Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Link Hijacking and several reoccuring trojans


  • This topic is locked This topic is locked
23 replies to this topic

#1 Techgeek07

Techgeek07

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 18 January 2010 - 11:38 PM

Hi I hope someone here can help. On Jan 16 I was suddenly started getting popups and somehow internet securtiy 2010 installed. I used malwarebyets and said the it cleaned the internet security 2010 off. From then on, whenever I search google, yahoo, ect. I get randomly redirected. Also, it randomly deletes all of my enteries from the HOSTS. Here's what I've done so far.

Ran MB as previosly stated
Ran spybot search and destroy
Ran Counterspy- that's what finds backdoor.bifrost and says that it cleans it
Ran AVG antivirus- nothing found
Ran Panda Antivirus- found a worm residing in open office. It says it cleans it but the problems persist
Ran the trendmicro rootkit program
Ran Adaware
(All of the above were run with the latest definitions)

Tried to run root repeal but it froze my system several times for hours.

any help would be appreciated. Thanks


DDS (Ver_09-12-01.01) - NTFSx86
Run by David at 23:15:16.67 on Mon 01/18/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1477 [GMT -5:00]

AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Volumouse\volumouse.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wscntfy.exe
C:\test\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [$Volumouse$] "c:\program files\volumouse\volumouse.exe" /nodlg
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1206404858993
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\pryefgjd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-18 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-1-18 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2008-5-20 15328]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2008-6-2 216032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

=============== Created Last 30 ================

2010-01-19 02:34:27 0 d-----w- c:\docume~1\david\applic~1\Panda Security
2010-01-19 02:31:40 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-01-19 02:31:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-01-19 01:30:21 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-19 01:29:40 0 d-----w- c:\program files\Panda Security
2010-01-18 09:23:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 08:16:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 08:14:46 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 08:14:21 0 d-----w- c:\program files\Lavasoft
2010-01-18 05:10:39 12371736 ----a-w- C:\counterspy.exe
2010-01-18 03:06:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-01-18 02:59:12 69672352 ----a-w- C:\kav2010_9.0.0.736EN.exe
2010-01-18 02:35:25 0 d-sha-r- C:\cmdcons
2010-01-18 01:28:29 0 d-----w- c:\program files\Trend Micro
2010-01-18 01:28:18 812344 ----a-w- C:\HJTInstall.exe
2010-01-18 01:06:52 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 01:06:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-18 01:04:38 16409960 ----a-w- C:\spybotsd162.exe
2010-01-17 05:59:08 98816 ----a-w- c:\windows\sed.exe
2010-01-17 05:59:08 77312 ----a-w- c:\windows\MBR.exe
2010-01-17 05:59:08 261632 ----a-w- c:\windows\PEV.exe
2010-01-17 05:59:08 161792 ----a-w- c:\windows\SWREG.exe
2010-01-17 05:05:50 0 d-----w- C:\$AVG
2010-01-17 05:03:50 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-17 04:57:16 891248 ----a-w- C:\avg_free_stb_all_9_40_cnet.exe
2010-01-13 07:57:12 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 22:02:22 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-02 21:46:41 0 d-----w- c:\docume~1\alluse~1\applic~1\MumboJumbo
2010-01-02 21:46:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Trymedia
2010-01-02 21:46:09 0 d-----w- c:\docume~1\alluse~1\applic~1\NeoEdge Networks
2010-01-01 10:29:11 0 d-----w- C:\DBM
2009-12-22 04:16:34 0 d-----w- c:\program files\NVIDIA Corporation
2009-12-22 04:15:53 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-12-22 04:15:53 5876 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-12-22 04:15:52 6789 ----a-w- c:\windows\system32\nvnrm.nvu
2009-12-22 04:15:52 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-12-22 04:08:24 0 d-----w- C:\system drivers
2009-12-21 05:00:12 1708 ----a-w- c:\windows\system32\openIE.js
2009-12-21 05:00:11 695901 ----a-w- c:\windows\system32\unins000.exe
2009-12-21 05:00:11 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2009-12-21 05:00:11 33240 ----a-w- c:\windows\system32\unins000.dat
2009-12-21 05:00:11 0 d-----w- c:\windows\system32\languages
2009-12-21 05:00:00 0 d-----w- c:\program files\AviSynth 2.5
2009-12-21 04:59:56 290816 ----a-w- c:\windows\system32\stFLVSource.ax
2009-12-21 04:59:56 0 d-----w- c:\program files\common files\SourceTec
2009-12-21 04:59:55 438272 ----a-w- c:\windows\system32\Mpeg2DecFilter.ax
2009-12-21 04:59:55 217088 ----a-w- c:\windows\system32\CoreFLACDecoder.ax
2009-12-21 04:59:55 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2009-12-21 04:59:55 0 d-----w- c:\program files\SourceTec
2009-12-21 04:59:19 20817952 ----a-w- C:\dvdmaker.zip
2009-12-21 04:50:03 94208 ----a-w- c:\windows\system32\Mpeg2Parser.ax
2009-12-21 04:50:03 139264 ----a-w- c:\windows\system32\Mpeg2Decoder.ax
2009-12-21 04:50:02 980992 ----a-w- c:\windows\system32\cygiconv-2.dll
2009-12-21 04:50:02 62464 ----a-w- c:\windows\system32\cygz.dll
2009-12-21 04:50:02 1208320 ----a-w- c:\windows\system32\cygxml2-2.dll
2009-12-21 04:50:02 1153417 ----a-w- c:\windows\system32\cygwin1.dll
2009-12-21 04:42:54 0 d-----w- C:\ConverterOutput
2009-12-21 04:42:45 0 d-----w- c:\program files\Cucusoft
2009-12-21 04:42:36 0 d-----w- c:\program files\common files\Download Manager
2009-12-21 04:41:54 128416 ----a-w- C:\avitodvd.exe

==================== Find3M ====================

2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-01 21:04:58 1663656 ----a-w- C:\InstallWoW.exe
2009-11-30 07:53:32 1460010 ----a-w- C:\DOSBox0.73-win32-installer.exe
2009-11-30 07:48:02 1460010 ----a-w- C:\DOSBox073win32installer.exe
2009-11-07 06:27:22 3310608 ----a-w- C:\ccsetup225.exe
2009-11-04 02:23:54 5697032 ----a-w- C:\wmvfirefoxpluginsetup-0.1.675.1923.exe
2009-11-02 20:00:45 3889824 ----a-w- C:\downloadable_install_wizard.exe
2009-10-29 07:46:59 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 04:41:36 9767160 ----a-w- C:\InstallWizard101.exe
2009-10-21 22:37:11 738176 ----a-w- C:\attachments_2009_10_21.zip
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2008-09-04 15:20:16 0 ----a-w- c:\program files\temp01
2008-05-16 01:06:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051520080516\index.dat

============= FINISH: 23:16:07.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 19 January 2010 - 08:16 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 19 January 2010 - 04:44 PM

Hi,
Thanks for your help

OTL logfile created on: 1/19/2010 4:32:33 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 43.68 Gb Free Space | 29.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/19 16:30:20 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
PRC - [2010/01/13 06:49:29 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/30 17:29:56 | 00,136,448 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2009/10/30 17:29:01 | 00,361,728 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/07/15 00:32:20 | 00,387,616 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2009/07/15 00:32:20 | 00,178,720 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/06/02 14:18:58 | 00,216,032 | ---- | M] () -- C:\Program Files\Macrium\Reflect\ReflectService.exe
PRC - [2008/04/29 17:12:18 | 00,030,208 | ---- | M] (NirSoft) -- C:\Program Files\Volumouse\volumouse.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/25 22:00:02 | 00,520,192 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/11/15 09:12:04 | 00,784,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007/11/15 09:08:26 | 00,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2007/08/30 16:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe


========== Modules (SafeList) ==========

MOD - [2010/01/19 16:30:20 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 00,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 00,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/29 17:11:36 | 00,007,168 | ---- | M] (NirSoft) -- C:\Program Files\Volumouse\vlmshlp.dll
MOD - [2007/11/15 09:10:38 | 00,062,480 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2007/11/15 09:06:18 | 00,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2007/08/30 16:43:14 | 00,006,144 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\idle.dll
MOD - [2007/08/30 15:17:38 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Yahoo!\Messenger\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/18 03:15:46 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/10/30 17:29:56 | 00,136,448 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/09/04 12:17:00 | 00,447,216 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2009/09/04 12:16:54 | 05,893,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/09/04 12:16:54 | 00,058,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2009/07/15 00:32:20 | 00,387,616 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2009/07/15 00:32:20 | 00,178,720 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009/05/27 02:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/11/24 21:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 21:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 21:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/06/02 14:18:58 | 00,216,032 | ---- | M] () [Auto | Running] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2008/02/25 22:00:02 | 00,520,192 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2008/02/25 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2008/02/19 12:10:24 | 00,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2008/02/18 10:16:30 | 00,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/11/15 09:09:42 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/23 16:54:04 | 00,262,144 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 16:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/01/06 23:54:41 | 00,077,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpbpro.exe -- (HP Port Resolver)
SRV - [2006/01/06 23:54:41 | 00,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpboid.exe -- (HP Status Server)
SRV - [2004/03/18 15:55:48 | 00,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2009/12/02 08:19:06 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/10/30 16:18:01 | 00,146,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2009/10/23 01:01:43 | 00,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/10/23 01:01:42 | 00,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/10/13 15:50:55 | 00,101,512 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2009/10/13 15:50:54 | 00,114,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2009/10/13 15:50:54 | 00,095,880 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/09/01 23:28:46 | 00,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2009/07/01 11:52:02 | 00,015,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 11:52:00 | 00,067,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 17:31:00 | 00,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/06/30 09:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/05/20 08:32:40 | 00,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/26 00:51:43 | 02,863,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/09/21 02:10:46 | 00,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/09/21 02:10:40 | 00,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 02:10:20 | 00,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/01/30 21:57:50 | 04,474,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/12 09:54:00 | 00,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\winflash_1_9\WinFlash.sys -- (WINFLASH)
DRV - [2006/11/02 06:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/24 08:28:46 | 00,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/09/19 13:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/01/06 23:54:39 | 00,051,088 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006/01/06 23:54:39 | 00,021,744 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006/01/06 23:54:39 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [1996/04/03 14:33:26 | 00,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-796845957-861567501-839522115-1003\S-1-5-21-796845957-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-796845957-861567501-839522115-1003\S-1-5-21-796845957-861567501-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07103010
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/13 06:49:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/13 06:49:35 | 00,000,000 | ---D | M]

[2009/10/07 18:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions
[2009/10/07 18:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/01/18 02:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pryefgjd.default\extensions
[2008/07/15 18:01:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pryefgjd.default\extensions\moveplayer@movenetworks.com
[2010/01/18 02:08:22 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/01/19 01:53:35 | 00,619,898 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 127.0.0.1 ads.ad2games.com
O1 - Hosts: 127.0.0.1 content.ad20.net
O1 - Hosts: 16419 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKU\S-1-5-21-796845957-861567501-839522115-1003..\Run: [$Volumouse$] C:\Program Files\Volumouse\volumouse.exe (NirSoft)
O4 - HKU\S-1-5-21-796845957-861567501-839522115-1003..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-861567501-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-796845957-861567501-839522115-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-796845957-861567501-839522115-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1206404858993 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/15 19:43:12 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/03/15 14:29:19 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (1412528844308480)

========== Files/Folders - Created Within 30 Days ==========

[2010/01/19 16:30:19 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/01/18 23:03:00 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/18 21:34:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Application Data\Panda Security
[2010/01/18 21:31:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2010/01/18 20:30:21 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2010/01/18 20:29:40 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2010/01/18 20:14:57 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/18 20:14:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/18 20:14:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/18 11:14:42 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010/01/18 03:16:30 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/01/18 03:14:46 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/18 03:14:21 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/01/18 00:10:39 | 12,371,736 | ---- | C] (Sunbelt Software ) -- C:\counterspy.exe
[2010/01/17 22:06:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2010/01/17 21:59:12 | 69,672,352 | ---- | C] (Kaspersky Lab) -- C:\kav2010_9.0.0.736EN.exe
[2010/01/17 21:35:25 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010/01/17 20:28:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/17 20:28:18 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/01/17 20:06:52 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/17 20:06:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/01/17 20:04:38 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/01/17 00:59:08 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/01/17 00:59:08 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/01/17 00:59:08 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/01/17 00:59:08 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/01/17 00:59:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/01/17 00:58:20 | 00,000,000 | ---D | C] -- C:\Qoobox
[2010/01/17 00:05:50 | 00,000,000 | ---D | C] -- C:\$AVG
[2010/01/17 00:03:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/16 23:57:16 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\avg_free_stb_all_9_40_cnet.exe
[2010/01/13 02:57:12 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/01/04 21:10:17 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\David\Recent
[2010/01/04 17:02:22 | 00,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2010/01/04 16:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/01/02 16:46:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/01/02 16:46:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2010/01/02 16:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/01/01 05:29:11 | 00,000,000 | ---D | C] -- C:\DBM
[2009/12/21 23:16:34 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/12/21 23:15:53 | 00,701,440 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\cohelper.dll
[2009/12/21 23:15:52 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvunrm.exe
[2009/12/21 23:08:24 | 00,000,000 | ---D | C] -- C:\system drivers
[2009/12/21 00:00:11 | 00,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2009/12/21 00:00:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\languages
[2009/12/21 00:00:00 | 00,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2009/12/20 23:59:56 | 00,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2009/12/20 23:59:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/12/20 23:59:55 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2009/12/20 23:59:55 | 00,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2009/12/20 23:59:55 | 00,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2009/12/20 23:59:55 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/12/20 23:55:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\David\Local Settings\Application Data\WMTools Downloaded Files
[2009/12/20 23:50:03 | 00,139,264 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\Mpeg2Decoder.ax
[2009/12/20 23:50:03 | 00,094,208 | ---- | C] (Ligos Corporation) -- C:\WINDOWS\System32\Mpeg2Parser.ax
[2009/12/20 23:50:02 | 01,153,417 | ---- | C] (Red Hat) -- C:\WINDOWS\System32\cygwin1.dll
[2009/12/20 23:42:54 | 00,000,000 | ---D | C] -- C:\ConverterOutput
[2009/12/20 23:42:45 | 00,000,000 | ---D | C] -- C:\Program Files\Cucusoft
[2009/12/20 23:42:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Download Manager
[2009/12/20 23:41:54 | 00,128,416 | ---- | C] (Digital River) -- C:\avitodvd.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/19 16:30:20 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Desktop\OTL.exe
[2010/01/19 15:16:04 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/19 09:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/19 09:17:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/19 09:16:58 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/19 09:16:57 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/19 02:58:25 | 00,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/01/19 01:53:35 | 00,619,898 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/01/18 23:02:37 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/18 23:02:03 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/18 23:01:59 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/18 23:00:52 | 09,437,184 | -H-- | M] () -- C:\Documents and Settings\David\NTUSER.DAT
[2010/01/18 23:00:52 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\David\ntuser.ini
[2010/01/18 21:31:40 | 00,000,264 | ---- | M] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010/01/18 21:04:54 | 00,000,663 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/18 21:01:34 | 00,744,853 | ---- | M] () -- C:\Documents and Settings\David\Desktop\PAVARK.exe
[2010/01/18 19:48:37 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\David\Desktop\settings.dat
[2010/01/18 04:49:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/18 03:14:44 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/18 00:10:55 | 12,371,736 | ---- | M] (Sunbelt Software ) -- C:\counterspy.exe
[2010/01/17 22:01:17 | 69,672,352 | ---- | M] (Kaspersky Lab) -- C:\kav2010_9.0.0.736EN.exe
[2010/01/17 21:35:37 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010/01/17 20:28:30 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\David\Desktop\HijackThis.lnk
[2010/01/17 20:28:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2010/01/17 20:06:59 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2010/01/17 20:05:07 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2010/01/17 04:06:44 | 00,619,898 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100117-201229.backup
[2010/01/17 00:07:10 | 02,117,176 | -H-- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\IconCache.db
[2010/01/16 23:57:16 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_9_40_cnet.exe
[2010/01/16 04:28:58 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2010/01/15 07:27:53 | 00,000,073 | ---- | M] () -- C:\Documents and Settings\David\default.pls
[2010/01/13 03:02:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 21:08:47 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\David\Desktop\CCleaner.lnk
[2010/01/04 17:02:22 | 00,027,984 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2009/12/23 03:39:24 | 00,043,520 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/21 23:23:34 | 00,574,764 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/21 23:23:34 | 00,479,394 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/21 23:23:34 | 00,085,158 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/21 23:12:39 | 00,154,672 | ---- | M] () -- C:\WINDOWS\System32\nvdb02.adghz
[2009/12/21 00:00:12 | 00,033,240 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat
[2009/12/21 00:00:10 | 00,695,901 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe
[2009/12/20 23:59:59 | 00,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sothink Movie DVD Maker.lnk
[2009/12/20 23:59:39 | 20,817,952 | ---- | M] () -- C:\dvdmaker.zip
[2009/12/20 23:41:55 | 00,128,416 | ---- | M] (Digital River) -- C:\avitodvd.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/18 21:31:40 | 00,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2010/01/18 21:01:29 | 00,744,853 | ---- | C] () -- C:\Documents and Settings\David\Desktop\PAVARK.exe
[2010/01/18 19:48:37 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\David\Desktop\settings.dat
[2010/01/18 04:23:15 | 00,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/01/18 03:17:51 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/01/18 03:17:51 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/01/18 03:17:50 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/01/18 03:17:48 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/01/18 03:17:46 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/01/18 03:14:44 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/01/17 21:35:36 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010/01/17 21:35:28 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010/01/17 20:28:30 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\David\Desktop\HijackThis.lnk
[2010/01/17 20:06:59 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\David\Desktop\Spybot - Search & Destroy.lnk
[2010/01/17 00:59:08 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/01/17 00:59:08 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/01/17 00:59:08 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/01/17 00:59:08 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/01/17 00:59:08 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/01/13 03:02:58 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/12/21 23:15:53 | 00,005,876 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/12/21 23:15:52 | 00,006,789 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2009/12/21 00:00:12 | 00,001,708 | ---- | C] () -- C:\WINDOWS\System32\openIE.js
[2009/12/21 00:00:11 | 00,695,901 | ---- | C] () -- C:\WINDOWS\System32\unins000.exe
[2009/12/21 00:00:11 | 00,033,240 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2009/12/20 23:59:59 | 00,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sothink Movie DVD Maker.lnk
[2009/12/20 23:59:19 | 20,817,952 | ---- | C] () -- C:\dvdmaker.zip
[2009/12/20 23:50:02 | 01,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2009/12/20 23:50:02 | 00,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2009/12/20 23:50:02 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2009/11/25 14:05:55 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\David\Application Data\setup_ldm.iss
[2009/10/23 01:01:43 | 00,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/10/23 01:01:42 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/10/03 18:38:50 | 00,000,426 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/08/03 14:07:42 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/04 10:20:16 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/03/24 19:24:30 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/16 14:38:14 | 00,043,520 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/15 23:57:55 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/15 22:54:03 | 00,047,034 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2008/02/15 14:13:04 | 04,372,922 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008/02/15 14:13:04 | 00,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008/02/15 14:13:04 | 00,791,742 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/02/15 14:13:04 | 00,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2008/02/15 14:13:04 | 00,683,520 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2008/02/15 14:13:04 | 00,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008/02/15 14:13:04 | 00,485,888 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2008/02/15 14:13:04 | 00,257,024 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2008/02/15 14:13:04 | 00,238,080 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2008/02/15 14:13:04 | 00,183,296 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2008/02/15 14:13:04 | 00,178,688 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2008/02/15 14:13:04 | 00,146,944 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2008/02/15 14:13:04 | 00,145,609 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2008/02/15 14:13:04 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008/02/15 14:13:04 | 00,142,848 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2008/02/15 14:13:04 | 00,113,152 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2008/02/15 14:13:04 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2008/02/15 14:13:04 | 00,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008/02/15 14:13:04 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/15 14:13:04 | 00,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2008/02/15 14:13:04 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/12/28 19:04:02 | 00,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007/12/28 19:04:00 | 00,246,784 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007/12/28 19:03:56 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007/12/28 19:03:48 | 00,163,840 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007/12/28 19:03:48 | 00,148,480 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007/12/28 19:03:46 | 00,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007/12/28 19:03:46 | 00,108,032 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007/12/28 19:03:40 | 00,120,832 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007/12/28 19:03:38 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007/12/28 19:03:34 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007/12/28 19:03:34 | 00,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007/12/11 17:34:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 17:33:14 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/12/11 17:33:14 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/06/28 13:54:10 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/30 09:30:30 | 00,010,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBTEDrv.sys
[2005/11/02 09:39:16 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\SDelete.dll
[2005/11/02 09:39:16 | 00,024,924 | ---- | C] () -- C:\WINDOWS\System32\openports.dll
[2005/10/20 17:58:52 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\vspxvfw.dll
[2005/09/01 09:20:46 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\vspxcore.dll
[2003/01/07 14:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/04/03 14:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/09/05 10:25:54 | 05,381,298 | ---- | M] (Samsung Electronics ) -- C:\20080305035413859_Samsung_USB_Driver_MCCI_4.34_WHQL_v3.4.exe
[2008/06/18 23:04:20 | 00,860,391 | ---- | M] () -- C:\7z457.exe
[2010/01/16 23:57:16 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\avg_free_stb_all_9_40_cnet.exe
[2009/12/20 23:41:55 | 00,128,416 | ---- | M] (Digital River) -- C:\avitodvd.exe
[2009/11/07 01:27:22 | 03,310,608 | ---- | M] (Piriform Ltd) -- C:\ccsetup225.exe
[2010/01/18 00:10:55 | 12,371,736 | ---- | M] (Sunbelt Software ) -- C:\counterspy.exe
[2009/11/30 02:53:32 | 01,460,010 | ---- | M] (DOSBox Team) -- C:\DOSBox0.73-win32-installer.exe
[2009/11/30 02:48:02 | 01,460,010 | ---- | M] () -- C:\DOSBox073win32installer.exe
[2009/11/02 15:00:45 | 03,889,824 | ---- | M] (Comcast Cable Communications, LLC ) -- C:\downloadable_install_wizard.exe
[2009/10/08 15:26:01 | 04,998,707 | ---- | M] () -- C:\flvplayer_setup.exe
[2010/01/17 20:28:19 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\HJTInstall.exe
[2009/10/03 18:38:10 | 28,554,176 | ---- | M] (Hewlett-Packard Company ) -- C:\hp_72_enu_net.exe
[2009/10/28 23:41:36 | 09,767,160 | ---- | M] (Acresso Software Inc.) -- C:\InstallWizard101.exe
[2009/12/01 16:04:58 | 01,663,656 | ---- | M] (Blizzard Entertainment) -- C:\InstallWoW.exe
[2010/01/17 22:01:17 | 69,672,352 | ---- | M] (Kaspersky Lab) -- C:\kav2010_9.0.0.736EN.exe
[2008/03/05 14:26:00 | 01,120,190 | ---- | M] (TestKing) -- C:\N10-003qaDEMO.exe
[2008/06/18 18:55:10 | 13,322,7519 | ---- | M] () -- C:\OOo_2.4.1_Win32Intel_install_wJRE_en-US.exe
[2010/01/17 20:05:07 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\spybotsd162.exe
[2008/05/22 19:59:07 | 00,085,182 | ---- | M] (NirSoft) -- C:\volumouse_setup.exe
[2009/11/03 21:23:54 | 05,697,032 | ---- | M] (CNN ) -- C:\wmvfirefoxpluginsetup-0.1.675.1923.exe


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/15 19:55:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/15 19:55:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/15 19:55:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/15 19:55:37 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:00:00 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\NVIDIA\nForceWinXP\9.53\IDE\WinXP\sata_ide\nvata.sys
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\drivers\nvata.sys
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/09/21 15:39:16 | 00,105,344 | ---- | M] (NVIDIA Corporation) MD5=DC1F9954B5EDDD147AF7E5C420BE7B93 -- C:\NVIDIA\nForceWinXP\9.53\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2009/06/30 17:31:00 | 00,164,896 | ---- | M] (NVIDIA Corporation) MD5=619D8943725402D1179941FD58574CC8 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sata_ide\nvgts.sys
[2009/06/30 17:31:18 | 00,164,896 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\NVIDIA\nForce\15.46\International\IDE\WinXP\sataraid\nvgts.sys
[2009/06/30 17:31:00 | 00,164,896 | ---- | M] (NVIDIA Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\nvgts.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\ERDNT\cache\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 20 bytes -> C:\Documents and Settings\David\Desktop\PAVARK.exe:License
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63CFD724
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:364682BC
< End of report >


Extra's

OTL Extras logfile created on: 1/19/2010 4:32:33 PM - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\David\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 43.68 Gb Free Space | 29.82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVE
Current User Name: David
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Steam\steamapps\common\sam and max episode 1\sammax101.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 1\sammax101.exe:*:Enabled:Sam and Max 101: Culture Shock -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 2\sammax102.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 2\sammax102.exe:*:Enabled:Sam and Max 102: Situation: Comedy -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 3\sammax103_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 3\sammax103_drm.exe:*:Enabled:Sam and Max 103: The Mole, the Mob and the Meatball -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\sammax104_drm.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 5\sammax105_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 5\sammax105_drm.exe:*:Enabled:Sam and Max 105: Reality 2.0 -- ()
"C:\Program Files\Steam\steamapps\common\sam and max episode 6\sammax106_drm.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 6\sammax106_drm.exe:*:Enabled:Sam and Max 106: Bright Side of the Moon -- ()
"C:\Program Files\Steam\steamapps\common\sherlock holmes the awakened\game.exe" = C:\Program Files\Steam\steamapps\common\sherlock holmes the awakened\game.exe:*:Enabled:Sherlock Holmes: The Awakened -- ()
"C:\Program Files\Steam\steamapps\common\the longest journey\game.exe" = C:\Program Files\Steam\steamapps\common\the longest journey\game.exe:*:Enabled:The Longest Journey -- (Funcom)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe" = C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{035E858B-2E6E-7AC7-16A9-41506F698D1E}" = Catalyst Control Center Graphics Full New
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java™ 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2F06D374-97CE-D8FB-9383-73150A2382DF}" = CCC Help English
"{2F93BFDD-EECE-924B-54ED-B0896F03D758}" = Catalyst Control Center Graphics Previews Common
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3F64C088-9A45-41B3-8B99-71AFAB720A56}" = Sherlock Holmes versus Jack the Ripper
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{4FA944D6-623E-EBBD-47D7-CE02A28C0796}" = Catalyst Control Center Graphics Light
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E4D4E0B-02F6-46C1-BAE5-1B6B2E486A7B}" = Microsoft Office Live Meeting 2007
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77654E99-F083-ED32-B326-118741828039}" = Catalyst Control Center Graphics Full Existing
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7ff90460-89b7-435b-b583-b37b2815ccc7}" = Python 3.1.1
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87CA98F3-0A13-77FE-A9F0-2AB1F28D741A}" = ccc-core-preinstall
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8BC74F-E17F-4D59-D098-2F90BB9AE9E0}" = Skins
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B5337F7-0444-5607-A397-909EFEFA7CFF}" = Catalyst Control Center Core Implementation
"{9C2DC81B-8114-37D9-A922-95E460A1FAFB}" = Microsoft Visual Basic 2008 Express Edition - ENU
"{A2FB1614-A6E0-4C41-96B9-20C4E07B8858}" = PrepLogic Exam 70-270
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B6A51892-D4A5-616B-4489-44B790179455}" = ccc-utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5F0348A-EE3A-4FBE-811F-30040AA2222E}" = Macrium Reflect
"{C98BBC25-490C-4F3F-81D8-5D12C11732DF}" = Panda Cloud Antivirus
"{CB20D3BC-6C7C-A9CA-D679-914240CDA0D3}" = ccc-core-static
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF294F4-6A80-463E-8F68-E4D3A80147A4}" = PS8400
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"7-Zip" = 7-Zip 4.57
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 6.1.0
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Episode 201 - Ice Station Santa" = Sam and Max - Season Two - Sam and Max Episode 201 - Ice Station Santa
"Episode 202 - Moai Better Blues" = Sam and Max - Season Two - Sam and Max Episode 202 - Moai Better Blues
"Episode 203 - Night of the Raving Dead" = Sam and Max - Season Two - Sam and Max Episode 203 - Night of the Raving Dead
"Episode 204 - Chariots of the Dogs" = Sam and Max - Season Two - Sam and Max Episode 204 - Chariots of the Dogs
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FLV Player" = FLV Player 2.0 (build 25)
"GCFScape_is1" = GCFScape 1.6.9
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mflGameDay_is1" = myfantasyleague.com Game Day 2009
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2008 Express Edition - ENU" = Microsoft Visual Basic 2008 Express Edition - ENU
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"RealPlayer 6.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 440" = Team Fortress 2
"Steam App 6310" = The Longest Journey
"Steam App 7250" = Sherlock Holmes: The Awakened
"Steam App 8200" = Sam and Max Episode 1
"Steam App 8210" = Sam and Max Episode 2
"Steam App 8220" = Sam and Max Episode 3
"Steam App 8230" = Sam and Max Episode 4
"Steam App 8240" = Sam and Max Episode 5
"Steam App 8250" = Sam and Max Episode 6
"Volumouse" = Volumouse
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/20/2009 1:29:26 AM | Computer Name = DAVE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/20/2009 1:29:27 AM | Computer Name = DAVE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/14/2009 2:22:38 AM | Computer Name = DAVE | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3593, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/22/2009 12:12:46 AM | Computer Name = DAVE | Source = Application Error | ID = 1000
Description = Faulting application idriver.exe, version 8.1.0.293, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 12/27/2009 4:23:19 AM | Computer Name = DAVE | Source = Application Error | ID = 1000
Description = Faulting application softwareupdate.exe, version 2.0.2.92, faulting
module scriptingobjectmodel.dll, version 2.1.1.116, fault address 0x00005476.

Error - 12/28/2009 5:06:12 PM | Computer Name = DAVE | Source = Application Error | ID = 1000
Description = Faulting application softwareupdate.exe, version 2.0.2.92, faulting
module scriptingobjectmodel.dll, version 2.1.1.116, fault address 0x00005476.

Error - 1/18/2010 4:15:02 AM | Computer Name = DAVE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/18/2010 5:26:13 AM | Computer Name = DAVE | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 1/19/2010 12:02:59 AM | Computer Name = DAVE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/19/2010 5:28:17 PM | Computer Name = DAVE | Source = Application Error | ID = 1000
Description = Faulting application spybotsd.exe, version 1.6.2.46, faulting module
spybotsd.exe, version 1.6.2.46, fault address 0x000049ee.

[ System Events ]
Error - 1/19/2010 3:58:29 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 4:33:27 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 4:33:34 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 4:57:37 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:00:16 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:03:19 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:04:04 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:04:09 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:04:43 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 1/19/2010 5:08:37 AM | Computer Name = DAVE | Source = ati2mtag | ID = 45062
Description = CRT invalid display type


< End of report >


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 19 January 2010 - 06:42 PM


Download Kenco.exe to your desktop
  • Close all windows and run the program
  • It wont take long to run. Post the log it gives you ( it will also be saved in the same place as Kenco.exe

===============


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 19 January 2010 - 07:10 PM

Kenco by jpshortstuff (31.12.09.1)
Log created at 19:07 on 19/01/2010 (David)

========== Task Unlocker ==========

========== KencoScan ==========

========== C:\WINDOWS\Tasks ==========
Ad-Aware Update (Daily 1).job -> [08:17 18/01/2010] 472 bytes
Ad-Aware Update (Daily 2).job -> [08:17 18/01/2010] 472 bytes
Ad-Aware Update (Daily 3).job -> [08:17 18/01/2010] 472 bytes
Ad-Aware Update (Daily 4).job -> [08:17 18/01/2010] 472 bytes
Ad-Aware Update (Weekly).job -> [08:17 18/01/2010] 472 bytes

-=E.O.F=-



GooredFix by jpshortstuff (08.01.10.1)
Log created at 19:08 on 19/01/2010 (David)
Firefox version 3.5.7 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [03:58 16/03/2008]
{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [15:27 23/03/2008]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [18:43 20/04/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [23:27 21/07/2008]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [15:25 08/09/2009]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [20:21 04/11/2009]

C:\Documents and Settings\David\Application Data\Mozilla\Firefox\Profiles\pryefgjd.default\extensions\
moveplayer@movenetworks.com [23:01 15/07/2008]
{20a82645-c095-46ed-80e3-08825760534b} [05:26 05/09/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [12:12 22/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [15:25 08/09/2009]

-=E.O.F=-



#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 20 January 2010 - 08:07 AM


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


====================


Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 20 January 2010 - 03:41 PM

Hi, Sam,
Sorry for the late reply, but, I sleep during the morning for the most part. Thanks again for your help.

ComboFix 10-01-19.08 - David 01/20/2010 15:23:11.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1449 [GMT -5:00]
Running from: c:\test\ComboFix.exe
AV: Panda Cloud Antivirus *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
.

((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 20:12 . 2010-01-20 20:12 -------- d-----w- c:\program files\Java
2010-01-20 20:00 . 2010-01-20 20:08 -------- d-----w- c:\documents and settings\David\.SunDownloadManager
2010-01-19 02:34 . 2010-01-19 02:34 -------- d-----w- c:\documents and settings\David\Application Data\Panda Security
2010-01-19 02:31 . 2010-01-19 02:31 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-01-19 02:31 . 2010-01-19 02:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-01-19 01:30 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-19 01:29 . 2010-01-19 02:31 -------- d-----w- c:\program files\Panda Security
2010-01-18 09:23 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 08:16 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 08:14 . 2010-01-18 08:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 08:14 . 2010-01-18 08:14 -------- d-----w- c:\program files\Lavasoft
2010-01-18 05:10 . 2010-01-18 05:10 12371736 ----a-w- C:\counterspy.exe
2010-01-18 03:06 . 2010-01-18 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-18 02:59 . 2010-01-18 03:01 69672352 ----a-w- C:\kav2010_9.0.0.736EN.exe
2010-01-18 01:28 . 2010-01-18 01:28 -------- d-----w- c:\program files\Trend Micro
2010-01-18 01:28 . 2010-01-18 01:28 812344 ----a-w- C:\HJTInstall.exe
2010-01-18 01:06 . 2010-01-18 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 01:06 . 2010-01-18 01:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 01:04 . 2010-01-18 01:05 16409960 ----a-w- C:\spybotsd162.exe
2010-01-17 05:05 . 2010-01-19 01:17 -------- d-----w- C:\$AVG
2010-01-17 05:03 . 2010-01-19 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-17 04:57 . 2010-01-17 04:57 891248 ----a-w- C:\avg_free_stb_all_9_40_cnet.exe
2010-01-13 07:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 22:02 . 2010-01-04 22:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-04 21:06 . 2010-01-04 21:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-01-01 10:29 . 2010-01-05 23:08 -------- d-----w- C:\DBM
2009-12-22 04:16 . 2009-12-22 04:17 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-22 04:15 . 2009-07-01 16:54 701440 ----a-w- c:\windows\system32\cohelper.dll
2009-12-22 04:15 . 2009-06-01 06:11 5876 ----a-w- c:\windows\system32\drivers\nvphy.bin
2009-12-22 04:15 . 2009-07-01 05:42 485920 ----a-w- c:\windows\system32\nvunrm.exe
2009-12-22 04:08 . 2009-12-22 04:08 -------- d-----w- C:\system drivers

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 20:21 . 2008-04-18 04:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 20:18 . 2010-01-20 20:17 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-01-20 20:17 . 2010-01-18 08:15 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2010-01-20 20:13 . 2008-03-23 15:27 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 20:13 . 2010-01-20 20:13 61440 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\decora-sse.dll
2010-01-20 20:13 . 2010-01-20 20:13 503808 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\msvcp71.dll
2010-01-20 20:13 . 2010-01-20 20:13 499712 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\jmc.dll
2010-01-20 20:13 . 2010-01-20 20:13 348160 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\msvcr71.dll
2010-01-20 20:13 . 2010-01-20 20:13 315392 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl.dll
2010-01-20 20:13 . 2010-01-20 20:13 20480 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl_awt.dll
2010-01-20 20:13 . 2010-01-20 20:13 12800 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\decora-d3d.dll
2010-01-20 20:13 . 2010-01-20 20:13 114688 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl_cg.dll
2010-01-20 20:13 . 2010-01-20 20:13 20480 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-365f1bab-n\gluegen-rt.dll
2010-01-20 20:12 . 2009-09-08 15:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 07:22 . 2008-03-16 02:58 -------- d-----w- c:\program files\World of Warcraft
2010-01-19 02:13 . 2008-04-19 20:27 -------- d-----w- c:\program files\Video Strip Poker
2010-01-18 08:16 . 2010-01-18 08:16 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-01-18 08:16 . 2010-01-18 08:16 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2010-01-18 08:16 . 2010-01-18 08:16 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2010-01-18 08:16 . 2010-01-18 08:16 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2010-01-18 08:16 . 2010-01-18 08:16 370744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2010-01-18 08:16 . 2010-01-18 08:16 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2010-01-18 08:15 . 2010-01-18 08:15 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2010-01-18 08:15 . 2010-01-18 08:15 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2010-01-18 08:15 . 2010-01-18 08:15 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2010-01-18 08:15 . 2010-01-18 08:15 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-01-18 08:15 . 2010-01-18 08:15 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2010-01-18 08:15 . 2010-01-18 08:15 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2010-01-18 04:38 . 2009-12-21 05:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-18 03:02 . 2008-03-27 04:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-17 05:03 . 2009-09-05 05:26 -------- d-----w- c:\program files\AVG
2010-01-16 09:27 . 2008-03-23 15:29 -------- d-----w- c:\documents and settings\David\Application Data\LimeWire
2010-01-16 08:16 . 2009-09-05 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 08:16 . 2009-10-11 03:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 21:52 . 2009-09-15 04:11 -------- d-----w- c:\program files\myfantasyleague
2010-01-07 21:07 . 2009-09-05 05:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-05 05:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-02 21:46 . 2010-01-02 21:46 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_ElfBowling7\IAF.dll
2010-01-01 20:19 . 2008-03-31 05:31 -------- d-----w- c:\program files\Apple Software Update
2009-12-22 01:52 . 2008-03-15 23:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 01:15 . 2008-03-16 14:03 -------- d-----w- c:\program files\Steam
2009-12-21 05:00 . 2009-12-21 05:00 33240 ----a-w- c:\windows\system32\unins000.dat
2009-12-21 05:00 . 2009-12-21 05:00 695901 ----a-w- c:\windows\system32\unins000.exe
2009-12-21 04:59 . 2009-12-21 04:59 -------- d-----w- c:\program files\Common Files\SourceTec
2009-12-21 04:59 . 2009-12-21 04:59 -------- d-----w- c:\program files\SourceTec
2009-12-21 04:59 . 2009-12-21 04:59 20817952 ----a-w- C:\dvdmaker.zip
2009-12-21 04:50 . 2009-12-21 04:42 -------- d-----w- c:\program files\Cucusoft
2009-12-21 04:42 . 2009-12-21 04:42 -------- d-----w- c:\program files\Common Files\Download Manager
2009-12-21 04:41 . 2009-12-21 04:41 128416 ----a-w- C:\avitodvd.exe
2009-12-07 14:10 . 2010-01-18 08:14 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-05 07:53 . 2008-03-16 04:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 07:41 . 2008-03-16 02:35 -------- d-----w- c:\program files\SpeedFan
2009-12-01 22:26 . 2009-12-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-01 21:58 . 2008-03-16 03:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-01 21:05 . 2009-12-01 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-12-01 21:04 . 2009-12-01 21:04 1663656 ----a-w- C:\InstallWoW.exe
2009-11-30 07:53 . 2009-11-30 07:53 -------- d-----w- c:\program files\DOSBox-0.73
2009-11-30 07:53 . 2009-11-30 07:53 1460010 ----a-w- C:\DOSBox0.73-win32-installer.exe
2009-11-30 07:48 . 2009-11-30 07:48 1460010 ----a-w- C:\DOSBox073win32installer.exe
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 23:23 . 2009-11-18 23:23 13737984 ----a-w- C:\python-3.1.1.msi
2009-11-07 06:27 . 2009-11-07 06:27 3310608 ----a-w- C:\ccsetup225.exe
2009-11-04 20:20 . 2009-11-04 20:20 152576 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 02:23 . 2009-11-04 02:23 5697032 ----a-w- C:\wmvfirefoxpluginsetup-0.1.675.1923.exe
2009-11-02 20:00 . 2009-11-02 20:00 3889824 ----a-w- C:\downloadable_install_wizard.exe
2009-10-30 21:18 . 2009-10-30 21:18 146952 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2009-10-29 07:46 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-29 04:41 . 2009-10-29 04:41 9767160 ----a-w- C:\InstallWizard101.exe
2009-10-23 06:01 . 2009-10-23 06:01 281504 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-23 06:01 . 2009-10-23 06:01 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2008-09-04 15:20 . 2008-09-04 15:20 0 ----a-w- c:\program files\temp01
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 14:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 14:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 14:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2008-04-29 30208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-4-28 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 14:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\David\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 22:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 04:54 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 04:54 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 04:54 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 17:10 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 07:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-02-01 03:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-11 09:25 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-09 23:17 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 17:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 1\\sammax101.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 2\\sammax102.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 3\\sammax103_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 5\\sammax105_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 6\\sammax106_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sherlock holmes the awakened\\game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the longest journey\\game.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/18/2010 3:16 AM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/18/2010 8:30 PM 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 8:32 AM 15328]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [10/13/2009 3:50 PM 114312]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [10/30/2009 5:29 PM 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [10/30/2009 4:18 PM 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [10/13/2009 3:50 PM 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [10/13/2009 3:50 PM 101512]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [6/2/2008 2:18 PM 216032]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 08:15]

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 08:15]

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 08:15]

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 08:15]

2010-01-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 08:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\pryefgjd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 15:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvgts.sys >>UNKNOWN [0x8A7BC8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb9dc0bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dcda21
SendHandler -> NDIS.sys @ 0xb9dab87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,f0,d5,0d,a3,67,3b,f9,60,9f,a8,3b,b9,31,45,e5,67,50,f5,c1,cf,5e,52,
75,cd,61,e0,89,28,06,09,f2,c7,b2,33,35,27,58,52,70,54,40,4c,c6,47,19,93,32,\
"??"=hex:a4,45,b7,4d,f9,1f,dd,01,b2,b6,11,b7,cf,da,75,62

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,17,af,bc,4d,91,21,df,a7,a1,ec,b2,a3,c9,10,77,73,b1,7f,ab,99,
f5,4f,b5,1c,32,74,5e,29,83,2e,7f,68,13,e6,69,0a,ac,fb,27,d7,06,2e,4b,84,8f,\
"rkeysecu"=hex:2d,0d,76,10,f6,93,7d,6f,ba,e2,fd,e3,bd,fe,7d,2a

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence"="01F0B9B-A54A-7221-4154-B912"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(864)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(920)
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

- - - - - - - > 'explorer.exe'(6812)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Volumouse\vlmshlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mmfinfo.dll
c:\windows\system32\mkunicode.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-20 15:38:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-20 20:38
ComboFix2.txt 2010-01-18 02:53
ComboFix3.txt 2010-01-17 06:18

Pre-Run: 46,799,228,928 bytes free
Post-Run: 46,800,187,392 bytes free

- - End Of File - - 533FADB061D5EF29E14B65F03AF6DF78


#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 21 January 2010 - 07:57 AM

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 21 January 2010 - 03:41 PM

No change I'm afraid sad.gif

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 22 January 2010 - 09:31 AM


Please update Malwarebytes and run a full scan.
  • Open Malwarebytes and select the Update tab.
  • Click on the Check for Updates button and allow the program to download the latest updates.
  • Once you have the latest updates, select the Scanner tab.
  • Select "Perform full scan" and click the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



======================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 22 January 2010 - 07:38 PM

Thanks again, Sam.

mbam log:
Malwarebytes' Anti-Malware 1.44
Database version: 3616
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

1/22/2010 4:21:14 PM
mbam-log-2010-01-22 (16-21-14).txt

Scan type: Full Scan (C:\|)
Objects scanned: 219450
Time elapsed: 48 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=51750a13a3cff04eaf7d817b0c090958
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-01-23 12:25:22
# local_time=2010-01-22 07:25:22 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=256 16777215 100 0 0 0 0 0
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774102 20 3 0 91808470 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103670
# found=0
# cleaned=0
# scan_time=4141



Doesn't look like either had much luck. Combofix does notify me that there's a root kit, but, nothing changes when it restarts and runs. Malwarebytes occasionnally finds things, do you want me to post some of the past logs?

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 24 January 2010 - 03:29 AM

Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop.

CODE
MBR::

Prior to running Combofix.exe you should disable your antivirus program.

Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.



This will start ComboFix again.
After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 24 January 2010 - 07:13 AM

I uninstalled my AV to make sure there was no conflicts. I'll reinstall it when I wake up. When I run combofix, it has me restart, does it's thing, and says something about two failiures (they go away too quick for me to tell and then the log comes up. Anyway, Here's the log:
ComboFix 10-01-23.05 - David 01/24/2010 6:55.7.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1507 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\cfscript.txt
.

((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-23 07:33 . 2010-01-23 07:33 54352 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-23 07:22 . 2010-01-23 07:22 -------- d-----w- c:\program files\iPod
2010-01-23 07:22 . 2010-01-23 07:23 -------- d-----w- c:\program files\iTunes
2010-01-23 07:22 . 2010-01-23 07:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-23 07:21 . 2010-01-23 07:21 -------- d-----w- c:\program files\Bonjour
2010-01-22 23:13 . 2010-01-22 23:13 -------- d-----w- c:\program files\ESET
2010-01-20 20:12 . 2010-01-20 20:12 -------- d-----w- c:\program files\Java
2010-01-20 20:00 . 2010-01-20 20:08 -------- d-----w- c:\documents and settings\David\.SunDownloadManager
2010-01-19 02:34 . 2010-01-19 02:34 -------- d-----w- c:\documents and settings\David\Application Data\Panda Security
2010-01-19 01:30 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-01-19 01:29 . 2010-01-19 02:31 -------- d-----w- c:\program files\Panda Security
2010-01-18 09:23 . 2009-12-02 13:19 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-18 08:16 . 2009-12-02 13:19 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-18 08:14 . 2010-01-18 08:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-18 08:14 . 2010-01-18 08:14 -------- d-----w- c:\program files\Lavasoft
2010-01-18 05:10 . 2010-01-18 05:10 12371736 ----a-w- C:\counterspy.exe
2010-01-18 03:06 . 2010-01-18 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-18 02:59 . 2010-01-18 03:01 69672352 ----a-w- C:\kav2010_9.0.0.736EN.exe
2010-01-18 01:28 . 2010-01-18 01:28 -------- d-----w- c:\program files\Trend Micro
2010-01-18 01:28 . 2010-01-18 01:28 812344 ----a-w- C:\HJTInstall.exe
2010-01-18 01:06 . 2010-01-18 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-18 01:06 . 2010-01-18 01:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-18 01:04 . 2010-01-18 01:05 16409960 ----a-w- C:\spybotsd162.exe
2010-01-17 05:05 . 2010-01-19 01:17 -------- d-----w- C:\$AVG
2010-01-17 05:03 . 2010-01-19 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-17 04:57 . 2010-01-17 04:57 891248 ----a-w- C:\avg_free_stb_all_9_40_cnet.exe
2010-01-13 07:57 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 22:02 . 2010-01-04 22:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-04 21:06 . 2010-01-04 21:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-02 21:46 . 2010-01-02 21:46 -------- d-----w- c:\documents and settings\All Users\Application Data\NeoEdge Networks
2010-01-01 10:29 . 2010-01-05 23:08 -------- d-----w- C:\DBM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-23 07:29 . 2008-03-31 05:32 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2010-01-23 07:23 . 2008-03-23 15:29 -------- d-----w- c:\documents and settings\David\Application Data\LimeWire
2010-01-23 07:22 . 2008-03-31 05:31 -------- d-----w- c:\program files\Common Files\Apple
2010-01-23 07:20 . 2008-03-31 05:31 -------- d-----w- c:\program files\QuickTime
2010-01-23 07:16 . 2010-01-23 07:16 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2010-01-21 08:16 . 2010-01-18 08:16 372280 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\UpdateManager.dll
2010-01-21 08:16 . 2010-01-20 20:17 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AutoLaunch.exe
2010-01-20 20:21 . 2008-04-18 04:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 20:17 . 2010-01-18 08:15 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2010-01-20 20:13 . 2008-03-23 15:27 -------- d-----w- c:\program files\Common Files\Java
2010-01-20 20:13 . 2010-01-20 20:13 61440 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\decora-sse.dll
2010-01-20 20:13 . 2010-01-20 20:13 503808 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\msvcp71.dll
2010-01-20 20:13 . 2010-01-20 20:13 499712 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\jmc.dll
2010-01-20 20:13 . 2010-01-20 20:13 348160 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\msvcr71.dll
2010-01-20 20:13 . 2010-01-20 20:13 315392 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl.dll
2010-01-20 20:13 . 2010-01-20 20:13 20480 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl_awt.dll
2010-01-20 20:13 . 2010-01-20 20:13 12800 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\759e98ee-72e20893-n\decora-d3d.dll
2010-01-20 20:13 . 2010-01-20 20:13 114688 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\62\6baea4fe-513f3739-n\jogl_cg.dll
2010-01-20 20:13 . 2010-01-20 20:13 20480 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\Deployment\SystemCache\6.0\45\4f710eed-365f1bab-n\gluegen-rt.dll
2010-01-20 20:12 . 2009-09-08 15:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 07:22 . 2008-03-16 02:58 -------- d-----w- c:\program files\World of Warcraft
2010-01-19 02:13 . 2008-04-19 20:27 -------- d-----w- c:\program files\Video Strip Poker
2010-01-18 08:16 . 2010-01-18 08:16 862040 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2010-01-18 08:16 . 2010-01-18 08:16 390288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2010-01-18 08:16 . 2010-01-18 08:16 206944 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2010-01-18 08:16 . 2010-01-18 08:16 537576 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\aawapi.dll
2010-01-18 08:16 . 2010-01-18 08:16 194104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Savapibridge.dll
2010-01-18 08:15 . 2010-01-18 08:15 6296864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2010-01-18 08:15 . 2010-01-18 08:15 933120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2010-01-18 08:15 . 2010-01-18 08:15 816272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2010-01-18 08:15 . 2010-01-18 08:15 1643272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2010-01-18 08:15 . 2010-01-18 08:15 788880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2010-01-18 08:15 . 2010-01-18 08:15 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2010-01-18 04:38 . 2009-12-21 05:00 -------- d-----w- c:\program files\AviSynth 2.5
2010-01-18 03:02 . 2008-03-27 04:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-17 05:03 . 2009-09-05 05:26 -------- d-----w- c:\program files\AVG
2010-01-16 08:16 . 2009-09-05 05:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 08:16 . 2009-10-11 03:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-09 21:52 . 2009-09-15 04:11 -------- d-----w- c:\program files\myfantasyleague
2010-01-07 21:07 . 2009-09-05 05:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-09-05 05:32 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-02 21:46 . 2010-01-02 21:46 1245321 ----a-w- c:\documents and settings\All Users\Application Data\NeoEdge Networks\Yahoo_ElfBowling7\IAF.dll
2010-01-01 20:19 . 2008-03-31 05:31 -------- d-----w- c:\program files\Apple Software Update
2009-12-22 04:17 . 2009-12-22 04:16 -------- d-----w- c:\program files\NVIDIA Corporation
2009-12-22 01:52 . 2008-03-15 23:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-22 01:15 . 2008-03-16 14:03 -------- d-----w- c:\program files\Steam
2009-12-21 05:00 . 2009-12-21 05:00 33240 ----a-w- c:\windows\system32\unins000.dat
2009-12-21 05:00 . 2009-12-21 05:00 695901 ----a-w- c:\windows\system32\unins000.exe
2009-12-21 04:59 . 2009-12-21 04:59 -------- d-----w- c:\program files\Common Files\SourceTec
2009-12-21 04:59 . 2009-12-21 04:59 -------- d-----w- c:\program files\SourceTec
2009-12-21 04:59 . 2009-12-21 04:59 20817952 ----a-w- C:\dvdmaker.zip
2009-12-21 04:50 . 2009-12-21 04:42 -------- d-----w- c:\program files\Cucusoft
2009-12-21 04:42 . 2009-12-21 04:42 -------- d-----w- c:\program files\Common Files\Download Manager
2009-12-21 04:41 . 2009-12-21 04:41 128416 ----a-w- C:\avitodvd.exe
2009-12-07 14:10 . 2010-01-18 08:14 2953352 -c--a-w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}\Ad-AwareInstallation.exe
2009-12-05 07:53 . 2008-03-16 04:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-05 07:41 . 2008-03-16 02:35 -------- d-----w- c:\program files\SpeedFan
2009-12-01 22:26 . 2009-12-01 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-01 21:58 . 2008-03-16 03:45 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-01 21:05 . 2009-12-01 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-12-01 21:04 . 2009-12-01 21:04 1663656 ----a-w- C:\InstallWoW.exe
2009-11-30 07:53 . 2009-11-30 07:53 -------- d-----w- c:\program files\DOSBox-0.73
2009-11-30 07:53 . 2009-11-30 07:53 1460010 ----a-w- C:\DOSBox0.73-win32-installer.exe
2009-11-30 07:48 . 2009-11-30 07:48 1460010 ----a-w- C:\DOSBox073win32installer.exe
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-18 23:23 . 2009-11-18 23:23 13737984 ----a-w- C:\python-3.1.1.msi
2009-11-07 06:27 . 2009-11-07 06:27 3310608 ----a-w- C:\ccsetup225.exe
2009-11-04 20:20 . 2009-11-04 20:20 152576 ----a-w- c:\documents and settings\David\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 02:23 . 2009-11-04 02:23 5697032 ----a-w- C:\wmvfirefoxpluginsetup-0.1.675.1923.exe
2009-11-02 20:00 . 2009-11-02 20:00 3889824 ----a-w- C:\downloadable_install_wizard.exe
2009-10-29 04:41 . 2009-10-29 04:41 9767160 ----a-w- C:\InstallWizard101.exe
2008-09-04 15:20 . 2008-09-04 15:20 0 ----a-w- c:\program files\temp01
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-01-18_02.48.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 13:05 . 2008-07-29 13:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 11:07 . 2008-07-29 11:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2010-01-24 12:03 . 2010-01-24 12:03 16384 c:\windows\Temp\Perflib_Perfdata_5a0.dat
- 2004-08-04 12:00 . 2009-10-29 07:46 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
- 2007-08-13 23:54 . 2009-10-29 07:46 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
+ 2007-08-13 23:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
- 2007-08-13 23:39 . 2009-10-28 14:36 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2009-10-28 14:36 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2009-10-29 07:46 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
+ 2010-01-23 07:18 . 2009-08-29 00:42 40448 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaapl.sys
+ 2010-01-23 07:18 . 2009-08-29 00:42 17408 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\netaapl.sys
+ 2010-01-18 08:16 . 2009-12-02 13:19 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2010-01-23 07:23 . 2009-05-18 19:17 26600 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspiWDM.sys
+ 2006-09-19 18:44 . 2009-05-18 19:17 26600 c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-12-12 16:11 . 2008-12-12 16:11 61440 c:\windows\system32\dnssd.dll
+ 2008-12-12 16:18 . 2008-12-12 16:18 87336 c:\windows\system32\dns-sd.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-03-16 00:21 . 2009-10-29 07:46 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2008-03-16 00:21 . 2009-10-28 14:36 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2008-03-16 00:21 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-04 12:00 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2009-02-20 18:09 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2009-02-20 18:09 . 2009-10-29 07:46 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-04 12:00 . 2009-10-28 14:36 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-03-16 00:21 . 2009-10-29 07:46 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-29 16:12 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2009-06-29 16:12 . 2009-10-29 07:46 17408 c:\windows\system32\dllcache\corpol.dll
- 2008-03-16 00:45 . 2008-05-16 01:07 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-16 00:45 . 2010-01-24 11:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-24 11:56 . 2010-01-24 11:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-23 07:21 . 2010-01-23 07:21 86016 c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-01-22 20:19 . 2009-10-28 14:36 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-01-22 20:19 . 2009-10-28 14:36 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 08:54 . 2008-07-29 08:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 102912 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 671232 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2009-10-29 07:46 459264 c:\windows\system32\msfeeds.dll
+ 2010-01-20 20:13 . 2010-01-20 20:12 153376 c:\windows\system32\javaws.exe
+ 2010-01-20 20:13 . 2010-01-20 20:12 145184 c:\windows\system32\javaw.exe
- 2009-11-04 20:21 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2010-01-20 20:13 . 2010-01-20 20:12 145184 c:\windows\system32\java.exe
- 2009-11-04 20:21 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
- 2007-08-13 23:34 . 2009-10-29 07:46 268288 c:\windows\system32\iertutil.dll
+ 2007-08-13 23:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2009-10-29 07:46 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-04 12:00 . 2009-10-28 06:52 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 153088 c:\windows\system32\ieakeng.dll
+ 2006-10-03 23:47 . 2008-04-17 18:12 107368 c:\windows\system32\GEARAspi.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 214528 c:\windows\system32\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
+ 2010-01-23 07:23 . 2008-04-17 18:12 107368 c:\windows\system32\DRVSTORE\GEARAspiWD_3B7AACF0636A2C042EB7AD2AFF76D37B27BDD28C\x86\GEARAspi.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 102912 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2008-03-16 00:21 . 2009-10-29 07:46 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-03-16 00:41 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-03-16 00:21 . 2009-10-29 07:46 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-03-16 00:21 . 2009-10-29 07:46 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2004-08-04 12:00 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2009-10-28 06:52 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 124928 c:\windows\system32\advpack.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
+ 2010-01-20 20:13 . 2010-01-20 20:13 178176 c:\windows\Installer\89eee2f.msi
+ 2010-01-20 20:12 . 2010-01-20 20:12 577536 c:\windows\Installer\89eee2a.msi
+ 2010-01-18 08:14 . 2010-01-18 08:14 236032 c:\windows\Installer\452a50.msi
+ 2010-01-23 07:18 . 2010-01-23 07:18 796672 c:\windows\Installer\2595137.msi
+ 2010-01-23 07:23 . 2010-01-23 07:23 102400 c:\windows\Installer\{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}\iTunesIco.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-01-22 20:19 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-01-22 20:19 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-01-22 20:19 . 2009-10-28 06:54 634632 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-01-22 20:19 . 2009-10-29 07:46 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-01-22 20:19 . 2007-08-13 23:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-01-22 20:19 . 2009-10-28 06:52 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 13:05 . 2008-07-29 13:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2009-10-29 07:46 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
+ 2010-01-23 07:18 . 2009-08-29 00:42 2065696 c:\windows\system32\DRVSTORE\usbaapl_6DA28B91FF48C57089E4D2436654AFA4ECAD0622\usbaaplrc.dll
+ 2010-01-23 07:18 . 2009-08-29 00:42 1417504 c:\windows\system32\DRVSTORE\netaapl_F433E854B3FF3BEE74986FDE8E16A64162342BFF\wdfcoinstaller01005.dll
- 2004-08-04 12:00 . 2009-10-29 07:46 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
- 2008-03-16 00:21 . 2009-10-29 07:46 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-03-16 00:21 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-18 08:14 . 2010-01-18 08:14 1874944 c:\windows\Installer\452a6f.msi
+ 2010-01-23 07:23 . 2010-01-23 07:23 4454912 c:\windows\Installer\2595569.msi
+ 2010-01-23 07:21 . 2010-01-23 07:21 1659392 c:\windows\Installer\25953de.msi
+ 2010-01-23 07:20 . 2010-01-23 07:20 9473024 c:\windows\Installer\25953d9.msi
+ 2010-01-23 07:18 . 2010-01-23 07:18 3310592 c:\windows\Installer\2595124.msi
+ 2010-01-22 20:19 . 2009-10-29 07:46 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-01-22 20:19 . 2009-10-29 07:46 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2010-01-20 04:21 . 2010-01-20 04:21 15710720 c:\windows\Installer\539034a.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"$Volumouse$"="c:\program files\Volumouse\volumouse.exe" [2008-04-29 30208]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-4-28 784912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 14:10 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\David\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 02:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 22:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 19:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 17:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2006-01-07 04:54 172032 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2006-01-07 04:54 659456 ----a-w- c:\windows\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
2006-01-07 04:54 49152 ----a-w- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-09-21 07:10 55824 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-01-31 02:54 16116224 ------r- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 02:04 2879488 ------r- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 17:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-11-11 09:25 1217808 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-04-09 23:17 185896 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 17:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneWlanCfgSvc"=3 (0x3)
"ZuneNetworkSvc"=3 (0x3)
"ZuneBusEnum"=2 (0x2)
"aawservice"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 1\\sammax101.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 2\\sammax102.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 3\\sammax103_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 5\\sammax105_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 6\\sammax106_drm.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sherlock holmes the awakened\\game.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\the longest journey\\game.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-enUS-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [1/18/2010 3:16 AM 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [1/18/2010 8:30 PM 28552]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 8:32 AM 15328]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 8:19 AM 1181328]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [6/2/2008 2:18 PM 216032]
S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:17]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:17]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:17]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:17]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 20:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
FF - ProfilePath - c:\documents and settings\David\Application Data\Mozilla\Firefox\Profiles\pryefgjd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 07:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvgts.sys >>UNKNOWN [0x8A6F58C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba10cf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> atapi.sys @ 0xb9f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
SecurityProcedure -> ntkrnlpa.exe @ 0x80583d4a
NDIS: NVIDIA nForce 10/100/1000 Mbps Ethernet -> SendCompleteHandler -> NDIS.sys @ 0xb9dc0bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dcda21
SendHandler -> NDIS.sys @ 0xb9dab87b
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e2,f0,d5,0d,a3,67,3b,f9,60,9f,a8,3b,b9,31,45,e5,67,50,f5,c1,cf,5e,52,
75,cd,61,e0,89,28,06,09,f2,c7,b2,33,35,27,58,52,70,54,40,4c,c6,47,19,93,32,\
"??"=hex:a4,45,b7,4d,f9,1f,dd,01,b2,b6,11,b7,cf,da,75,62

[HKEY_USERS\S-1-5-21-796845957-861567501-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:7c,17,af,bc,4d,91,21,df,a7,a1,ec,b2,a3,c9,10,77,73,b1,7f,ab,99,
f5,4f,b5,1c,32,74,5e,29,83,2e,7f,68,13,e6,69,0a,ac,fb,27,d7,06,2e,4b,84,8f,\
"rkeysecu"=hex:2d,0d,76,10,f6,93,7d,6f,ba,e2,fd,e3,bd,fe,7d,2a

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence"="01F0B9B-A54A-7221-4154-B912"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(796)
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll

- - - - - - - > 'explorer.exe'(6140)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Volumouse\vlmshlp.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-01-24 07:10:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-24 12:10
ComboFix2.txt 2010-01-24 11:44
ComboFix3.txt 2010-01-20 22:27
ComboFix4.txt 2010-01-20 20:38
ComboFix5.txt 2010-01-24 11:50

Pre-Run: 46,123,008,000 bytes free
Post-Run: 46,083,764,224 bytes free

- - End Of File - - BFC96B1A4CCEF1709A4F6811E4A444C6


#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:30 PM

Posted 25 January 2010 - 08:45 AM


We need to use the recovery console:

1. During Startup, select Recovery Console from the startup options menu.

2. If you have a dual-boot or multiple-boot computer, select the installation that you must access from the Recovery Console (1).

3. When you are prompted, type the Administrator password. If the administrator password is blank, just press ENTER.

That should bring you to C:\Windows prompt. Type following command:

FIXMBR

You may get a prompt that says:

This computer appears to have a non-standard or invalid master boot record. FIXMBR may damage your partition tables if you proceed. This could cause all the partitions on the current hard disk to become inaccessible. If you are not having problems accessing your drive, do not continue. Are you sure you want to write a new MBR?

Answer Y

After that, type exit to reboot back into normal mode.


===================



Please download mbr.exe and save it to your root directory, usually C:\ <- (Important!).
  • Go to Start > Run and type: cmd.exe
  • press Ok.
  • At the command prompt type: c:\mbr.exe -t >"C:\mbr.log"
  • press Enter.
  • A "DOS" box will open and quickly disappear. That is normal.
  • A log file named mbr.log will be created and saved to the root of the system drive (usually C:\).
  • Copy and paste the results of the mbr.log in your next reply.


Let me know how your computer is behaving after these steps.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 Techgeek07

Techgeek07
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:30 PM

Posted 25 January 2010 - 04:29 PM

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvgts.sys >>UNKNOWN [0x8A7BC8C8]<<
kernel: MBR read successfully
user & kernel MBR OK



I'm afraid there's been no change. Is it safe for me to rebuild my GRUB boot loader?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users