32.exe i:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - I:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - I:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "I:\WINDOWS\system32\rundll32.exe" "I:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.ac3acm - I:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - I:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - I:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - I:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - I:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - I:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - I:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - I:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - I:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - I:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - I:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - I:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - I:\WINDOWS\System32\ffdshow.ax ()
Drivers32: vidc.iv31 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - I:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - I:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - I:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - I:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - I:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/01/18 21:55:04 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/01/18 21:54:54 | 00,000,000 | ---D | C] -- I:\Program Files\BitTorrent
[2010/01/13 05:21:28 | 00,471,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 04:19:22 | 00,000,000 | R--D | C] -- I:\Documents and Settings\Owner\My Documents\My Music
[2010/01/07 04:07:19 | 00,118,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\MSSTDFMT.DLL
[2010/01/07 04:07:19 | 00,000,000 | ---D | C] -- I:\Program Files\SpywareBlaster
[2010/01/06 23:27:19 | 00,000,000 | ---D | C] -- I:\Program Files\SpywareGuard
[2010/01/06 20:37:51 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\explorer.exe.exe
[2009/12/26 14:46:21 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\U3
[2009/07/31 22:39:00 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/31 22:28:51 | 00,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 02:00:31 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/27 22:11:09 | 00,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/05 06:21:01 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/27 21:09:22 | 00,000,000 | --SD | M] -- I:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/27 21:09:22 | 00,000,000 | --SD | M] -- I:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 00:41:06 | 00,065,536 | ---- | C] ( ) -- I:\WINDOWS\System32\A3d.dll
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/24 16:44:01 | 00,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/24 16:04:56 | 00,000,868 | ---- | M] () -- I:\WINDOWS\tasks\Google Software Updater.job
[2010/01/24 03:44:00 | 00,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/22 04:26:05 | 00,023,869 | ---- | M] () -- I:\WINDOWS\System32\Config.MPF
[2010/01/22 04:25:44 | 00,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/01/22 04:25:43 | 00,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/01/22 04:25:42 | 00,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/01/22 04:24:56 | 04,972,544 | ---- | M] () -- I:\Documents and Settings\Owner\ntuser.dat
[2010/01/22 04:24:44 | 00,000,178 | -HS- | M] () -- I:\Documents and Settings\Owner\ntuser.ini
[2010/01/21 15:31:00 | 00,072,704 | ---- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/21 07:21:03 | 00,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/18 21:55:05 | 00,000,728 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/01/16 18:03:15 | 00,000,000 | ---- | M] () -- I:\Documents and Settings\Owner\settings.dat
[2010/01/15 21:00:49 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\19169.exe
[2010/01/15 20:40:48 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\26500.exe
[2010/01/15 20:19:16 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\6334.exe
[2010/01/15 19:59:15 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\18467.exe
[2010/01/15 01:00:00 | 00,000,340 | ---- | M] () -- I:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 04:54:15 | 00,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2010/01/10 07:05:59 | 00,033,320 | ---- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 04:08:35 | 00,146,016 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/07 04:07:20 | 00,000,690 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/01/06 23:27:21 | 00,000,670 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2010/01/06 23:27:21 | 00,000,638 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard.lnk
[2010/01/06 23:27:20 | 00,000,650 | ---- | M] () -- I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/01/06 21:49:58 | 00,001,602 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/06 20:43:16 | 00,000,696 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:37:51 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\explorer.exe.exe
[2010/01/06 20:36:24 | 00,263,168 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\rkill.com
[2010/01/06 20:32:05 | 00,263,168 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\rkill.pif
[2010/01/05 23:59:51 | 00,000,008 | ---- | M] () -- I:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/01 01:00:11 | 00,000,332 | ---- | M] () -- I:\WINDOWS\tasks\McQcTask.job
[6 I:\WINDOWS\*.tmp files -> I:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 21:55:05 | 00,000,728 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/01/16 18:03:15 | 00,000,000 | ---- | C] () -- I:\Documents and Settings\Owner\settings.dat
[2010/01/15 21:00:49 | 00,000,000 | ---- | C] () -- I:\WINDOWS\System32\19169.exe
[2010/01/15 20:40:48 | 00,000,000 | ---- | C] () -- I:\WINDOWS\System32\26500.exe
[2010/01/15 20:19:16 | 00,000,000 | ---- | C] () -- I:\WINDOWS\System32\6334.exe
[2010/01/15 19:59:15 | 00,000,000 | ---- | C] () -- I:\WINDOWS\System32\18467.exe
[2010/01/07 04:07:20 | 00,000,690 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/01/06 23:27:21 | 00,000,670 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2010/01/06 23:27:21 | 00,000,638 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard.lnk
[2010/01/06 23:27:20 | 00,000,650 | ---- | C] () -- I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/01/06 21:49:58 | 00,001,602 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/06 20:36:23 | 00,263,168 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\rkill.com
[2010/01/06 20:32:04 | 00,263,168 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\rkill.pif
[2010/01/05 23:59:51 | 00,000,008 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2008/05/16 02:45:49 | 00,000,197 | ---- | C] () -- I:\WINDOWS\System32\MRT.INI
[2008/03/04 00:19:02 | 00,000,056 | ---- | C] () -- I:\WINDOWS\WININIT.INI
[2007/12/27 00:32:23 | 00,006,351 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/21 01:04:59 | 00,000,140 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2007/10/16 01:42:00 | 00,000,000 | ---- | C] () -- I:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u
[2007/10/16 01:38:35 | 00,524,288 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2007/10/16 01:38:35 | 00,139,264 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2007/10/05 18:44:09 | 00,001,759 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/05 02:20:07 | 00,072,704 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/28 05:00:00 | 01,287,680 | ---- | C] () -- I:\WINDOWS\System32\quartz(3).dll
[2006/02/28 05:00:00 | 01,287,680 | ---- | C] () -- I:\WINDOWS\System32\quartz(2).dll
[2006/02/28 05:00:00 | 00,059,904 | ---- | C] () -- I:\WINDOWS\System32\devenum(2).dll
[2006/02/28 05:00:00 | 00,014,336 | ---- | C] () -- I:\WINDOWS\System32\msdmo(2).dll
[2005/05/03 10:38:42 | 00,064,512 | ---- | C] () -- I:\WINDOWS\System32\P17.dll
[2003/10/02 09:48:18 | 00,053,248 | ---- | C] () -- I:\WINDOWS\System32\P17CPI.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/10/27 21:49:06 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2006/02/28 05:00:00 | 18,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/26 00:45:26 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/26 00:45:26 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- I:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/10/27 21:49:06 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2006/02/28 05:00:00 | 18,738,937 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/26 00:45:26 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/26 00:45:26 | 23,852,652 | ---- | M] () .cab file -- I:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- I:\WINDOWS\system32\drivers\atapi.sys
[2006/02/28 05:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- I:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 17:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- I:\WINDOWS\system32\eventlog.dll
[2006/02/28 05:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- I:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 17:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- I:\WINDOWS\system32\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- I:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 11:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- I:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2006/02/28 05:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- I:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 05:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- I:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 17:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- I:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 94 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:C5E4F943
@Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:73933431
@Alternate Data Stream - 125 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 106 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:2EF63291
@Alternate Data Stream - 103 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
OTL Extras logfile created on: 1/24/2010 4:38:39 PM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = I:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 25.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): I:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.04 Gb Total Space | 119.17 Gb Free Space | 79.96% Space Free | Partition Type: NTFS

Computer Name: FEDOREK-68FB4B1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe File not found

[HKEY_USERS\S-1-5-21-776561741-1547161642-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- I:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome File not found
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 File not found
http [open] -- "I:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "I:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "I:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "I:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9420:TCP" = 9420:TCP:*:Enabled:Akamai Network Manager
"5000:UDP" = 5000:UDP:*:Enabled:Akamai Network Manager

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"I:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = I:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"I:\Program Files\iMesh Applications\iMesh\iMesh.exe" = I:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh -- File not found
"I:\Program Files\LimeWire\LimeWire.exe" = I:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = I:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = I:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- ()
"I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"I:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = I:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = I:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"I:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = I:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- (Hewlett-Packard Co.)
"I:\Program Files\IncrediMail\bin\ImApp.exe" = I:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"I:\Program Files\IncrediMail\bin\IncMail.exe" = I:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"I:\Program Files\IncrediMail\bin\ImpCnt.exe" = I:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"I:\Program Files\IncrediMail\bin\ImLc.exe" = I:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"I:\Program Files\Windows Live\Messenger\wlcsdk.exe" = I:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"I:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = I:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)
"I:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = I:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"I:\Documents and Settings\Owner\Application Data\U3\0000161781723BDF\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe" = I:\Documents and Settings\Owner\Application Data\U3\0000161781723BDF\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skype.exe:*:Enabled:Skype -- File not found
"I:\Program Files\BitTorrent\bittorrent.exe" = I:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 15
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{44B2E182-DD85-45FC-9F51-326B81D7C7F1}" = Fax
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01653EF-9F9F-41D6-B879-654A6BF5892C}" = Digital Locker Assistant
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdssiteSocial" = Socialnetworking Helper Adssite
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"AVS DVD Copy_is1" = AVS DVD Copy version 1.4
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS DVDMenu Editor_is1" = AVS DVDMenu Editor 1.2.1.19
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"AVS4YOU Video Converter_is1" = AVS Video Converter 5.6
"BitTorrent" = BitTorrent
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"Google Updater" = Google Updater
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail
"InstallShield_{E149E957-F289-45E3-8645-1794A173F5AB}" = Pacific Fighters
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Connections Drivers
"RealAlt_is1" = Real Alternative 1.7.5
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SpywareGuard_is1" = SpywareGuard v2.2
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-776561741-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/7/2010 12:44:01 AM | Computer Name = FEDOREK-68FB4B1 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20070.25881, faulting
module firefox.exe, version 1.8.20070.25881, fault address 0x0043fb19.

Error - 1/15/2010 11:40:47 PM | Computer Name = FEDOREK-68FB4B1 | Source = McLogEvent | ID = 5051
Description = A thread in process I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2692 (0xa84) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\WINDOWS\system32\dllcache\chtskf.dll

by I:\Program Files\Malwarebytes' Anti-Malware\mbam.exe 4(0)(0) 4(0)(0) 7200(0)(0)

7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 1/15/2010 11:40:47 PM | Computer Name = FEDOREK-68FB4B1 | Source = McLogEvent | ID = 5051
Description = A thread in process I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2712 (0xa98) Thread address : 0x7C90E514 Thread message : Object being scanned
= \Device\HarddiskVolume1\WINDOWS\system32\drivers\etc\hosts by I:\WINDOWS\system32\svchost.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/15/2010 11:40:47 PM | Computer Name = FEDOREK-68FB4B1 | Source = McLogEvent | ID = 5051
Description = A thread in process I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 752 (0x2f0) Thread address : 0x7C90E514 Thread message : Object being scanned
= \Device\HarddiskVolume1\Program Files\MCAFEE\MSC\MCSUBMGR\9,15,160,0\MCSUBMGR.DLL

by I:\Program Files\Spyware Doctor\pctsSvc.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

Error - 1/15/2010 11:52:20 PM | Computer Name = FEDOREK-68FB4B1 | Source = McLogEvent | ID = 5051
Description = A thread in process I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 1744 (0x6d0) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\program files\common
files\adobe\updater\adobeupdaterapp.dll by I:\Program Files\Spyware Doctor\pctsSvc.exe

4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0) 7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)


Error - 1/23/2010 2:17:12 PM | Computer Name = FEDOREK-68FB4B1 | Source = McLogEvent | ID = 5051
Description = A thread in process I:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe took
longer than 90000 ms to complete a request. The process will be terminated. Thread
id : 2840 (0xb18) Thread address : 0x7C90E514 Thread message : Build VSCORE.14.0.0.435
/ 5301.4018 Object being scanned = \Device\HarddiskVolume1\Program Files\McAfee\VirusScan\DAT\5869.0\avvscan.dat

by i:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe 4(0)(0) 4(0)(0) 7200(0)(0) 7595(0)(0)

7005(0)(0) 7004(0)(0) 5006(0)(0) 5004(0)(0)

[ System Events ]
Error - 1/16/2010 1:38:46 AM | Computer Name = FEDOREK-68FB4B1 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.

Error - 1/16/2010 8:18:56 AM | Computer Name = FEDOREK-68FB4B1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 75.157.123.45 on
the Network Card with network address 001320305F94.

Error - 1/16/2010 8:19:08 AM | Computer Name = FEDOREK-68FB4B1 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 1/16/2010 4:57:30 PM | Computer Name = FEDOREK-68FB4B1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 75.157.123.45 on
the Network Card with network address 001320305F94.

Error - 1/17/2010 4:37:14 PM | Computer Name = FEDOREK-68FB4B1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 75.157.123.45 on
the Network Card with network address 001320305F94.

Error - 1/18/2010 10:09:37 PM | Computer Name = FEDOREK-68FB4B1 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 1/18/2010 10:10:21 PM | Computer Name = FEDOREK-68FB4B1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 1/19/2010 8:20:04 PM | Computer Name = FEDOREK-68FB4B1 | Source = DCOM | ID = 10010
Description = The server {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} did not register
with DCOM within the required timeout.

Error - 1/19/2010 8:20:42 PM | Computer Name = FEDOREK-68FB4B1 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the mcmscsvc service.

Error - 1/23/2010 2:17:27 PM | Computer Name = FEDOREK-68FB4B1 | Source = Service Control Manager | ID = 7031
Description = The McAfee Real-time Scanner service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 24 January 2010 - 07:43 PM

Hi,

please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 26 January 2010 - 06:55 AM

followed as instructed,,gmer scan would not work. had to run in safe mode,scan ran for 4 hrs,saved to desktop,no log saved. tried to copy but all that is saved is blank gmer.log Notepad

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 26 January 2010 - 12:07 PM

Hi,

please provide logs from mbr and rootrepeal instead then:

MBR:
Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.

ROOTREPEAL:
  • Download RootRepeal from the following location and save it to your desktop.
  • Extract the contents of RootRepeal.zip, to your desktop.
  • Double click on your desktop.
  • Click on the report tab, then click scan
  • Check all seven boxes:
    Drivers
    Files
    Processes
    SSDT
    Stealth Objects
    Hidden Services
    Shadow SSDT
  • Click Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, Click the Save Report button. Save the log as RootRepeal.txt and post it in your next reply.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 January 2010 - 10:34 PM

Hi,,sorry for late responses,been extremely busy. when i type in c:\mbr.exe -t >"C:\mbr.log" at the command prompt it tells me the device is not ready. Here is the root report though.ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2010/01/29 20:22
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: I:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAAAE5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: I:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A18000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: I:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA95BF000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: i:\windows\temp\mcafee_yxurgckyk5thvqs
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: i:\windows\temp\mcmsc_scbvhohsc819acs
Status: Allocation size mismatch (API: 4096, Raw: 0)

==EOF==

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 29 January 2010 - 10:43 PM

Hi,

that was my bad, please run the following MBR command instead after you copied mbr to I:\mbr.exe (your systemroot):
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: i:\mbr.exe -t >"i:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive in this case I:.
  • Copy and paste the results of the mbr.log in your next reply.

regards myrti

Edited by myrti, 29 January 2010 - 10:43 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 January 2010 - 10:47 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 29 January 2010 - 11:05 PM

Hi,

The good news is that you do not seem to be infected by a rootkit. There are a couple of leftovers, however they should not really affect your system. please run the following fix to remove them:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    O1 - Hosts: 91.212.127.226 osguard-pro.microsoft.com
    O1 - Hosts: 91.212.127.226 osguard-pro.com
    O1 - Hosts: 91.212.127.226 www.osguard-pro.com
    [2010/01/15 21:00:49 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\19169.exe
    [2010/01/15 20:40:48 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\26500.exe
    [2010/01/15 20:19:16 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\6334.exe
    [2010/01/15 19:59:15 | 00,000,000 | ---- | M] () -- I:\WINDOWS\System32\18467.exe
    @Alternate Data Stream - 94 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:C5E4F943
    @Alternate Data Stream - 131 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:73933431
    @Alternate Data Stream - 125 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 115 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 106 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:2EF63291
    @Alternate Data Stream - 103 bytes -> I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Could it be some of the programs you installed? Bittorrent or SpywareGuard? Do you recall when exactly those symptoms appeared?

regards myrti
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 January 2010 - 11:26 PM

Thats tough to say,,i was attacked by that antivirus pro awile back and used this site to get rid of that. Everything ran fine for a few weeks until this green screen. Same situation happened to a friend of mine,we had power tab editor for guitar installed around the same time and ad ware attacks occured when using that program. Deleted that program after anti viruspro nonsense.All processes killed
========== OTL ==========
91.212.127.226 osguard-pro.microsoft.com removed from HOSTS file successfully
91.212.127.226 osguard-pro.com removed from HOSTS file successfully
I:\WINDOWS\system32\19169.exe moved successfully.
I:\WINDOWS\system32\26500.exe moved successfully.
I:\WINDOWS\system32\6334.exe moved successfully.
I:\WINDOWS\system32\18467.exe moved successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:C5E4F943 deleted successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:73933431 deleted successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:2EF63291 deleted successfully.
ADS I:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33664 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1296994 bytes

User: Owner
->Temp folder emptied: 326198590 bytes
->Temporary Internet Files folder emptied: 287306459 bytes
->Java cache emptied: 33210595 bytes
->FireFox cache emptied: 91633455 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 70940810 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 34382842 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7235994 bytes

Total Files Cleaned = 815.00 mb


OTL by OldTimer - Version 3.1.26.0 log created on 01292010_211445

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


#12 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 January 2010 - 11:37 PM

OTL logfile created on: 1/29/2010 9:30:09 PM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = I:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 568.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): I:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = I: | %SystemRoot% = I:\WINDOWS | %ProgramFiles% = I:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 149.04 Gb Total Space | 119.42 Gb Free Space | 80.12% Space Free | Partition Type: NTFS

Computer Name: FEDOREK-68FB4B1
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - I:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - i:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - I:\Program Files\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - I:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - I:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - I:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
PRC - I:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - i:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - i:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - I:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - I:\Program Files\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - I:\Program Files\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - I:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
PRC - I:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.)
PRC - I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - I:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
PRC - I:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
PRC - I:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
PRC - I:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - I:\Program Files\SpywareGuard\sgmain.exe ()
PRC - I:\Program Files\SpywareGuard\sgbhp.exe ()


========== Modules (SafeList) ==========

MOD - I:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe (OldTimer Tools)


========== Win32 Services (SafeList) ==========

SRV - (MpfService) -- I:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McODS) -- I:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- I:\Program Files\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- I:\Program Files\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (gupdate1ca1268f034db18) Google Update Service (gupdate1ca1268f034db18) -- I:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc) -- I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (mcmscsvc) -- I:\Program Files\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McProxy) -- i:\Program Files\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- i:\Program Files\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SeaPort) -- I:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (hpqddsvc) -- I:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (hpqcxs08) -- I:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (Pml Driver HPZ12) -- I:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)
SRV - (Net Driver HPZ12) -- I:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)
SRV - (AdobeActiveFileMonitor5.0) -- I:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (IDriverT) -- I:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- I:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- I:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- I:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- I:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- I:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- I:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (HDAudBus) -- I:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (Secdrv) -- I:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (PxHelp20) -- I:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (motmodem) -- I:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (P17) -- I:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
DRV - (HPZius12) -- I:\WINDOWS\system32\drivers\HPZius12.sys (HP)
DRV - (HPZipr12) -- I:\WINDOWS\system32\drivers\HPZipr12.sys (HP)
DRV - (HPZid412) -- I:\WINDOWS\system32\drivers\HPZid412.sys (HP)
DRV - (E100B) Intel® -- I:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation)
DRV - (Ptilink) -- I:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ialm) -- I:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (AgereSoftModem) -- I:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (ossrv) -- I:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- I:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (SaiH0255) -- I:\WINDOWS\system32\drivers\SaiH0255.sys (Saitek)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = I:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - I:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ca/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 8
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: i:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: I:\Program Files\Mozilla Firefox\components [2010/01/18 19:05:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: I:\Program Files\Mozilla Firefox\plugins [2010/01/06 21:49:55 | 00,000,000 | ---D | M]

[2010/01/06 21:50:17 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/01/06 21:50:17 | 00,000,000 | ---D | M] (No name found) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/01/29 06:27:51 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jk2gwp79.default\extensions
[2010/01/06 21:50:47 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jk2gwp79.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/06 21:50:17 | 00,000,000 | ---D | M] -- I:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\jk2gwp79.default\extensions\firefox@tvunetworks.com
[2010/01/29 06:27:51 | 00,000,000 | ---D | M] -- I:\Program Files\Mozilla Firefox\extensions
[2010/01/06 21:49:56 | 00,000,000 | ---D | M] (Default) -- I:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/10/10 01:37:44 | 00,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/24 13:22:52 | 00,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/30 20:48:51 | 00,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/10/23 15:04:45 | 00,000,000 | ---D | M] (Java Console) -- I:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/12/22 10:41:43 | 00,023,512 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/12/22 10:41:44 | 00,137,176 | ---- | M] (Mozilla Foundation) -- I:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2008/12/05 22:52:44 | 00,114,688 | ---- | M] (Adobe Systems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009/10/23 15:04:17 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/12/22 10:41:45 | 00,064,984 | ---- | M] (mozilla.org) -- I:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007/12/21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2008/01/19 15:02:48 | 00,143,360 | ---- | M] (Apple Inc.) -- I:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/12/21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- I:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2009/12/21 19:32:20 | 00,001,394 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/12/21 19:32:20 | 00,002,193 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/12/21 19:32:20 | 00,001,534 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/12/21 19:32:20 | 00,002,344 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/12/21 19:32:20 | 00,002,371 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/12/21 19:32:20 | 00,001,178 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/12/21 19:32:20 | 00,000,792 | ---- | M] () -- I:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/01/29 21:14:47 | 00,000,074 | RH-- | M]) - I:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - I:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - I:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - I:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - I:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - I:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - I:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - I:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [igfxhkcmd] I:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] I:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] I:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcagent_exe] I:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] I:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [ctfmon.exe] I:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IncrediMail] I:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [MsnMsgr] I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan.lnk = I:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: I:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sonic CinePlayer Quick Launch.lnk = I:\Program Files\Common Files\Sonic Shared\CineTray.exe (Sonic Solutions)
O4 - Startup: I:\Documents and Settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = I:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O4 - Startup: I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk = I:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - I:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - I:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - I:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - I:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - I:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///I:/Program%20Files/Zuma/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A781DED-4153-C22D-3213-A3211E29DF13} http://cached.gamedesire.com/g_bin/eng/cards_2_0_0_80.cab (GameDesire Card Games)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///I:/Program%20Files/Zuma/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.154.133.100 75.154.133.68
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - I:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - I:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - I:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - I:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - I:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - I:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - I:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - I:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - I:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - I:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - I:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - I:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - I:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (I:\WINDOWS\system32\userinit.exe) - I:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - I:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - I:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - I:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - I:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - I:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - I:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - I:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - I:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - I:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - I:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - I:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - I:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - I:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: I:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: I:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - I:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - I:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - I:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - I:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - I:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - I:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - I:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - I:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - I:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/29 21:14:45 | 00,000,000 | ---D | C] -- I:\_OTL
[2010/01/29 20:20:32 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Desktop\RootRepeal
[2010/01/28 02:35:40 | 01,924,200 | ---- | C] (Adobe Systems Incorporated) -- I:\Documents and Settings\Owner\My Documents\install_flash_player.exe
[2010/01/18 21:55:04 | 00,000,000 | ---D | C] -- I:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/01/18 21:54:54 | 00,000,000 | ---D | C] -- I:\Program Files\BitTorrent
[2010/01/13 05:21:28 | 00,471,552 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/07 04:19:22 | 00,000,000 | R--D | C] -- I:\Documents and Settings\Owner\My Documents\My Music
[2010/01/07 04:07:19 | 00,118,784 | ---- | C] (Microsoft Corporation) -- I:\WINDOWS\System32\MSSTDFMT.DLL
[2010/01/07 04:07:19 | 00,000,000 | ---D | C] -- I:\Program Files\SpywareBlaster
[2010/01/06 23:27:19 | 00,000,000 | ---D | C] -- I:\Program Files\SpywareGuard
[2010/01/06 20:37:51 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\explorer.exe.exe
[2009/07/31 22:39:00 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/07/31 22:28:51 | 00,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/22 02:00:31 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/10/27 22:11:09 | 00,000,000 | ---D | M] -- I:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/06/05 06:21:01 | 00,000,000 | ---D | M] -- I:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/27 21:09:22 | 00,000,000 | --SD | M] -- I:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/04/27 21:09:22 | 00,000,000 | --SD | M] -- I:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 00:41:06 | 00,065,536 | ---- | C] ( ) -- I:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2010/01/29 21:17:05 | 00,023,869 | ---- | M] () -- I:\WINDOWS\System32\Config.MPF
[2010/01/29 21:16:42 | 00,000,868 | ---- | M] () -- I:\WINDOWS\tasks\Google Software Updater.job
[2010/01/29 21:16:35 | 00,000,882 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/29 21:16:22 | 00,000,006 | -H-- | M] () -- I:\WINDOWS\tasks\SA.DAT
[2010/01/29 21:16:20 | 00,002,048 | --S- | M] () -- I:\WINDOWS\bootstat.dat
[2010/01/29 21:15:39 | 04,972,544 | ---- | M] () -- I:\Documents and Settings\Owner\ntuser.dat
[2010/01/29 21:15:39 | 00,000,178 | -HS- | M] () -- I:\Documents and Settings\Owner\ntuser.ini
[2010/01/29 20:44:00 | 00,000,886 | ---- | M] () -- I:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/29 20:19:30 | 00,464,491 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/01/29 20:15:59 | 00,077,312 | ---- | M] () -- I:\mbr.exe
[2010/01/29 18:50:11 | 00,013,646 | ---- | M] () -- I:\WINDOWS\System32\wpa.dbl
[2010/01/29 18:48:17 | 00,262,946 | -H-- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2010/01/28 07:21:02 | 00,000,284 | ---- | M] () -- I:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/01/28 02:35:41 | 01,924,200 | ---- | M] (Adobe Systems Incorporated) -- I:\Documents and Settings\Owner\My Documents\install_flash_player.exe
[2010/01/27 03:07:25 | 00,072,704 | ---- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/26 21:22:41 | 00,000,629 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\Shortcut (2) to mbr.lnk
[2010/01/18 21:55:05 | 00,000,728 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/01/16 18:03:15 | 00,000,000 | ---- | M] () -- I:\Documents and Settings\Owner\settings.dat
[2010/01/15 01:00:00 | 00,000,340 | ---- | M] () -- I:\WINDOWS\tasks\McDefragTask.job
[2010/01/14 04:54:15 | 00,001,374 | ---- | M] () -- I:\WINDOWS\imsins.BAK
[2010/01/10 07:05:59 | 00,033,320 | ---- | M] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- I:\WINDOWS\System32\drivers\mbam.sys
[2010/01/07 04:08:35 | 00,146,016 | ---- | M] () -- I:\WINDOWS\System32\FNTCACHE.DAT
[2010/01/07 04:07:20 | 00,000,690 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/01/06 23:27:21 | 00,000,670 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2010/01/06 23:27:21 | 00,000,638 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard.lnk
[2010/01/06 23:27:20 | 00,000,650 | ---- | M] () -- I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/01/06 21:49:58 | 00,001,602 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/06 20:43:16 | 00,000,696 | ---- | M] () -- I:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/06 20:37:51 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- I:\Documents and Settings\Owner\Desktop\explorer.exe.exe
[2010/01/06 20:36:24 | 00,263,168 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\rkill.com
[2010/01/06 20:32:05 | 00,263,168 | ---- | M] () -- I:\Documents and Settings\Owner\Desktop\rkill.pif
[2010/01/05 23:59:51 | 00,000,008 | ---- | M] () -- I:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/01 01:00:11 | 00,000,332 | ---- | M] () -- I:\WINDOWS\tasks\McQcTask.job

========== Files Created - No Company Name ==========

[2010/01/29 20:19:24 | 00,464,491 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\RootRepeal.zip
[2010/01/26 23:26:46 | 00,077,312 | ---- | C] () -- I:\mbr.exe
[2010/01/26 21:22:41 | 00,000,629 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\Shortcut (2) to mbr.lnk
[2010/01/18 21:55:05 | 00,000,728 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/01/16 18:03:15 | 00,000,000 | ---- | C] () -- I:\Documents and Settings\Owner\settings.dat
[2010/01/07 04:07:20 | 00,000,690 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk
[2010/01/06 23:27:21 | 00,000,670 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard LiveUpdate.lnk
[2010/01/06 23:27:21 | 00,000,638 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\SpywareGuard.lnk
[2010/01/06 23:27:20 | 00,000,650 | ---- | C] () -- I:\Documents and Settings\Owner\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/01/06 21:49:58 | 00,001,602 | ---- | C] () -- I:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/06 20:36:23 | 00,263,168 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\rkill.com
[2010/01/06 20:32:04 | 00,263,168 | ---- | C] () -- I:\Documents and Settings\Owner\Desktop\rkill.pif
[2010/01/05 23:59:51 | 00,000,008 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2008/05/16 02:45:49 | 00,000,197 | ---- | C] () -- I:\WINDOWS\System32\MRT.INI
[2008/03/04 00:19:02 | 00,000,056 | ---- | C] () -- I:\WINDOWS\WININIT.INI
[2007/12/27 00:32:23 | 00,006,351 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/21 01:04:59 | 00,000,140 | ---- | C] () -- I:\WINDOWS\ODBC.INI
[2007/10/16 01:42:00 | 00,000,000 | ---- | C] () -- I:\Documents and Settings\Owner\Application Data\AVSDVDPlayer.m3u
[2007/10/16 01:38:35 | 00,524,288 | ---- | C] () -- I:\WINDOWS\System32\xvidcore.dll
[2007/10/16 01:38:35 | 00,139,264 | ---- | C] () -- I:\WINDOWS\System32\xvidvfw.dll
[2007/10/05 18:44:09 | 00,001,759 | ---- | C] () -- I:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/10/05 02:20:07 | 00,072,704 | ---- | C] () -- I:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/28 05:00:00 | 01,287,680 | ---- | C] () -- I:\WINDOWS\System32\quartz(3).dll
[2006/02/28 05:00:00 | 01,287,680 | ---- | C] () -- I:\WINDOWS\System32\quartz(2).dll
[2006/02/28 05:00:00 | 00,059,904 | ---- | C] () -- I:\WINDOWS\System32\devenum(2).dll
[2006/02/28 05:00:00 | 00,014,336 | ---- | C] () -- I:\WINDOWS\System32\msdmo(2).dll
[2005/05/03 10:38:42 | 00,064,512 | ---- | C] () -- I:\WINDOWS\System32\P17.dll
[2003/10/02 09:48:18 | 00,053,248 | ---- | C] () -- I:\WINDOWS\System32\P17CPI.dll
< End of report >


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 29 January 2010 - 11:46 PM

Hi,

well what I can see from here, whatever you are experiencing does not seem to be malware related. Do you have a system restore from before the infection point to which you could revert to undo all the changes done?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 terrarium

terrarium
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:05 PM

Posted 29 January 2010 - 11:51 PM

Yes i do,i'll give that a try and let you know how that works in a day or two.

#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,774 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:05 PM

Posted 05 February 2010 - 03:49 PM

Hi,

any news, how are things going?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users