Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browsers hijacked?


  • This topic is locked This topic is locked
3 replies to this topic

#1 koekiemonster

koekiemonster

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:16 PM

Posted 20 January 2010 - 05:35 PM

On my computer I have IE, Firefox and Chrome installed, all of which show similar bad behavior lately.
When searching with either Google or Bing the results are sometimes redirected to all sorts of other sites.
They don't do it every time, but it's rather like flipping a coin as to whether or not they will show me the actual link or some random porn site.
As a bonus only IE has adopted the rather nasty habit of sometimes popping open a separate window with junk web sites, some of which trigger my Symantec Endpoint AV as those sites contain all sorts of nasties.
I've also seen popups with warnings that my computer is infected with a virus and a button to download some anti-virus software.

I have Windows XP SP3 which I update manually every week (I switched automatic updates off).
I've run Spybot S&D's startup scan, Symantec AV's scan Malware Byte's anti-malware's scan, CounterSpy's scan and Eset's online scan, none of which seem to detect anything wrong with my computer.
As I see on each thread in this forum requests for about a dozen types of logs I've included besides the Hijack This log also logs for GMER, OTL, DDS, Combofix and MBam.
I'm sure I'm gonna be asked for another one, but at least I've got the basics covered thumbup2.gif

Oh... one more thing, I think I know how I contracted this thing.
Somebody send me a WMV file which made Windows Media Player ask me to update certificates.... and clicking "yes" made me feel very stupid ever since.

Hijack This log:
___________________________________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:42:31, on 19-Jan-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
d:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\OO Software\Defrag\oodtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\reSizer\resizer.exe
D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
D:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\devldr32.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
d:\Program Files\OO Software\Defrag\oodag.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe
d:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
d:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
d:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [OODefragTray] d:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SBAMTray] D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
O4 - HKCU\..\Run: [resizer] D:\Program Files\reSizer\resizer.exe
O4 - HKCU\..\Run: [AdobeBridge] "D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
O4 - HKCU\..\Run: [EVEMon] "D:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - Startup: OpenOffice.org 3.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1262292439403
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1262292432153
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NMSAccessU - Unknown owner - d:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: O&O Defrag - O&O Software GmbH - d:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - d:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - d:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - d:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: Web Update Wizard Service V4 (WebUpdate4) - Data Perceptions / PowerProgrammer - C:\WINDOWS\system32\WebUpdateSvc4.exe

--
End of file - 8907 bytes


OTL Log:
____________________________________________________________________
OTL logfile created on: 19-Jan-10 16:02:28 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Koekiemonster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1,023.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 17.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): Z:\pagefile.sys 5500 5500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.75 Gb Total Space | 4.22 Gb Free Space | 33.08% Space Free | Partition Type: NTFS
Drive D: | 49.74 Gb Total Space | 14.41 Gb Free Space | 28.97% Space Free | Partition Type: NTFS
Drive E: | 37.28 Gb Total Space | 5.70 Gb Free Space | 15.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 37.28 Gb Total Space | 5.58 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 5.86 Gb Total Space | 0.46 Gb Free Space | 7.80% Space Free | Partition Type: NTFS

Computer Name: Koekiemonster
Current User Name: Koekiemonster
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010-01-19 16:00:31 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koekiemonster\Desktop\OTL.exe
PRC - [2010-01-15 03:45:58 | 00,396,288 | ---- | M] (Trend Micro Inc.) -- D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010-01-04 17:22:06 | 00,685,392 | ---- | M] (Sunbelt Software) -- D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010-01-04 17:02:10 | 01,012,080 | ---- | M] (Sunbelt Software) -- D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010-01-04 11:41:30 | 01,419,776 | ---- | M] (EVEMon Development Team) -- D:\Program Files\EVEMon\EVEMon.exe
PRC - [2009-12-09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009-10-11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009-09-12 00:34:12 | 01,488,128 | ---- | M] (O&O Software GmbH) -- d:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2009-09-12 00:34:00 | 02,524,416 | ---- | M] (O&O Software GmbH) -- D:\Program Files\OO Software\Defrag\oodtray.exe
PRC - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () -- d:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009-08-19 09:23:24 | 07,418,368 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009-08-19 09:23:22 | 07,424,000 | ---- | M] (OpenOffice.org) -- D:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009-08-13 18:08:00 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2009-08-13 03:32:00 | 00,262,416 | ---- | M] (Data Perceptions / PowerProgrammer) -- C:\WINDOWS\system32\WebUpdateSvc4.exe
PRC - [2009-08-12 13:11:01 | 08,318,056 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2009-05-12 22:12:36 | 02,440,632 | ---- | M] (Symantec Corporation) -- d:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009-05-12 20:55:30 | 01,443,144 | ---- | M] (Symantec Corporation) -- d:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009-05-12 20:55:28 | 01,803,592 | ---- | M] (Symantec Corporation) -- d:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009-03-17 00:25:56 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009-03-17 00:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009-03-08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008-08-28 18:34:14 | 13,145,448 | ---- | M] (Adobe Systems, Inc.) -- D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
PRC - [2008-06-11 21:43:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008-04-13 19:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006-11-08 17:00:34 | 00,188,416 | ---- | M] (zestant) -- D:\Program Files\reSizer\resizer.exe
PRC - [2005-07-19 17:32:18 | 00,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2001-08-17 14:36:42 | 00,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010-01-19 16:00:31 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koekiemonster\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010-01-04 17:02:10 | 01,012,080 | ---- | M] (Sunbelt Software) [Auto | Running] -- D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2009-12-10 19:54:56 | 00,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009-10-18 19:49:14 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009-10-11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009-09-12 00:34:12 | 01,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- d:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009-09-06 12:38:06 | 00,071,096 | ---- | M] () [Auto | Running] -- d:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009-08-13 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009-08-13 18:08:00 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009-08-13 03:32:00 | 00,262,416 | ---- | M] (Data Perceptions / PowerProgrammer) [Auto | Running] -- C:\WINDOWS\system32\WebUpdateSvc4.exe -- (WebUpdate4)
SRV - [2009-05-12 22:12:36 | 02,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- d:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009-05-12 20:55:28 | 01,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- d:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009-03-20 18:10:15 | 03,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009-03-17 00:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009-03-17 00:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009-02-01 21:43:02 | 00,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- d:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008-08-15 04:46:20 | 00,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/access/allinone.asp
IE - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/
IE - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\S-1-5-21-436374069-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: cfxHelper@Triton:0.9.9.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: cfxe@Triton:3.2.5
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20091031
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.87

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-07 19:26:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-01-12 10:38:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: d:\Program Files\Mozilla Thunderbird\components [2009-10-19 07:35:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: d:\Program Files\Mozilla Thunderbird\plugins

[2009-10-22 19:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Extensions
[2010-01-18 04:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions
[2010-01-13 19:03:23 | 00,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010-01-13 19:04:00 | 00,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010-01-13 19:03:58 | 00,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009-11-07 03:28:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\cfxe@Triton
[2009-11-07 03:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\cfxHelper@Triton
[2009-11-07 03:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\nasanightlaunch@example.com
[2010-01-13 19:03:52 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions

O1 HOSTS File: ([2010-01-12 09:28:40 | 00,371,817 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 12818 more lines...
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [OODefragTray] d:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SBAMTray] D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003..\Run: [AdobeBridge] D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003..\Run: [EVEMon] D:\Program Files\EVEMon\EVEMon.exe (EVEMon Development Team)
O4 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003..\Run: [resizer] D:\Program Files\reSizer\resizer.exe (zestant)
O4 - Startup: C:\Documents and Settings\Koekiemonster\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = D:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-436374069-1547161642-1801674531-1003\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1262292439403 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1262292432153 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Koekiemonster\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Koekiemonster\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-10-17 18:27:28 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009-10-16 19:47:43 | 00,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009-10-17 18:27:00 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17736316556935168)

========== Files/Folders - Created Within 14 Days ==========

[2010-01-19 16:00:21 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Koekiemonster\Desktop\OTL.exe
[2010-01-17 17:26:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Koekiemonster\Application Data\Malwarebytes
[2010-01-17 17:26:53 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-17 17:26:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010-01-17 17:26:50 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-17 17:22:41 | 05,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Koekiemonster\Desktop\mbam-setup.exe
[2010-01-17 17:21:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Koekiemonster\Desktop\LSPFIX
[2010-01-17 03:33:12 | 00,069,936 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010-01-17 03:33:12 | 00,013,360 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010-01-16 04:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010-01-15 18:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Koekiemonster\Application Data\Sunbelt
[2010-01-15 18:24:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010-01-15 03:41:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010-01-12 10:03:45 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Koekiemonster\Recent
[2009-12-12 19:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009-12-10 19:55:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009-10-17 20:03:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009-10-17 18:31:15 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009-10-17 18:31:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Koekiemonster\*.tmp files -> C:\Documents and Settings\Koekiemonster\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010-01-19 16:00:31 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Koekiemonster\Desktop\OTL.exe
[2010-01-19 16:00:01 | 00,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010-01-19 15:15:00 | 00,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1547161642-1801674531-1003UA.job
[2010-01-19 02:23:17 | 00,020,001 | ---- | M] () -- d:\My Documents\budget.ods
[2010-01-18 20:00:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010-01-18 19:15:01 | 00,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1547161642-1801674531-1003Core.job
[2010-01-18 16:17:39 | 00,007,873 | ---- | M] () -- C:\Documents and Settings\Koekiemonster\Desktop\Baby Names.odt
[2010-01-18 14:17:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-18 14:16:16 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-18 14:16:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-18 14:15:47 | 03,090,944 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010-01-18 03:45:20 | 06,815,744 | -H-- | M] () -- C:\Documents and Settings\Koekiemonster\NTUSER.DAT
[2010-01-18 03:44:58 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Koekiemonster\ntuser.ini
[2010-01-17 17:28:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5447.exe
[2010-01-17 17:26:56 | 00,000,570 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-17 17:22:33 | 05,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Koekiemonster\Desktop\mbam-setup.exe
[2010-01-17 17:08:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19895.exe
[2010-01-17 16:48:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19718.exe
[2010-01-17 16:28:23 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18716.exe
[2010-01-17 16:08:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\17421.exe
[2010-01-17 15:48:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\12382.exe
[2010-01-17 15:28:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\292.exe
[2010-01-17 15:08:21 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\153.exe
[2010-01-17 14:48:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\3902.exe
[2010-01-17 14:28:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\14604.exe
[2010-01-17 14:08:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\32391.exe
[2010-01-17 13:48:19 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5436.exe
[2010-01-17 13:28:18 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\4827.exe
[2010-01-17 13:08:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11942.exe
[2010-01-17 12:48:17 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010-01-17 12:28:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010-01-17 12:08:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010-01-17 11:48:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010-01-17 11:28:15 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010-01-17 11:08:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010-01-17 10:48:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010-01-17 10:28:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010-01-17 10:08:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010-01-17 09:48:12 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010-01-17 09:28:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010-01-17 09:08:11 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010-01-17 08:48:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010-01-17 08:28:10 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010-01-17 08:08:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010-01-17 07:48:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010-01-15 18:27:52 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010-01-15 07:59:55 | 00,128,413 | ---- | M] () -- d:\My Documents\_January Elementary Menu_PDF
[2010-01-15 03:45:59 | 00,000,816 | ---- | M] () -- C:\Documents and Settings\Koekiemonster\Desktop\HijackThis.lnk
[2010-01-15 03:26:13 | 00,000,383 | ---- | M] () -- C:\config.xml
[2010-01-15 03:10:32 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WorldWide Telescope.lnk
[2010-01-12 12:56:13 | 05,898,864 | -H-- | M] () -- C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\IconCache.db
[2010-01-12 10:04:52 | 00,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010-01-12 10:04:52 | 00,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010-01-12 10:04:52 | 00,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010-01-12 10:03:11 | 02,007,008 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010-01-12 09:29:53 | 00,000,662 | ---- | M] () -- C:\Documents and Settings\Koekiemonster\Desktop\CCleaner.lnk
[2010-01-12 09:28:40 | 00,371,817 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-12 09:27:24 | 00,371,817 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100112-092840.backup
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Koekiemonster\*.tmp files -> C:\Documents and Settings\Koekiemonster\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-17 17:28:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5447.exe
[2010-01-17 17:26:56 | 00,000,570 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010-01-17 17:08:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19895.exe
[2010-01-17 16:48:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19718.exe
[2010-01-17 16:28:23 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18716.exe
[2010-01-17 16:08:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\17421.exe
[2010-01-17 15:48:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\12382.exe
[2010-01-17 15:28:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\292.exe
[2010-01-17 15:08:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\153.exe
[2010-01-17 14:48:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\3902.exe
[2010-01-17 14:28:20 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\14604.exe
[2010-01-17 14:08:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\32391.exe
[2010-01-17 13:48:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5436.exe
[2010-01-17 13:28:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\4827.exe
[2010-01-17 13:08:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11942.exe
[2010-01-17 12:48:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010-01-17 12:28:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010-01-17 12:08:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010-01-17 11:48:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010-01-17 11:28:15 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010-01-17 11:08:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010-01-17 10:48:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010-01-17 10:28:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010-01-17 10:08:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010-01-17 09:48:12 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010-01-17 09:28:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010-01-17 09:08:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010-01-17 08:48:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010-01-17 08:28:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010-01-17 08:08:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010-01-17 07:48:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010-01-15 18:27:52 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010-01-15 07:59:51 | 00,128,413 | ---- | C] () -- d:\My Documents\_January Elementary Menu_PDF
[2010-01-15 03:45:58 | 00,000,816 | ---- | C] () -- C:\Documents and Settings\Koekiemonster\Desktop\HijackThis.lnk
[2010-01-12 15:21:22 | 00,007,873 | ---- | C] () -- C:\Documents and Settings\Koekiemonster\Desktop\Baby Names.odt
[2009-12-31 13:43:51 | 00,002,528 | ---- | C] () -- C:\Documents and Settings\Koekiemonster\Application Data\$_hpcst$.hpc
[2009-12-22 18:59:00 | 00,000,128 | ---- | C] () -- C:\WINDOWS\WebUpdateSvc4.INI
[2009-11-24 20:27:29 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\AVERM.dll
[2009-11-24 20:27:29 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2009-11-19 11:40:07 | 00,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009-11-19 11:40:06 | 01,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009-10-22 19:22:45 | 00,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009-10-20 15:26:42 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009-10-17 20:02:23 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009-10-17 20:02:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009-10-17 20:02:21 | 02,378,752 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2009-10-17 20:02:21 | 00,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009-10-17 20:02:21 | 00,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009-10-17 20:02:20 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009-10-17 20:02:19 | 00,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009-10-17 20:02:19 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009-10-17 19:03:09 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-03-03 11:18:04 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

========== LOP Check ==========

[2009-10-20 15:27:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009-10-18 02:18:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CCP
[2009-10-20 15:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Canneverbe_Limited
[2010-01-19 15:34:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\EVEMon
[2009-11-16 10:43:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\IrfanView
[2010-01-03 03:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Mp3tag
[2009-10-17 20:19:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\OpenOffice.org
[2009-10-17 19:52:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\SpeedProject
[2009-10-19 07:35:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Koekiemonster\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008-04-13 19:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008-04-13 19:51:44 | 20,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008-04-13 14:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008-04-13 14:10:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-13 19:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008-04-13 19:41:54 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-13 19:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008-04-13 19:42:02 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008-04-13 19:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008-04-13 19:42:06 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: VIAMRAID.SYS >
[2009-10-17 19:37:00 | 00,117,248 | R--- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\2K\viamraid.sys
[2009-10-17 19:37:00 | 00,117,248 | R--- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\drvdisk\x86\NT5\viamraid.sys
[2009-10-17 19:37:00 | 00,117,248 | R--- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\SRV2003\x86\viamraid.sys
[2009-10-17 19:37:01 | 00,117,248 | R--- | M] (VIA Technologies inc,.ltd) MD5=00046AA2E396EDC2238556E740A8E5AF -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\XP\x86\viamraid.sys
[2009-10-17 19:37:00 | 00,137,880 | R--- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\drvdisk\VISTA\x86\viamraid.sys
[2009-10-17 19:37:01 | 00,137,880 | R--- | M] (VIA Technologies Inc.,Ltd) MD5=0C619F1C0F1D0150C155C3CD7687DC87 -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\VISTA\x86\viamraid.sys
[2009-10-17 19:37:00 | 00,117,872 | R--- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\drvdisk\x86\NT4\viamraid.sys
[2009-10-17 19:37:00 | 00,117,872 | R--- | M] (VIA Technologies inc,.ltd) MD5=923C74DE7CB0B4E060B8748968F9A620 -- C:\Documents and Settings\Koekiemonster\Local Settings\Temp\Temporary Directory 1 for VIA_HyperionPro_V524A.zip\VIA_HyperionPro_V524A\VRAIDDrv\NT4\viamraid.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-03-08 03:31:44 | 00,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009-03-08 03:31:38 | 00,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2009-05-12 20:55:44 | 00,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009-10-28 23:45:34 | 00,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2008-04-13 19:42:02 | 01,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvbvm60.dll
[2009-05-12 20:56:20 | 00,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009-05-12 20:56:20 | 00,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

OTL Extra's Log:
________________________________________________________________________________________________
OTL Extras logfile created on: 19-Jan-10 16:02:28 - Run 1
OTL by OldTimer - Version 3.1.25.2 Folder = C:\Documents and Settings\Koekiemonster\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

1,023.00 Mb Total Physical Memory | 175.00 Mb Available Physical Memory | 17.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): Z:\pagefile.sys 5500 5500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.75 Gb Total Space | 4.22 Gb Free Space | 33.08% Space Free | Partition Type: NTFS
Drive D: | 49.74 Gb Total Space | 14.41 Gb Free Space | 28.97% Space Free | Partition Type: NTFS
Drive E: | 37.28 Gb Total Space | 5.70 Gb Free Space | 15.29% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 37.28 Gb Total Space | 5.58 Gb Free Space | 14.98% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 5.86 Gb Total Space | 0.46 Gb Free Space | 7.80% Space Free | Partition Type: NTFS

Computer Name: Koekiemonster-PC
Current User Name: Koekiemonster
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-436374069-1547161642-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\games\EVE\bin\ExeFile.exe" = D:\games\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = D:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = D:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\games\Eve Test Server\bin\ExeFile.exe" = D:\games\Eve Test Server\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"D:\Program Files\Meade\AutostarSuite\AutostarSuite.exe" = D:\Program Files\Meade\AutostarSuite\AutostarSuite.exe:*:Enabled:AutostarSuite -- File not found
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{03783DC3-7BEC-4AF4-914D-E805111E19F3}" = MioTransfer
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 17
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6D9C3D0A-4240-4A9A-9602-1FF431B2B85D}" = CounterSpy
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Franšais, Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1D7A71E-5F96-4BEC-8F90-0FBEF10C1541}" = Microsoft WorldWide Telescope
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"Digital Guitar Tuner 2.3_is1" = Digital Guitar Tuner 2.3
"EndItAll_is1" = EndItAll 2.0
"EVEMon" = EVEMon
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"IrfanView" = IrfanView (remove only)
"iSpellWell_is1" = iSpellWell version 2001.1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.2.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"Mp3tag" = Mp3tag v2.45a
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"PowerISO" = PowerISO
"QcDrv" = Logitech« Camera Driver
"reSizer_is1" = reSizer v0.78
"Software Update Wizard (Redist)" = Software Update Wizard (Redist) 4.5
"SpeedCommander 12" = SpeedCommander 12
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"Ultra Video Splitter_is1" = Ultra Video Splitter 5.1.0713
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-436374069-1547161642-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15-Jan-10 09:19:15 | Computer Name = Koekiemonster-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan Horse in File: d:\TMP\DWH3B99.tmp by: Startup
scan. Action: Quarantine succeeded. Action Description: The file was quarantined
successfully.

Error - 15-Jan-10 09:19:16 | Computer Name = Koekiemonster-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Pidief.G in File: d:\TMP\DWH5792.tmp by:
Startup scan. Action: Quarantine succeeded. Action Description: The file was
quarantined successfully.

Error - 15-Jan-10 22:06:18 | Computer Name = Koekiemonster-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 15-Jan-10 22:06:19 | Computer Name = Koekiemonster-PC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3642, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-Jan-10 00:48:10 | Computer Name = Koekiemonster-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Tracking Cookie in File: Unavailable by: Startup
scan. Action: Quarantine failed : Leave Alone failed. Action Description: The
file was deleted successfully.

Error - 16-Jan-10 07:23:44 | Computer Name = Koekiemonster-PC | Source = Application Hang | ID = 1002
Description = Hanging application BHODemon.exe, version 2.0.0.23, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 16-Jan-10 07:47:40 | Computer Name = Koekiemonster-PC | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 16-Jan-10 22:27:35 | Computer Name = Koekiemonster-PC | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.1.3642, faulting module
unknown, version 0.0.0.0, fault address 0x0a0d0d2e.

Error - 17-Jan-10 22:54:10 | Computer Name = Koekiemonster-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!JS.SecurityToolFraud.B in File: C:\Documents and
Settings\Koekiemonster\Local Settings\Temporary Internet Files\Content.IE5\DENSB4FZ\security1[1].htm
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

Error - 19-Jan-10 19:42:25 | Computer Name = Koekiemonster-PC | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!JS.SecurityToolFraud.B in File: C:\Documents and
Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_000124
by: Auto-Protect scan. Action: Quarantine succeeded : Access denied. Action Description:
The file was quarantined successfully.

[ System Events ]
Error - 18-Nov-09 12:18:38 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 18-Nov-09 12:18:38 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 19-Nov-09 15:44:57 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 19-Nov-09 15:44:57 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 19-Nov-09 15:50:20 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.

Error - 19-Nov-09 15:50:20 | Computer Name = Koekiemonster-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume D:.


< End of report >

DDS Log:
______________________________________________________________

DDS (Ver_09-12-01.01) - NTFSx86
Run by Koekiemonster at 9:43:08.71 on 20-Jan-10
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.151 [GMT -8:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
d:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\OO Software\Defrag\oodtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\reSizer\resizer.exe
D:\Program Files\Adobe\Adobe Bridge CS4\Bridge.exe
C:\WINDOWS\system32\devldr32.exe
D:\Program Files\EVEMon\EVEMon.exe
D:\Program Files\SpeedCommander\SpeedCommander.exe
d:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\OpenOffice.org 3\program\soffice.exe
D:\Program Files\OpenOffice.org 3\program\soffice.bin
d:\Program Files\OO Software\Defrag\oodag.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
d:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\WebUpdateSvc4.exe
D:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
d:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Koekiemonster\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Koekiemonster\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - d:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - d:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
uRun: [resizer] d:\program files\resizer\resizer.exe
uRun: [AdobeBridge] "d:\program files\adobe\adobe bridge cs4\Bridge.exe" -stealth
uRun: [EVEMon] "d:\program files\evemon\EVEMon.exe" -startMinimized
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "d:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "d:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [OODefragTray] d:\program files\oo software\defrag\oodtray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SBAMTray] d:\program files\sunbelt software\counterspy\SBAMTray.exe
StartupFolder: c:\docume~1\Koekiemonster\startm~1\programs\startup\openof~1.lnk - d:\program files\openoffice.org 3\program\quickstart.exe
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262292439403
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262292432153
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\Koekiemonster\applic~1\mozilla\firefox\profiles\5ur54zfb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\documents and settings\Koekiemonster\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\adobe\acrobat 9.0\acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2009-10-17 233984]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-1-17 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-10-13 95024]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 SBAMSvc;CounterSpy Antispyware;d:\program files\sunbelt software\counterspy\SBAMSvc.exe [2010-1-4 1012080]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-1-17 69936]
R2 Symantec AntiVirus;Symantec Endpoint Protection;d:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-12 2440632]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2009-1-8 262416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-27 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100118.032\NAVENG.SYS [2010-1-18 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100118.032\NAVEX15.SYS [2010-1-18 1323568]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 pbfilter;pbfilter;\??\d:\program files\peerblock\pbfilter.sys --> d:\program files\peerblock\pbfilter.sys [?]

=============== Created Last 30 ================

2010-01-20 17:42:31 0 d--h--w- c:\windows\PIF
2010-01-18 01:28:24 0 ----a-w- c:\windows\system32\5447.exe
2010-01-18 01:26:59 0 d-----w- c:\docume~1\Koekiemonster\applic~1\Malwarebytes
2010-01-18 01:26:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 01:26:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-18 01:26:50 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 01:08:24 0 ----a-w- c:\windows\system32\19895.exe
2010-01-18 00:48:23 0 ----a-w- c:\windows\system32\19718.exe
2010-01-18 00:28:23 0 ----a-w- c:\windows\system32\18716.exe
2010-01-18 00:08:22 0 ----a-w- c:\windows\system32\17421.exe
2010-01-17 23:48:22 0 ----a-w- c:\windows\system32\12382.exe
2010-01-17 23:28:21 0 ----a-w- c:\windows\system32\292.exe
2010-01-17 23:08:21 0 ----a-w- c:\windows\system32\153.exe
2010-01-17 22:48:20 0 ----a-w- c:\windows\system32\3902.exe
2010-01-17 22:28:20 0 ----a-w- c:\windows\system32\14604.exe
2010-01-17 22:08:19 0 ----a-w- c:\windows\system32\32391.exe
2010-01-17 21:48:19 0 ----a-w- c:\windows\system32\5436.exe
2010-01-17 21:28:18 0 ----a-w- c:\windows\system32\4827.exe
2010-01-17 21:08:17 0 ----a-w- c:\windows\system32\11942.exe
2010-01-17 20:48:17 0 ----a-w- c:\windows\system32\2995.exe
2010-01-17 20:28:16 0 ----a-w- c:\windows\system32\491.exe
2010-01-17 20:08:16 0 ----a-w- c:\windows\system32\9961.exe
2010-01-17 19:48:15 0 ----a-w- c:\windows\system32\16827.exe
2010-01-17 19:28:15 0 ----a-w- c:\windows\system32\23281.exe
2010-01-17 19:08:14 0 ----a-w- c:\windows\system32\28145.exe
2010-01-17 18:48:14 0 ----a-w- c:\windows\system32\5705.exe
2010-01-17 18:28:13 0 ----a-w- c:\windows\system32\24464.exe
2010-01-17 18:08:13 0 ----a-w- c:\windows\system32\26962.exe
2010-01-17 17:48:12 0 ----a-w- c:\windows\system32\29358.exe
2010-01-17 17:28:11 0 ----a-w- c:\windows\system32\11478.exe
2010-01-17 17:08:11 0 ----a-w- c:\windows\system32\15724.exe
2010-01-17 16:48:10 0 ----a-w- c:\windows\system32\19169.exe
2010-01-17 16:28:10 0 ----a-w- c:\windows\system32\26500.exe
2010-01-17 16:08:09 0 ----a-w- c:\windows\system32\6334.exe
2010-01-17 15:48:09 0 ----a-w- c:\windows\system32\18467.exe
2010-01-17 11:33:12 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-17 11:33:12 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-16 02:31:39 35 ----a-w- c:\documents and settings\Koekiemonster\t1ResP.tmp
2010-01-16 02:25:01 0 d-----w- c:\docume~1\Koekiemonster\applic~1\Sunbelt
2010-01-16 02:24:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Sunbelt
2010-01-15 18:20:14 35 ----a-w- c:\windows\system32\t1ResP.tmp
2010-01-15 11:41:21 0 d-----w- c:\windows\pss
2010-01-05 01:02:22 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-03 11:32:39 0 d-----w- c:\docume~1\Koekiemonster\applic~1\Mp3tag
2010-01-01 01:10:37 0 d-sh--w- c:\windows\ftpcache
2009-12-31 21:33:02 0 d-----w- c:\program files\MioTransfer
2009-12-31 21:19:17 0 d-----w- C:\TMP
2009-12-31 20:49:07 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-12-31 20:10:43 28672 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-12-31 20:10:43 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-12-24 01:02:14 383 ----a-w- C:\config.xml
2009-12-23 03:00:25 895 ----a-w- C:\mySKYUpdate.lnk
2009-12-23 03:00:24 744 ----a-w- C:\ASU Autostar suite.lnk
2009-12-23 03:00:24 0 d-----w- C:\Meade
2009-12-23 03:00:18 494 ----a-w- c:\windows\system32\WebUpdateSvc4.LIC
2009-12-23 02:59:00 128 ----a-w- c:\windows\WebUpdateSvc4.INI
2009-12-23 02:48:22 48652 ----a-w- c:\windows\system32\wuwuninst.exe
2009-12-23 02:34:36 368912 ----a-w- c:\windows\system32\vbar332.dll
2009-12-23 02:34:36 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2009-12-23 02:34:35 1066176 ----a-w- c:\windows\system32\MSCOMCTL.OCX

==================== Find3M ====================

2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 9:44:57.85 ===============

DDS Attach Log:
_______________________________________________________________

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17-Oct-09 19:29:58
System Uptime: 19-Jan-10 17:57:26 (16 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | K8M800-8237
Processor: AMD Sempron™ Processor 2600+ | Socket 754 | 1607/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 13 GiB total, 4.126 GiB free.
D: is FIXED (NTFS) - 50 GiB total, 14.433 GiB free.
E: is FIXED (NTFS) - 37 GiB total, 5.701 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 37 GiB total, 5.584 GiB free.
Z: is FIXED (NTFS) - 6 GiB total, 0.457 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP104: 12-Jan-10 08:56:26 - Removed Microsoft ActiveSync
RP105: 12-Jan-10 09:20:16 - Removed Meade LPI
RP106: 12-Jan-10 09:50:16 - Software Distribution Service 3.0
RP107: 12-Jan-10 10:38:25 - Installed Java™ 6 Update 17
RP108: 13-Jan-10 15:09:55 - System Checkpoint
RP109: 14-Jan-10 17:28:06 - System Checkpoint
RP110: 15-Jan-10 18:24:50 - Installed CounterSpy.
RP111: 15-Jan-10 18:27:28 - Removed CounterSpy.
RP112: 15-Jan-10 18:27:47 - Installed CounterSpy.
RP113: 16-Jan-10 18:45:13 - System Checkpoint
RP114: 18-Jan-10 02:11:43 - System Checkpoint
RP115: 19-Jan-10 04:38:09 - System Checkpoint
RP116: 19-Jan-10 16:03:03 - OTL Restore Point

==== Installed Programs ======================

Adobe Acrobat 9 Pro - English, Franšais, Deutsch
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Contribute CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe MotionPicture Color Files CS4
Adobe OnLocation CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
ATI - Software Uninstall Utility
ATI Display Driver
Boilsoft Video Splitter 5.16
CCleaner
CDBurnerXP
Celestia 1.6.0
Connect
CounterSpy
Digital Guitar Tuner 2.3
EndItAll 2.0
EVEMon
GOM Player
Google Chrome
Google Earth
Google Update Helper
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
IrfanView (remove only)
iSpellWell version 2001.1
Java™ 6 Update 17
K-Lite Mega Codec Pack 5.2.0
kuler
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 3.3 (Symantec Corporation)
Logitech QuickCam Software
Logitech« Camera Driver
Malwarebytes' Anti-Malware
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft WorldWide Telescope
MioTransfer
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
Mp3tag v2.45a
MSVCRT
MSXML 6.0 Parser
O&O Defrag Professional
OpenOffice.org 3.1
PDF Settings CS4
Photoshop Camera Raw
Pixel Bender Toolkit
Platform
PowerISO
reSizer v0.78
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Software Update Wizard (Redist) 4.5
SpeedCommander 12
Spybot - Search & Destroy
Suite Shared Configuration CS4
Symantec Endpoint Protection
Ultra Video Splitter 5.1.0713
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Platform Device Manager
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11

==== Event Viewer Messages From Past Week ========

19-Jan-10 19:17:52, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
19-Jan-10 19:17:52, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19-Jan-10 19:17:51, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
18-Jan-10 01:55:17, error: Dhcp [1002] - The IP address lease 10.0.0.2 for the Network Card with network address 000FEAD39065 has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
17-Jan-10 17:42:16, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ViaIde
17-Jan-10 17:41:17, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
15-Jan-10 18:01:10, error: Service Control Manager [7034] - The NMSAccessU service terminated unexpectedly. It has done this 1 time(s).
15-Jan-10 18:01:07, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
15-Jan-10 10:12:58, error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
15-Jan-10 10:12:58, error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
15-Jan-10 10:07:58, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Symantec Management Client service to connect.
15-Jan-10 10:07:58, error: Service Control Manager [7000] - The Symantec Management Client service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15-Jan-10 10:07:57, error: Service Control Manager [7031] - The Symantec Management Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
15-Jan-10 10:07:57, error: Service Control Manager [7031] - The Symantec Endpoint Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
14-Jan-10 17:12:04, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer.
14-Jan-10 17:08:16, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
14-Jan-10 17:08:16, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
13-Jan-10 11:42:04, error: Service Control Manager [7034] - The Web Update Wizard Service V4 service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

GMER Log:
_____________________________________________________________________
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-20 10:42:31
Windows 5.1.2600 Service Pack 3
Running: gvkrvwhe.exe; Driver: d:\tmp\uwdcqkow.sys


---- System - GMER 1.0.15 ----

SSDT 862C3908 ZwAlertResumeThread
SSDT 862CE758 ZwAlertThread
SSDT 864C5008 ZwAllocateVirtualMemory
SSDT 8630B9F0 ZwConnectPort
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0xA78E94D0]
SSDT 86268D70 ZwCreateMutant
SSDT 863694E0 ZwCreateThread
SSDT 8673A528 ZwFreeVirtualMemory
SSDT 862B9DC0 ZwImpersonateAnonymousToken
SSDT 862C2008 ZwImpersonateThread
SSDT 86355B50 ZwMapViewOfSection
SSDT 862B81E8 ZwOpenEvent
SSDT 862DFA88 ZwOpenProcessToken
SSDT 85AB4710 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF7791840]
SSDT 862EB298 ZwResumeThread
SSDT 862DC2C8 ZwSetContextThread
SSDT 862DFB10 ZwSetInformationProcess
SSDT 8673AE78 ZwSetInformationThread
SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0xA78E9520]
SSDT 862B3528 ZwSuspendProcess
SSDT 862D5B58 ZwSuspendThread
SSDT 862EADB8 ZwTerminateProcess
SSDT 862DB760 ZwTerminateThread
SSDT 862DF9B0 ZwUnmapViewOfSection
SSDT 85D057A0 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 252C 80501D64 4 Bytes CALL CAD648EA
.text ntkrnlpa.exe!ZwCallbackReturn + 2769 80501FA1 7 Bytes [AD, 2E, 86, 60, B7, 2D, 86]
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5F1E000, 0x238E77, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1168] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0098000A

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG12.00.00.01PROFESSIONAL 691F5E390A3F788A0ADF328DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34525D575E7D6A3B9808C038D530D6EB34520ABAE159A38F14E948A696798F4C960D75B339AA458CFEF4704D5C37DC1C26E8833759ABF93863BB29AF69F8DCD43856E85E59ED073502124096C4F76BD7486B2165E8B3B1298BF7F673FDDC0A932F37C538A7778D50702E50F274D8B114EC505784EC7E4B0A34C3E00AAF2D9F947663134B216B886D36A71F84A9BE28890FC5BEEB854A25D40BB7B61C21A685388B81FBB889238BF24252D27E68402AC1AEEB9485960A07DB3F63F067B63A8C35702DCEB3E42D0F1B8576B12AF627791CCFD7B94C48E619C0864828C0980CE51229747F03FECA6BF2F651A8E1E0F1BACB7A1233D1063A697C1ADC9A0DB5F328ACBF5A2402E47162DD92124798F45274D5B999AA3D0296E8DAB50A2AC5BE00CD3643D5781FE94A188F56DCC0CF473114969D5DEAC5ADBCEC7B99305C7A28EFB4B1C453D95F24341192C4C9ED222F276BBCB94366BAC3A52FD00C9E5CCCAB379F7AD8B04CD8EC3FBBC564644B3A46822C4AA4A4B2FB3EFBCCA5541DF573C500353B9AC077B6623164D9402CF6D8EBC7F017FBCD87FDDEA04792BFE41CB739267FF526CBA5B76784C1D3E617355344AB35CC5D80C04C2A2

---- EOF - GMER 1.0.15 ----

Combofix Log:
________________________________________________________________
ComboFix 10-01-19.08 - Koekiemonster 20-Jan-10 11:02:34.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.472 [GMT -8:00]
Running from: c:\documents and settings\Koekiemonster\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\11478.exe
c:\windows\system32\11942.exe
c:\windows\system32\12382.exe
c:\windows\system32\14604.exe
c:\windows\system32\153.exe
c:\windows\system32\15724.exe
c:\windows\system32\16827.exe
c:\windows\system32\17421.exe
c:\windows\system32\18467.exe
c:\windows\system32\18716.exe
c:\windows\system32\19169.exe
c:\windows\system32\19718.exe
c:\windows\system32\19895.exe
c:\windows\system32\23281.exe
c:\windows\system32\24464.exe
c:\windows\system32\26500.exe
c:\windows\system32\26962.exe
c:\windows\system32\28145.exe
c:\windows\system32\292.exe
c:\windows\system32\29358.exe
c:\windows\system32\2995.exe
c:\windows\system32\32391.exe
c:\windows\system32\3902.exe
c:\windows\system32\4827.exe
c:\windows\system32\491.exe
c:\windows\system32\5436.exe
c:\windows\system32\5447.exe
c:\windows\system32\5705.exe
c:\windows\system32\6334.exe
c:\windows\system32\9961.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 17:42 . 2010-01-20 17:42 -------- d--h--w- c:\windows\PIF
2010-01-18 01:26 . 2010-01-18 01:26 -------- d-----w- c:\documents and settings\Koekiemonster\Application Data\Malwarebytes
2010-01-18 01:26 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 01:26 . 2010-01-18 01:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-18 01:26 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-18 01:14 . 2010-01-18 01:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\IECompatCache
2010-01-18 01:14 . 2010-01-18 01:14 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2010-01-17 11:33 . 2009-08-11 03:06 69936 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-01-17 11:33 . 2009-05-14 00:30 13360 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-01-16 02:25 . 2010-01-16 02:25 -------- d-----w- c:\documents and settings\Koekiemonster\Application Data\Sunbelt
2010-01-16 02:24 . 2010-01-16 02:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-01-14 20:19 . 2010-01-14 20:19 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-12 18:37 . 2010-01-12 18:37 152576 ----a-w- c:\documents and settings\Koekiemonster\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-12 18:37 . 2010-01-12 18:37 79488 ----a-w- c:\documents and settings\Koekiemonster\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-05 01:02 . 2010-01-05 01:02 27984 ----a-w- c:\windows\system32\sbbd.exe
2010-01-03 11:32 . 2010-01-03 11:55 -------- d-----w- c:\documents and settings\Koekiemonster\Application Data\Mp3tag
2010-01-01 01:10 . 2010-01-01 01:10 -------- d-sh--w- c:\windows\ftpcache
2009-12-31 21:33 . 2009-12-31 21:53 -------- d-----w- c:\program files\MioTransfer
2009-12-31 21:19 . 2009-12-31 21:19 -------- d-----w- C:\TMP
2009-12-31 20:10 . 2006-11-07 02:04 28672 -c--a-w- c:\windows\system32\dllcache\wceusbsh.sys
2009-12-31 20:10 . 2006-11-07 02:04 28672 ----a-w- c:\windows\system32\drivers\wceusbsh.sys
2009-12-24 01:02 . 2009-12-24 01:02 -------- d-----w- c:\documents and settings\Koekiemonster\Local Settings\Application Data\Microsoft_Research
2009-12-23 03:00 . 2009-12-23 03:00 -------- d-----w- C:\Meade
2009-12-23 02:48 . 2009-12-23 03:00 48652 ----a-w- c:\windows\system32\wuwuninst.exe
2009-12-23 02:42 . 2009-12-23 02:42 -------- d-----w- c:\program files\Microsoft.NET
2009-12-23 02:34 . 1998-04-24 08:00 368912 ----a-w- c:\windows\system32\vbar332.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 18:46 . 2009-11-02 01:37 -------- d-----w- c:\documents and settings\Koekiemonster\Application Data\EVEMon
2010-01-18 23:52 . 2009-10-18 04:20 1 ----a-w- c:\documents and settings\Koekiemonster\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 11:23 . 2010-01-16 02:31 35 ----a-w- c:\documents and settings\Koekiemonster\t1ResP.tmp
2010-01-15 18:20 . 2010-01-15 18:20 35 ----a-w- c:\windows\system32\t1ResP.tmp
2010-01-12 19:22 . 2009-12-12 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-12 18:38 . 2009-10-18 04:11 -------- d-----w- c:\program files\Java
2010-01-12 18:02 . 2009-10-22 18:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-12 17:20 . 2009-10-18 03:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-21 13:02 . 2009-12-11 03:55 -------- d-----w- c:\program files\Google
2009-12-16 23:37 . 2009-12-16 23:37 -------- d-----w- c:\documents and settings\All Users\Application Data\GRETECH
2009-12-16 23:37 . 2009-12-16 23:37 -------- d-----w- c:\documents and settings\Koekiemonster\Application Data\GRETECH
2009-11-21 15:51 . 2008-04-14 03:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 07:45 . 2008-04-14 03:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-25 02:08 . 2009-10-25 02:08 5299337 -c--a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2009-10-24 01:52 . 2009-10-24 01:52 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"resizer"="d:\program files\reSizer\resizer.exe" [2006-11-09 188416]
"AdobeBridge"="d:\program files\Adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]
"EVEMon"="d:\program files\EVEMon\EVEMon.exe" [2010-01-04 1419776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-17 115560]
"OODefragTray"="d:\program files\OO Software\Defrag\oodtray.exe" [2009-09-12 2524416]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-20 221184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"SBAMTray"="d:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-01-05 685392]

c:\documents and settings\Koekiemonster\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - d:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"d:\\games\\EVE\\bin\\ExeFile.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"=
"d:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"=
"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [17-Oct-09 10:52 233984]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [17-Jan-10 03:33 13360]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [13-Oct-09 08:22 95024]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [17-Jan-10 03:33 69936]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [08-Jan-09 01:34 262416]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [27-Oct-09 17:42 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10-Dec-09 19:55 135664]
S2 SBAMSvc;CounterSpy Antispyware;d:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [04-Jan-10 17:02 1012080]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15-Aug-08 04:46 284016]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [18-Nov-08 17:17 23888]
S3 pbfilter;pbfilter;\??\d:\program files\PeerBlock\pbfilter.sys --> d:\program files\PeerBlock\pbfilter.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 03:54]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 03:54]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1547161642-1801674531-1003Core.job
- c:\documents and settings\Koekiemonster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-06 03:10]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-436374069-1547161642-1801674531-1003UA.job
- c:\documents and settings\Koekiemonster\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-06 03:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
FF - ProfilePath - c:\documents and settings\Koekiemonster\Application Data\Mozilla\Firefox\Profiles\5ur54zfb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
FF - plugin: c:\documents and settings\Koekiemonster\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: d:\program files\Adobe\Acrobat 9.0\Acrobat\browser\nppdf32.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Symantec Antvirus



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-20 11:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="691F5E390A3F788A0ADF328DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34525D575E7D6A3B9808C038D530D6EB34520ABAE159A38F14E948A696798F4C960D75B339AA458CFEF4704D5C37DC1C26E8833759ABF93863BB29AF69F8DCD43856E85E59ED073502124096C4F76BD7486B2165E8B3B1298BF7F673FDDC0A932F37C538A7778D50702E50F274D8B114EC505784EC7E4B0A34C3E00AAF2D9F947663134B216B886D36A71F84A9BE28890FC5BEEB854A25D40BB7B61C21A685388B81FBB889238BF24252D27E68402AC1AEEB9485960A07DB3F63F067B63A8C35702DCEB3E42D0F1B8576B12AF627791CCFD7B94C48E619C0864828C0980CE51229747F03FECA6BF2F651A8E1E0F1BACB7A1233D1063A697C1ADC9A0DB5F328ACBF5A2402E47162DD92124798F45274D5B999AA3D0296E8DAB50A2AC5BE00CD3643D5781FE94A188F56DCC0CF473114969D5DEAC5ADBCEC7B99305C7A28EFB4B1C453D95F24341192C4C9ED222F276BBCB94366BAC3A52FD00C9E5CCCAB379F7AD8B04CD8EC3FBBC564644B3A46822C4AA4A4B2FB3EFBCCA5541DF573C500353B9AC077B6623164D9402CF6D8EBC7F017FBCD87FDDEA04792BFE41CB739267FF526CBA5B76784C1D3E617355344AB35CC5D80C04C2A2504099EA3E5780A3A6DFE1F8BC3B1A1E5698F6B8B6F90B619D86B6E71E10266524CCB45FC8AA9808050FE292FE709FA36D53963E5AF0D6EAFA144D4498ED221A4CD748D85EA4FAAF2E072EED947BB220DE8D26977A7D9583F37FE3EA58E02A94A9AEC52C78603DA3CB62A1FA3BCD6893264329E82A99A2A52A5955897D0E994A6A6F5F5C185F5243E514D6997C67DE6A3EF0222BFAE875A9F5ED858A2E4F53A51CC23DC652F68618B945104320AE8349217BE9D5B52ECA29834E874C2802A3696C8DC6E98F332ADEE45832AE8CB62AF6549BBB975542C055D613EE9E17B1AE9753EDD1836643BEC630D869622F84BDBB4D91DA521183741C580A3F763D36FF721B036CB8A3603421B7CCD0E389D15FDCF01DD14672698E0DC14B7611B2B67C801094AFA5A449C17798422547BEDC72135584ABC442B6CAEDF7EECEED1C3D38A32175122588B2E1916FA21B2AD41FD939CDF06D82775613AC20909EAC50899A9038AD5BB31AE70B9BF1CBA788713E8E6EFFC85A675F9BC552AE0A9A6A605315E77793AC702F2B22D7585B476310049F0CAF3136B8551D6977214BAF31BEBA81DC6DC31CCDB42D76D6BB9A5024CCCF74C80F24C6A24B51C5CA91A7F2C3A9021255C12C152C6AB55B68A9E7DF5EB6060D79607A37111078C4311C8902A126DD07457DA48653B5F350B707F7A2E154501B444A55DCC014BBBAEA05ED7CDA39E00D00C"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\WININET.dll
.
Completion time: 2010-01-20 11:15:31
ComboFix-quarantined-files.txt 2010-01-20 19:15

Pre-Run: 4,317,499,392 bytes free
Post-Run: 4,790,472,704 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CD108ED10504A8DE3031A546E0ADCAB2

MBam Log:
______________________________________________________
Malwarebytes' Anti-Malware 1.44
Database version: 3586
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19-Jan-10 16:44:54
mbam-log-2010-01-19 (16-44-48).txt

Scan type: Quick Scan
Objects scanned: 102419
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by koekiemonster, 20 January 2010 - 06:04 PM.


BC AdBot (Login to Remove)

 


#2 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:16 AM

Posted 26 January 2010 - 02:08 PM

Hello, koekiemonster.
My name is aommaster and I will be helping you with your log.

I apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having, I would appreciate you letting us know. If not please perform the following below so I can have a look at the current condition of your machine.

Thanks

Please note that I am in the process of my training so it may take a while for me to get back to you, as each of my fixes need to be checked by a coach first.

We need to run RSIT
  1. Download random's system information tool (RSIT) by random/random and save it to your desktop.
  2. Double click on RSIT.exe.
  3. Click Continue at the disclaimer screen.
  4. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please include the following:
  • Log.txt
  • info.txt

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#3 aommaster

aommaster

    I !<3 malware


  • Malware Response Team
  • 5,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dubai
  • Local time:01:16 AM

Posted 29 January 2010 - 08:00 AM

Hello koekiemonster
Are you still with us?

My website: http://aommaster.com
unite_blue.png
Please do not send me PM's requesting for help. The forums are there for a reason : )
If I am helping you and do not respond to your thread for 48 hours, please send me a PM


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:16 PM

Posted 31 January 2010 - 03:38 PM

Hello.

Due to Lack of feedback, this topic is now Closed

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users