Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Virus


  • This topic is locked This topic is locked
22 replies to this topic

#1 CPDrummer

CPDrummer

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 23 January 2010 - 06:35 AM

If, for any reason, you need to refer back to my original topic which describes my problem, you can find it here.

OTL Logs



OTListIt.txt


OTL logfile created on: 1/23/2010 5:59:00 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.34 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 971.73 Mb Total Space | 573.58 Mb Free Space | 59.03% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC51500010589
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/04 10:27:40 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/08/13 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/07/29 06:00:38 | 00,079,360 | ---- | M] (Autodesk) [Auto | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/24 14:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/20 15:55:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/21 02:54:00 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/11 13:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/02/18 23:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/09 23:04:52 | 00,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2007/12/06 22:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/01/04 23:06:02 | 00,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 11:15:30 | 04,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/09 17:24:14 | 00,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/24 14:05:26 | 01,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/03/27 14:40:31 | 00,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/27 14:40:31 | 00,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/01/09 15:18:02 | 00,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/12/18 22:44:00 | 00,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 22:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/10/31 13:52:16 | 00,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/17 14:14:00 | 00,027,672 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2008/08/21 17:49:56 | 00,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 17:49:22 | 00,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/08/20 22:18:42 | 00,171,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2008/05/20 17:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/24 05:30:10 | 00,049,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/05/01 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/30 05:57:50 | 04,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 03:44:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/03 12:46:38 | 00,014,592 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/03/29 08:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/09/23 21:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1214440339-220523388-1801674531-500\S-1-5-21-1214440339-220523388-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-220523388-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1237869378859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.31.142.2 65.174.94.2
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 18:16:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 05:57:10 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/20 19:35:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/20 19:34:00 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe
[2010/01/20 19:14:41 | 34,628,432 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2010/01/20 18:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 18:41:33 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/20 16:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/20 16:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/20 16:45:15 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/01/20 15:54:42 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/20 15:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/20 06:40:30 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/20 06:34:48 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/20 06:34:48 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/20 06:34:45 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/01/20 06:30:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/01/20 06:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/01/20 05:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/20 05:39:37 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/01/20 05:39:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/01/05 16:35:15 | 00,000,000 | ---D | C] -- C:\Program Files\VTFEdit
[2009/12/28 04:06:06 | 00,000,000 | ---D | C] -- C:\HammerAutosave
[2009/07/21 06:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/20 15:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/05 17:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 05:55:56 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 05:49:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/22 01:36:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 01:35:04 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{778228C3-4EF4-4A53-996B-CCC186F7A981}.job
[2010/01/22 01:33:21 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 19:37:46 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/20 19:37:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/20 19:32:52 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe
[2010/01/20 19:11:21 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 19:11:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/20 19:11:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/20 18:54:46 | 34,628,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2010/01/20 16:41:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/01/20 16:34:33 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/20 16:18:12 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/20 15:45:22 | 40,137,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_pro_eng.exe
[2010/01/20 07:08:07 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/20 07:05:05 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 05:54:38 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/20 05:14:58 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/19 22:04:27 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/18 17:06:20 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/31 14:33:05 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/20 15:52:52 | 40,137,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_pro_eng.exe
[2010/01/20 07:08:07 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/20 06:40:30 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/20 06:34:48 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/20 06:34:48 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/20 06:34:45 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/20 05:14:58 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/16 07:47:35 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2009/12/16 07:45:28 | 00,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2009/12/16 07:45:28 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2009/12/04 01:33:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/09/02 06:16:30 | 00,472,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/25 17:31:28 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MediaFolder
[2009/08/25 17:25:38 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/04/22 16:02:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/17 16:38:29 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/04/06 17:33:51 | 00,000,440 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/04/06 17:33:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2009/04/06 17:31:59 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2009/04/03 01:37:03 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/03 01:37:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/27 14:40:31 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/27 14:40:31 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/22 23:31:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/03/21 04:04:20 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/03/20 21:26:42 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/21 08:25:20 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/14 21:30:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
< End of report >





Extra.txt


OTL Extras logfile created on: 1/23/2010 5:59:00 AM - Run 1
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.34 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 971.73 Mb Total Space | 573.58 Mb Free Space | 59.03% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC51500010589
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe" = C:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed -- (Ubisoft)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe" = C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe" = C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.1 Transport -- (Microsoft Corporation)
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE -- (Microsoft Corporation)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- File not found
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Steam\steamapps\51500010589\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\51500010589\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe:*:Enabled:Left 4 Dead 2 Dedicated Server -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0241E073-A1C3-857F-7DA3-9A5DC6C4F60B}" = Catalyst Control Center Graphics Light
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0F55F69B-FB6C-5157-A5DC-B8AC58048A1A}" = ATI Catalyst Install Manager
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B886216-F2BF-4FBC-4CC7-08D6CB324FB8}" = TweetDeck
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library
"{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max Design 2009 32-bit Movies
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CCE085E-255D-BBEE-7D51-D46FF3E13B1F}" = Catalyst Control Center HydraVision Full
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}" = BlackBerry Device Software Updater
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6A7C42A3-02F9-C4E2-3A2B-BED15343DB4E}" = ccc-utility
"{6D9306D4-668D-F7B5-30A8-0D20B5D898A0}" = Catalyst Control Center Core Implementation
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7A5029B2-B9EE-BD2F-D1C2-20A89933BC7B}" = Catalyst Control Center Graphics Full New
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A5E86ABA-C49F-0D98-038A-2BFF8CC14DDE}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4C2BA9A-E0BE-B4AC-2858-30ED109AAB39}" = CCC Help English
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC03804C-5D9E-B6F5-D2D6-2E8D11CE7C22}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ECE3188A-3B11-4332-B1B9-43FAA9A02626}" = TheSkyX First Light Edition
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries
"{F731791B-E17A-4402-9FC7-F0E65E8D93BD}" = Microsoft XNA Game Studio 3.0 - Racing Game Starter Kit (Windows)
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max Design 2009 32-bit
"{FE6A0D54-A89C-542A-3C0F-7DE1DFC0F3A2}" = Catalyst Control Center Graphics Full Existing
"{FE7ADD14-5576-C865-AB6A-84BBC94C883B}" = ccc-core-preinstall
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"347F83755F38F1570B602823E659DC5335F5A948" = Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CCleaner" = CCleaner (remove only)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EADM" = EA Download Manager
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"GameSpy Arcade" = GameSpy Arcade
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Halo" = Microsoft Halo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JAIELangPack" = Japanese Language Support
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PFPortChecker" = PFPortChecker 1.0.32
"QuickTime" = QuickTime
"Samsung_SEDG" = Samsung Video Codec 1.2.5009 Uninstall
"SamsungCamCorderDriver" = Samsung CamCorder Driver
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 15100" = Assassin's Creed
"Steam App 17500" = Zombie Panic! Source
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 5" = Dedicated Server
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTFEdit_is1" = VTFEdit 1.2.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 8:53:39 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:11 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:06:59 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:07 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:08 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:35 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/22/2010 2:33:27 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/22/2010 2:34:31 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

[ Application Events ]
Error - 1/20/2010 8:53:39 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:11 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:06:59 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:07 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:08 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:35 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/22/2010 2:33:27 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/22/2010 2:34:31 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

[ System Events ]
Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware
Service service to connect.

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT nvport RasAcd Rdbss Tcpip

Error - 1/23/2010 6:56:10 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/23/2010 6:56:12 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2010 6:57:05 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

[ System Events ]
Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware
Service service to connect.

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT nvport RasAcd Rdbss Tcpip

Error - 1/23/2010 6:56:10 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/23/2010 6:56:12 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2010 6:57:05 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Edited by CPDrummer, 23 January 2010 - 06:56 AM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 29 January 2010 - 02:24 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 30 January 2010 - 06:50 AM

QUOTE(extremeboy @ Jan 29 2010, 02:24 PM) View Post
Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay of response.

Do you still require help?

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a RootRepeal log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or RootRepeal log please refer to this page and in step #6 and Step #7 for further instructions on downloading and running DDS & RootRepeal. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-RootRepeal logs
-Description of any remaining problems you may still have.


Thanks again and we apologize for the delay.

With Regards,
Extremeboy



I haven't been able to and still can't use DDS or RootRepeal. DDS won't run at all, and RootRepeal will start to scan, and then freeze in the same spot every time. The best I can do is give you the OTL scan, as that's the only thing that works. From what I can tell, the logs are basically the exact same, but I'll post it anyway. I haven't touched the infected computer since the last post, until now. At the top of this topic, I have a link to my original post, stating in detail, the problems I'm having. Anyway, here's the logs;





OTListIt.txt


OTL logfile created on: 1/30/2010 6:42:23 AM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.34 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC51500010589
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/14 07:00:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/04 10:27:40 | 00,602,112 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2009/08/13 20:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2009/07/29 06:00:38 | 00,079,360 | ---- | M] (Autodesk) [Auto | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/07/24 14:05:24 | 00,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/07/20 15:55:03 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/07/02 17:36:52 | 00,017,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/05/21 10:34:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/04/21 02:54:00 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/11 13:17:46 | 00,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/04/11 13:17:44 | 00,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/04/11 13:17:26 | 01,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/02/18 23:30:20 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/03/09 23:04:52 | 00,065,536 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe -- (mi-raysat_3dsMax2009_32)
SRV - [2007/12/06 22:20:56 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 22:20:52 | 00,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/01/04 23:06:02 | 00,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/08/29 07:54:16 | 00,307,200 | ---- | M] (Lexmark International, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)


========== Driver Services (SafeList) ==========

DRV - [2009/11/04 11:15:30 | 04,423,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/09/09 17:24:14 | 00,062,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
DRV - [2009/07/24 14:05:26 | 01,961,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/06/18 18:48:04 | 00,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/03/27 14:40:31 | 00,279,712 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/03/27 14:40:31 | 00,025,888 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/01/09 15:18:02 | 00,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/12/18 22:44:00 | 00,028,816 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/12/18 22:43:48 | 00,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 00,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/10/31 13:52:16 | 00,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/17 14:14:00 | 00,027,672 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Entech.sys -- (ENTECH)
DRV - [2008/08/21 17:49:56 | 00,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 17:49:22 | 00,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/08/20 22:18:42 | 00,171,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1000325.sys -- (E1000) Intel®
DRV - [2008/05/20 17:33:50 | 00,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008/04/14 07:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/04/13 23:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2007/06/18 14:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/05/24 05:30:10 | 00,049,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/05/01 02:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/30 05:57:50 | 04,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/12/14 03:44:06 | 00,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/05/03 12:46:38 | 00,014,592 | ---- | M] (ABIT) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uGuru.sys -- (UGURU)
DRV - [2006/03/29 08:49:26 | 00,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/09/23 21:18:32 | 00,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1214440339-220523388-1801674531-500\S-1-5-21-1214440339-220523388-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2008/04/14 07:00:00 | 00,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-220523388-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/C/B.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://go.microsoft.com/fwlink/?LinkId=82580 (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.systemrequirementslab.com/srl_b...sreqlab_srl.cab (System Requirements Lab Class)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1237869378859 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://www.yougamers.com/systeminfo/FMSI.cab (Futuremark SystemInfo)
O16 - DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (AxLoaderPassword Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.31.142.2 65.174.94.2
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 18:16:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/01/23 05:57:10 | 00,547,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/20 19:35:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2010/01/20 19:34:00 | 91,338,304 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe
[2010/01/20 19:14:41 | 34,628,432 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2010/01/20 18:48:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/20 18:48:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/20 18:41:33 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010/01/20 16:55:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/01/20 16:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/01/20 16:45:15 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/01/20 15:54:42 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/01/20 15:54:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/01/20 06:40:30 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/01/20 06:34:48 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/01/20 06:34:48 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/01/20 06:34:45 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/01/20 06:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2010/01/20 06:30:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/01/20 06:30:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/01/20 05:54:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2010/01/20 05:39:37 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/01/20 05:39:22 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/01/05 16:35:15 | 00,000,000 | ---D | C] -- C:\Program Files\VTFEdit
[2009/12/28 04:06:06 | 00,000,000 | ---D | C] -- C:\HammerAutosave
[2009/07/21 06:04:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/07/20 15:55:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/06/05 17:39:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/01/23 05:55:56 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/23 05:49:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/01/23 02:54:44 | 00,547,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/01/22 01:36:23 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/01/22 01:35:04 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{778228C3-4EF4-4A53-996B-CCC186F7A981}.job
[2010/01/22 01:33:21 | 00,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/01/20 19:37:46 | 00,786,432 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/01/20 19:37:46 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/01/20 19:32:52 | 91,338,304 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Administrator\Desktop\Ad-AwareInstallation.exe
[2010/01/20 19:11:21 | 00,000,528 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/20 19:11:21 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/01/20 19:11:21 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2010/01/20 18:54:46 | 34,628,432 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Administrator\Desktop\sdsetup.exe
[2010/01/20 16:41:22 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator\Desktop\spybotsd162.exe
[2010/01/20 16:34:33 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/01/20 16:18:12 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/01/20 15:45:22 | 40,137,480 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_pro_eng.exe
[2010/01/20 07:08:07 | 00,001,637 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/20 07:05:05 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/01/20 05:54:38 | 00,013,588 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/01/20 05:14:58 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010/01/19 22:04:27 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/01/18 17:06:20 | 00,002,193 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/01/14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/12/31 14:33:05 | 00,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/01/20 15:52:52 | 40,137,480 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_av_pro_eng.exe
[2010/01/20 07:08:07 | 00,001,637 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010/01/20 06:40:30 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/01/20 06:34:48 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/01/20 06:34:48 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/01/20 06:34:45 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/01/20 05:14:58 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/12/16 07:47:35 | 00,057,344 | ---- | C] () -- C:\WINDOWS\HAJEInstall.dll
[2009/12/16 07:45:28 | 00,450,560 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor1.dll
[2009/12/16 07:45:28 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\mcs_cor2.dll
[2009/12/04 01:33:07 | 00,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/09/02 06:16:30 | 00,472,456 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/25 17:31:28 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MediaFolder
[2009/08/25 17:25:38 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/04/22 16:02:30 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/04/17 16:38:29 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/04/06 17:33:51 | 00,000,440 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/04/06 17:33:05 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxblvs.dll
[2009/04/06 17:31:59 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBLLCNP.DLL
[2009/04/03 01:37:03 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/03 01:37:03 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/03/27 14:40:31 | 00,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009/03/27 14:40:31 | 00,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009/03/22 23:31:17 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/03/21 04:04:20 | 00,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009/03/20 21:26:42 | 00,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2009/02/21 08:25:20 | 00,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/04/14 21:30:47 | 00,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\Temp:DFC5A2B2
< End of report >





Extra.txt


OTL Extras logfile created on: 1/30/2010 6:42:23 AM - Run 2
OTL by OldTimer - Version 3.1.26.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 20.34 Gb Free Space | 13.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 971.73 Mb Total Space | 573.58 Mb Free Space | 59.03% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC51500010589
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe" = C:\Program Files\Steam\steamapps\common\assassins creed\AssassinsCreed_Game.exe:*:Enabled:Assassin's Creed -- (Ubisoft)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe" = C:\Program Files\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- File not found
"C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe" = C:\Program Files\Common Files\Microsoft Shared\XNA\XnaTrans\v3.0\XnaTransX.exe:LocalSubNet:Enabled:XNA Game Studio 3.1 Transport -- (Microsoft Corporation)
"C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe" = C:\Program Files\Microsoft XNA\XNA Game Studio\v3.1\Bin\XnaLiveProxy.exe:LocalSubNet:Enabled:XNA Framework Games for Windows - LIVE -- (Microsoft Corporation)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2009\3dsmax.exe:*:Enabled:Autodesk 3ds Max Design 2009 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\RM.exe:*:Enabled:Render Manager -- File not found
"C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\Studio.exe:*:Enabled:Studio -- File not found
"C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 14\Programs\umi.exe:*:Enabled:umi -- File not found
"C:\Program Files\Steam\steamapps\51500010589\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\51500010589\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\srcds.exe:*:Enabled:Left 4 Dead Dedicated Server -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead Authoring Tools -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\left4dead2.exe:*:Enabled:Left 4 Dead 2 -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\srcds.exe:*:Enabled:Left 4 Dead 2 Dedicated Server -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead 2\bin\SDKLauncher.exe:*:Enabled:Left 4 Dead 2 Authoring Tools -- ()
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.1 (Platformer)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0241E073-A1C3-857F-7DA3-9A5DC6C4F60B}" = Catalyst Control Center Graphics Light
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B56244C-7B61-0409-A739-3E29DDE4DC3C}" = Bluerock Technologies Flight Studio 3ds Max Design 2009 32-bit
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.1 (Redists)
"{0F55F69B-FB6C-5157-A5DC-B8AC58048A1A}" = ATI Catalyst Install Manager
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1B886216-F2BF-4FBC-4CC7-08D6CB324FB8}" = TweetDeck
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20820A45-02A1-144C-21A3-A1812C5DDE23}" = Catalyst Control Center InstallProxy
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AB45FAF-2D92-0409-8D33-E2FE6172280E}" = Autodesk 3ds Max Design 2009 32-bit ProMaterials™ Library
"{305D5417-E687-0409-AA09-53DE06E059F8}" = Autodesk 3ds Max Design 2009 32-bit Movies
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.1 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CCE085E-255D-BBEE-7D51-D46FF3E13B1F}" = Catalyst Control Center HydraVision Full
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{62880A3B-2F9C-4C58-8FFA-1DA280262B5E}" = BlackBerry Device Software Updater
"{689E0AB3-50B2-4E5A-9DCE-6DA9F5BE1314}" = BlackBerry® Media Sync
"{6A7C42A3-02F9-C4E2-3A2B-BED15343DB4E}" = ccc-utility
"{6D9306D4-668D-F7B5-30A8-0D20B5D898A0}" = Catalyst Control Center Core Implementation
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{744A5C19-AA4C-0409-BC07-9F4C73C8B247}" = Autodesk 3ds Max Design 2009 32-bit Vault 2009 Plug-In
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77A1C7DD-E4F6-4057-92FC-710219215987}" = Logitech G11 Keyboard Software 1.03
"{7A046E1F-BEB7-49C8-83E2-78E1F1C65C60}" = Turbo Squid Tentacles 3ds Max 2009 32-bit
"{7A5029B2-B9EE-BD2F-D1C2-20A89933BC7B}" = Catalyst Control Center Graphics Full New
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.1 Documentation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{922D9CCA-4317-425F-9AA5-94829DF8BA6D}" = Motorola Software Update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A5E86ABA-C49F-0D98-038A-2BFF8CC14DDE}" = ccc-core-static
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.1 (Shared Components)
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BED4CEEC-863F-4AB3-BA23-541764E2D2CE}" = Microsoft XNA Game Studio Platform Tools
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C251E4E6-89BA-0409-9B42-1B3D01D34783}" = Autodesk 3ds Max Design 2009 32-bit Architectural Materials Library
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C4C2BA9A-E0BE-B4AC-2858-30ED109AAB39}" = CCC Help English
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC03804C-5D9E-B6F5-D2D6-2E8D11CE7C22}" = Catalyst Control Center Graphics Previews Common
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DCFD26A8-60A5-4C69-A52D-264D0386FDB3}" = Microsoft Xbox 360 Accessories 1.2
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.1 (XnaLiveProxy)
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.1 (ARP entry)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{ECE3188A-3B11-4332-B1B9-43FAA9A02626}" = TheSkyX First Light Edition
"{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"{EFCBBB01-F876-0409-B91F-7B6132E8BB64}" = Autodesk 3ds Max Design 2009 32-bit Vault 2008 Plug-In
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F681200C-0446-0409-ABE4-EA9105E40EE4}" = Autodesk 3ds Max Design 2009 32-bit Additional Maps and Material Libraries
"{F731791B-E17A-4402-9FC7-F0E65E8D93BD}" = Microsoft XNA Game Studio 3.0 - Racing Game Starter Kit (Windows)
"{FDD8070F-E3B9-0409-822C-CCFE5E82C14D}" = Autodesk 3ds Max Design 2009 32-bit
"{FE6A0D54-A89C-542A-3C0F-7DE1DFC0F3A2}" = Catalyst Control Center Graphics Full Existing
"{FE7ADD14-5576-C865-AB6A-84BBC94C883B}" = ccc-core-preinstall
"{FF8500E6-EA0D-11D7-8755-0080C8F92A32}" = abti uGuru
"347F83755F38F1570B602823E659DC5335F5A948" = Windows Driver Package - ABIT (UGURU) System (3.0.2005.531 )
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_6" = AIM 6
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"BlackBerry_{EE59E3BD-6B7D-4BBB-B9CD-20EA7AEF1E10}" = BlackBerry Desktop Software 5.0
"CCleaner" = CCleaner (remove only)
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"EADM" = EA Download Manager
"FBX Plugin 2009.0 for Max 2009" = FBX Plugin 2009.0 for Max 2009
"GameSpy Arcade" = GameSpy Arcade
"GoldenEye Source" = GoldenEye: Source - HalfLife 2 Mod
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"Halo" = Microsoft Halo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"JAIELangPack" = Japanese Language Support
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Lexmark Z700-P700 Series" = Lexmark Z700-P700 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft DirectX SDK (March 2009)" = Microsoft DirectX SDK (March 2009)
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"PFPortChecker" = PFPortChecker 1.0.32
"QuickTime" = QuickTime
"Samsung_SEDG" = Samsung Video Codec 1.2.5009 Uninstall
"SamsungCamCorderDriver" = Samsung CamCorder Driver
"Spyware Doctor" = Spyware Doctor 7.0
"Steam App 15100" = Assassin's Creed
"Steam App 17500" = Zombie Panic! Source
"Steam App 205" = Source Dedicated Server
"Steam App 211" = Source SDK
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 240" = Counter-Strike: Source
"Steam App 310" = Team Fortress 2 Dedicated Server
"Steam App 5" = Dedicated Server
"Steam App 500" = Left 4 Dead
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 513" = Left 4 Dead Authoring Tools
"Steam App 550" = Left 4 Dead 2
"Steam App 560" = Left 4 Dead 2 Dedicated Server
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"SystemRequirementsLab" = System Requirements Lab
"ViewpointMediaPlayer" = Viewpoint Media Player
"VTFEdit_is1" = VTFEdit 1.2.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XNA Game Studio 3.1" = Microsoft XNA Game Studio 3.1
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/20/2010 8:53:39 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:11 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:06:59 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:07 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:08 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:35 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/22/2010 2:33:27 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/22/2010 2:34:31 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

[ Application Events ]
Error - 1/20/2010 8:53:39 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:08 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/20/2010 8:54:11 PM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:06:59 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:07 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:08 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/21/2010 5:07:35 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

Error - 1/22/2010 2:33:27 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 1/22/2010 2:34:31 AM | Computer Name = PC51500010589 | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.54, faulting
module ViewpointService.exe, version 2.0.0.54, fault address 0x00002250.

[ System Events ]
Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware
Service service to connect.

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT nvport RasAcd Rdbss Tcpip

Error - 1/23/2010 6:56:10 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/23/2010 6:56:12 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2010 6:57:05 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

[ System Events ]
Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Microsoft Antimalware
Service service to connect.

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7000
Description = The Microsoft Antimalware Service service failed to start due to the
following error: %%1053

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 1/23/2010 6:50:31 AM | Computer Name = PC51500010589 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT nvport RasAcd Rdbss Tcpip

Error - 1/23/2010 6:56:10 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/23/2010 6:56:12 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 1/23/2010 6:57:05 AM | Computer Name = PC51500010589 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 30 January 2010 - 04:08 PM

Hello.

Okay, thanks for that log. I would like to see a rootkit scan before continuing.

Try running GMER...

Download and Run GMER

We will use GMER to scan for rootkits.
  • Please download GMER from one of the following locations, and save it to your desktop:
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.

  • Close any and all open programs, as this process may crash your computer.
  • Double click or on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.

    If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system... Click NO.
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • Registry
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Click on and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 February 2010 - 12:11 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-01 00:05:27
Windows 5.1.2600 Service Pack 3
Running: 29kuk9fo.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxlirfod.sys


---- System - GMER 1.0.15 ----

Code 8B056150 ZwEnumerateKey
Code 8AE0D900 ZwFlushInstructionCache
Code 8AFC9416 IofCallDriver
Code 8AE158D6 IofCompleteRequest

---- Modules - GMER 1.0.15 ----

Module \systemroot\system32\drivers\H8SRTwpjetaekxe.sys (*** hidden *** ) BA50E000-BA52B000 (118784 bytes)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\H8SRToaojucpoja.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [244] 0x10000000
Library \\?\globalroot\systemroot\system32\H8SRToaojucpoja.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [596] 0x00870000
Library \\?\globalroot\systemroot\system32\H8SRToaojucpoja.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [692] 0x00870000
Library \\?\globalroot\systemroot\system32\H8SRToaojucpoja.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [1496] 0x00DF0000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\H8SRTwpjetaekxe.sys (*** hidden *** ) [SYSTEM] H8SRTd.sys <-- ROOTKIT !!!

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Administrator\Local Settings\Temp\h8srtmainqt.dll 16465 bytes
File C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll 1014 bytes
File C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll 16700 bytes
File C:\Documents and Settings\Kris\Local Settings\Temp\H8SRT81ae.tmp 343040 bytes executable
File C:\Documents and Settings\Kris\Local Settings\Temp\H8SRT9fb6.tmp 712704 bytes executable
File C:\Documents and Settings\Kris\Local Settings\Temp\h8srtmainqt.dll 16431 bytes
File C:\WINDOWS\system32\drivers\H8SRTwpjetaekxe.sys 40448 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\H8SRTfnlitumctt.dll 40960 bytes executable
File C:\WINDOWS\system32\H8SRTjtrulddwyo.dll 23552 bytes executable
File C:\WINDOWS\system32\h8srtkrl32mainweq.dll 777 bytes
File C:\WINDOWS\system32\H8SRToaojucpoja.dll 16896 bytes executable
File C:\WINDOWS\system32\H8SRTrewjpvaoro.dll 40960 bytes executable
File C:\WINDOWS\system32\h8srtshsyst.dll 1048 bytes
File C:\WINDOWS\system32\H8SRTvirntodgxt.dat 243 bytes
File C:\WINDOWS\Temp\H8SRT1ecd.tmp 243 bytes
File C:\WINDOWS\Temp\H8SRT8389.tmp 243 bytes
File C:\WINDOWS\Temp\h8srtmainqt.dll 16459 bytes

---- EOF - GMER 1.0.15 ----

Edited by CPDrummer, 01 February 2010 - 01:01 AM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 01 February 2010 - 01:01 PM

Hello.

Seems you're infected with a TDSS rootkit variant here. It's a backdoor unfortunately. Let me know if you wish to continue or not.

Unfortunatly One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do next post.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 February 2010 - 02:06 PM

I would like to attempt to clean it enough to get important files, and personal files off of my computer. I plan on leaving my infected computer disconnected from the internet until I am able to reformat / reinstall windows. Then I plan to reformat and reinstall windows. As it stands right now, I can't even log into my computer normally. To do anything on there, I have to sign into safe mode. Where do I begin?

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 01 February 2010 - 02:36 PM

Hello.

Let's start with Combofix. You can run it in Safe Mode.

Download and Run Combofix

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 February 2010 - 03:11 PM

Unfortunately my computer won't run combofix at all. I downloaded it onto this computer and moved it to the infected computer via thumbdrive. When I try to run combofix, I get an hourglass for approximately a second after clicking on it, then nothing happens. I've tried restarting with no luck.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 01 February 2010 - 08:08 PM

Hello.

Try re-naming Combofix before you even download/transfer it to the infected machine. Re-name Combofix to CPDrummer.exe and try running it.

let me know how it goes.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 01 February 2010 - 10:45 PM

That worked and ComboFix will run now, but I have two new problems with it.

1. When I run ComboFix, the computer says Windows Security Essentials is running, but I haven't had that installed on my computer in months.

2. After ignoring the first problem, the blue window pops up that says "Please wait. ComboFix is preparing to run." After a few seconds, a window pops up that says this;

This machine does not have the 'Microsoft Windows recovery console' installed
Without it, ComboFix shall not attempt the fixing of some serious infections.
Click 'Yes' to have ComboFix download/install it.
NOTE: this requires an active internet connection.


What do I do? I don't want to connect my computer to the internet and risk being exposed to more damage from the virus/hacker.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 02 February 2010 - 04:01 PM

Hello.

You may ignore the warning of that AV. Regarding the Recovery Console, you can skip that for now. If we really need it we can create it again later or burn it onto a disk using another computer since you have one available.

Continue and post the log once done.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 February 2010 - 05:01 PM

When I tried to run ComboFix the first time, I got this;


Rootkit !!

ComboFix has detected the presence of rootkit activity and needs to reboot the
machine
Kindly note down on paper, the name of each file. We may need it later

C:\WINDOWS\system32\drivers\H8SRTwpjetaekxe.sys
C:\WINDOWS\system32\H8SRTjtrulddwyo.dll
C:\WINDOWS\system32\H8SRTvirntodgxt.dat
C:\WINDOWS\system32\H8SRTfnlitumctt.dll
C:\WINDOWS\system32\H8SRToaojucpoja.dll
C:\WINDOWS\system32\H8SRTrewjpvaoro.dll


I clicked 'OK' and the blue window said;

Please allow ComboFix to reboot the machine.

WARNING !! Do not manually reboot the machine yourself.



When my computer started back upm the same blue ComboFix window started imediately and restarted from the beginning without me doing anything and started to scan again. It completed about 50 stages, and restarted again. Here's what the log report said;


ComboFix 10-02-01.01 - Administrator 02/02/2010 16:27:35.1.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3082 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\cpdrummer.exe.exe
AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\h8srtkrl32mainweq.dll
c:\documents and settings\All Users\Application Data\h8srtmainqt.dll
c:\windows\system32\drivers\H8SRTwpjetaekxe.sys
c:\windows\system32\H8SRTfnlitumctt.dll
c:\windows\system32\H8SRTjtrulddwyo.dll
c:\windows\system32\h8srtkrl32mainweq.dll
c:\windows\system32\H8SRToaojucpoja.dll
c:\windows\system32\H8SRTrewjpvaoro.dll
c:\windows\system32\h8srtshsyst.dll
c:\windows\system32\H8SRTvirntodgxt.dat
c:\windows\system32\logs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


((((((((((((((((((((((((( Files Created from 2010-01-02 to 2010-02-02 )))))))))))))))))))))))))))))))
.

2010-01-21 00:35 . 2010-01-21 00:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-20 23:41 . 2010-01-20 23:41 -------- d-----w- C:\$AVG
2010-01-20 21:55 . 2010-01-20 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-20 21:47 . 2010-01-20 23:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-20 20:54 . 2010-01-20 21:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-20 20:54 . 2010-01-20 20:54 -------- d-----w- c:\program files\Alwil Software
2010-01-20 11:40 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-20 11:34 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-20 11:34 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-20 11:34 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-20 11:34 . 2010-01-20 12:10 -------- d-----w- c:\program files\Spyware Doctor
2010-01-20 11:34 . 2010-01-20 11:34 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-20 11:34 . 2010-01-20 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-20 11:34 . 2010-01-20 11:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-01-20 10:54 . 2010-01-20 10:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-01-20 10:39 . 2010-01-20 10:39 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-20 10:39 . 2010-01-20 10:39 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-20 10:15 . 2010-01-20 10:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-05 21:35 . 2010-01-05 21:47 -------- d-----w- c:\program files\VTFEdit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 03:34 . 2009-09-15 06:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2010-01-29 04:33 . 2009-03-21 09:02 -------- d-----w- c:\program files\Steam
2010-01-20 10:56 . 2010-01-20 10:55 194858 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-01-20 10:25 . 2009-03-24 04:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-14 16:12 . 2009-12-16 11:00 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-07 00:34 . 2009-07-20 20:55 -------- d-----w- c:\program files\Google
2009-12-31 19:33 . 2009-05-30 07:18 256 ----a-w- c:\windows\system32\pool.bin
2009-12-21 19:14 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 23:53 . 2009-12-16 23:53 -------- d-----w- c:\program files\Audacity
2009-12-16 22:00 . 2009-04-20 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-12-16 13:30 . 2009-10-29 08:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-12-16 12:30 . 2009-12-16 12:30 -------- d-----w- c:\program files\DevGuru
2009-12-16 11:15 . 2009-12-16 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-12-16 11:11 . 2009-03-20 23:27 -------- d-----w- c:\program files\ATI Technologies
2009-12-16 11:07 . 2009-04-14 19:40 -------- d-----w- c:\program files\ATI
2009-12-16 11:04 . 2009-10-25 09:20 -------- d-----w- c:\program files\Pinnacle
2009-12-16 10:57 . 2009-10-25 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-12-16 10:37 . 2009-12-15 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-12-16 10:37 . 2009-12-15 20:35 -------- d-----w- c:\program files\Common Files\BitDefender
2009-12-16 10:36 . 2009-06-28 11:31 132 ------w- c:\windows\system32\rezumatenoi.dat
2009-12-15 20:47 . 2009-03-21 02:19 -------- d-----w- c:\program files\BitDefender
2009-12-15 20:21 . 2009-12-15 20:21 38 ----a-w- C:\BdUninstallTool2009.12.15-03.21.29.reg
2009-12-15 13:27 . 2009-03-20 23:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-15 13:24 . 2009-09-15 06:53 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-12-06 09:39 . 2009-12-06 09:39 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-30 23:02 . 2009-11-30 23:02 171144 ------w- c:\windows\system32\xliveinstall.dll
2009-11-30 23:02 . 2009-11-30 23:02 72840 ------w- c:\windows\system32\xliveinstallhost.exe
2009-11-21 15:51 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-06 15:59 . 2009-11-06 15:59 15406728 ------w- c:\windows\system32\xlive.dll
2009-11-06 15:59 . 2009-11-06 15:59 13642888 ------w- c:\windows\system32\xlivefnt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"Launch LGDCore"="c:\program files\Common Files\Logitech\G-series Software\LGDCore.exe" [2006-07-23 1126400]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-19 76304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-04 98304]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-6-23 809488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 04:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rootrepeal.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Kris^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Kris\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 22:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
2009-07-02 03:12 623960 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
2007-03-20 06:36 36864 ------r- c:\windows\RaidTool\xInsIDE.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 19:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-04-21 06:24 77824 ----a-w- c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2009-04-11 18:17 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 19:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\assassins creed\\AssassinsCreed_Game.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\51500010589\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\srcds.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\bin\\SDKLauncher.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R1 UGURU;UGURU;c:\windows\system32\drivers\uGuru.sys [3/20/2009 6:23 PM 14592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/20/2009 3:55 PM 133104]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/9/2008 11:04 PM 65536]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/21/2009 4:43 AM 24652]
S3 cpuz130;cpuz130;\??\c:\docume~1\Kris\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\Kris\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [5/1/2009 11:15 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [5/1/2009 11:15 PM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [5/1/2009 11:15 PM 23680]
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:55]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 20:55]

2010-02-02 c:\windows\Tasks\User_Feed_Synchronization-{778228C3-4EF4-4A53-996B-CCC186F7A981}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.yahoo.com
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {DAF7E6E7-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-MSSE - c:\program files\Microsoft Security Essentials\msseces.exe
MSConfigStartUp-PC SpeedScan Pro - c:\program files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
MSConfigStartUp-Performance Center - c:\program files\Ascentive\Performance Center\APCMain.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-02 16:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1214440339-220523388-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,92,65,47,19,1a,c6,42,8b,67,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,24,92,65,47,19,1a,c6,42,8b,67,05,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(244)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1536)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\wpdshext.dll
.
Completion time: 2010-02-02 16:47:01 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-02 21:46

Pre-Run: 21,713,043,456 bytes free
Post-Run: 22,560,636,928 bytes free

- - End Of File - - 8FFCEE2CED497095F1C2873D61326ECD




#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:41 AM

Posted 02 February 2010 - 05:14 PM

Hello.

That looks good. The rootkit is removed, now let's get a scan from Malwarebytes.

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 CPDrummer

CPDrummer
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:41 AM

Posted 02 February 2010 - 09:55 PM

Malwarebytes' Anti-Malware 1.44
Database version: 3681
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/2/2010 21:46:39
mbam-log-2010-02-02 (21-46-39).txt

Scan type: Quick Scan
Objects scanned: 140171
Time elapsed: 17 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Rogue.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\SysRestore.dll (Rogue.Ascentive) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kris\Local Settings\Temp\H8SRT81ae.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kris\Local Settings\Temp\H8SRT9fb6.tmp (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Kris\Local Settings\Temporary Internet Files\Content.IE5\TONKO3U3\z002106201318r0409J0e000601R67734b15W0ec2fc77X9804df3eYd352089dZ0100f0800[1] (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users