Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Microsoft Trying to Fix the Windows 10 App Gap Ahead of Andromeda

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Photo

Vundo.H/Virtumonde.prx and others

Started by Xae , Feb 17 2010 12:44 PM

  • This topic is locked This topic is locked
33 replies to this topic

#1 Xae

Xae

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 17 February 2010 - 12:44 PM

Hello,

So this is what happened. Yesterday evening, I was looking for something on the internet. Apparently I ended up on some messed up website...
First thing I know is that I heard my hard drive going nuts so I closed the tab immediately. The java icon popped up on the bar menu, so I suspect it used it to get into my comp (I never downloaded anything from this website.) Second thing was my firewall was disabled. Third thing, Spybot Search & Destroy blocks something on my computer telling me it's a malware so I clicked on delete or whatever the option was.

From there I stopped everything I was doing and ran Spybot S&D. It found a lot of trojans, rootkits, bots which I can't remember all of their names, but Virtumonde.prx popped up. Since it couldn't remove everything, it asked me to have the computer scanned again on restart, which I did.
It found a lot of other nasty stuff that it put in quarantine.
After that I kinda freaked out I admit, so I ran several different tools to see if I still had something. I used Malwarebytes in quick scan and full scan, both times found stuff that it either put in quarantine or deleted.
After that I went to search for tutorials on how to remove these infections. I used VundoFix and it found nothing. I then ran Combofix, it deleted about 3-4 files. I ran it a second time and it found nothing.

I ran Ad-aware free edition, it found nothing either. I ran Spybot S&D again just to see if it would find anything. It found nothing. Ran Avira, and nothing was found either. I then used CCleaner as well, and cleaned up the registry stuff as well as program stuff like cookies etc. I also updated my Java to the latest version(17, I was still on 16), and used JavaRa to remove the old ones.

From there I started using a couple programs to see how my computer was performing. It feels like it's slower than it used to be, so it may still be infected... I may be a bit paranoid (first time ever I got one of my computers infected) but I just want to make sure it's doing ok...and I can't read logs from HijackThis or programs of the like... tongue.gif
Thanks in advance for the help!

Here's the DDS log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Xaelya at 12:19:24.20 on Wed 02/17/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2684 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Xaelya\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\xaelya\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266370060343
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266370053406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-8 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-28 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-28 56816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-12-6 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-6 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-12-6 13225]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-17 02:48:01 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-17 02:48:00 0 d-----w- c:\program files\SpywareBlaster
2010-02-17 02:07:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-17 01:59:02 0 d-----w- C:\ComboFix
2010-02-17 01:29:34 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-17 01:13:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-17 01:12:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 01:12:53 0 d-----w- c:\docume~1\xaelya\applic~1\SUPERAntiSpyware.com
2010-02-17 01:02:11 0 d-sha-r- C:\cmdcons
2010-02-17 01:01:28 98816 ----a-w- c:\windows\sed.exe
2010-02-17 01:01:28 77312 ----a-w- c:\windows\MBR.exe
2010-02-17 01:01:28 261632 ----a-w- c:\windows\PEV.exe
2010-02-17 01:01:28 161792 ----a-w- c:\windows\SWREG.exe
2010-02-17 00:01:55 0 d-----w- C:\VundoFix Backups
2010-02-16 21:04:32 251 ----a-w- c:\windows\wininit.ini
2010-01-24 22:58:43 0 d-----w- c:\program files\Funcom
2010-01-21 02:27:10 0 d-----w- c:\docume~1\xaelya\applic~1\Metaversum
2010-01-21 02:26:21 0 d-----w- c:\program files\Metaversum
2010-01-20 02:56:13 0 d-----w- c:\program files\Multiverse World Browser
2010-01-19 16:34:28 0 d--h--w- c:\windows\msdownld.tmp
2010-01-19 15:05:40 0 d-----w- c:\program files\Entropia Universe

==================== Find3M ====================

2010-02-17 02:08:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-17 02:08:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-26 22:02:30 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-09-02 15:48:00 73 --sha-w- c:\windows\system32\SYSDRV004.SYS

============= FINISH: 12:19:47.62 ===============

Attached Files


BC AdBot (Login to Remove)

 

#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 20 February 2010 - 09:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 20 February 2010 - 11:47 AM

Hello,

I'm still there. I didn't resolve the issue with my computer. I'm writing from a laptop and I kept my desktop turned off since I posted the DDS and GMER logs.
The problem I've been having with my computer is that it got infected with various trojans, rootkits and bots. I did what I could to remove them as much as possible with various tools that I named in my initial post (I realized after sending it that I forgot to mention one or two of them, I used so many).
I noticed that afterwards my computer was a lot slower than it used to be still. I'm afraid that my computer could still be infected and I don't want to take the risk to use it without someone qualified to take a look at it as I've found out after searching on the internet that these trojans could steal passwords. (I already changed most of my passwords using another computer, as a precaution).

I used prior to seeking help on bleeping computer:
-Malwarebytes
-Spybot Search & Destroy
-Ad-Aware free edition
-Combofix
-SuperAntiSpyware
-Vundofix
-Avira Antivir

I will be posting the new logs ASAP. Thanks for getting back to me.

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 20 February 2010 - 01:44 PM

Hi,

Also please post the Combofix logfile, you will find it at C:\Combofix.txt.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 20 February 2010 - 07:29 PM

Hello,

Sorry for the time it took me to post the logs, when I tried to run gmer I forgot about the screensaver and when I came back to my computer it froze up on me so I had to manually shut it down and start all over again, this time I made sure the screensaver wouldn't be a problem.
Also I didn't find the combofix log where you told me, that folder was empty. I found two different logs plus the quarantined files log in C:/Quoobox, I will be posting them here, if you need a more recent log of Combofix let me know and I'll post it for you.
Thanks for your help!

Here is the DDS log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Xaelya at 12:42:01.71 on Sat 02/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2874 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Razer\Lycosa\razerhid.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Razer\Lycosa\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\bin32\nSvcAppFlt.exe
C:\Program Files\bin32\nSvcIp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Xaelya\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Gif Animator Toolbar Helper: {96372ab6-15eb-4316-b497-71c741bc548c} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Easy Gif Animator Toolbar: {35065594-9169-4a34-b167-fc4865038e53} - c:\program files\easy gif animator extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Ai Nap] "c:\program files\asus\ai suite\ainap\AiNap.exe"
mRun: [CPU Power Monitor] "c:\program files\asus\ai suite\aigear3\CpuPowerMonitor.exe"
mRun: [Cpu Level Up help] c:\program files\asus\ai suite\CpuLevelUpHelp.exe
mRun: [ASUS Energy Saving] "c:\program files\asus\ai suite\energysaving\PwSave.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Lycosa] "c:\program files\razer\lycosa\razerhid.exe"
mRun: [Diamondback] c:\program files\razer\diamondback 3g\razerhid.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\xaelya\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\deskto~1.lnk - c:\program files\research in motion\blackberry\DesktopMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: %SYSTEMROOT%\system32\nvLsp.dll
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1266370060343
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266370053406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-8 64288]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-28 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-1-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-28 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-28 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-28 56816]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-12-6 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-6 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [2008-12-6 13225]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 7408]

=============== Created Last 30 ================

2010-02-17 02:48:01 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-17 02:48:00 0 d-----w- c:\program files\SpywareBlaster
2010-02-17 02:07:35 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-17 01:59:02 0 d-----w- C:\ComboFix
2010-02-17 01:29:34 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-17 01:13:14 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-02-17 01:12:53 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 01:12:53 0 d-----w- c:\docume~1\xaelya\applic~1\SUPERAntiSpyware.com
2010-02-17 01:02:11 0 d-sha-r- C:\cmdcons
2010-02-17 01:01:28 98816 ----a-w- c:\windows\sed.exe
2010-02-17 01:01:28 77312 ----a-w- c:\windows\MBR.exe
2010-02-17 01:01:28 261632 ----a-w- c:\windows\PEV.exe
2010-02-17 01:01:28 161792 ----a-w- c:\windows\SWREG.exe
2010-02-17 00:01:55 0 d-----w- C:\VundoFix Backups
2010-02-16 21:04:32 251 ----a-w- c:\windows\wininit.ini
2010-01-24 22:58:43 0 d-----w- c:\program files\Funcom

==================== Find3M ====================

2010-02-17 02:08:40 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-17 02:08:35 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-04 15:53:02 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00:29 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-17 22:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26:15 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:51 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-26 22:02:30 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-09-02 15:48:00 73 --sha-w- c:\windows\system32\SYSDRV004.SYS

============= FINISH: 12:42:23.07 ===============





GMER logs here:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-20 18:56:09
Windows 5.1.2600 Service Pack 3
Running: 66f5yjsv.exe; Driver: C:\DOCUME~1\Xaelya\LOCALS~1\Temp\ffnirkow.sys


---- System - GMER 1.0.15 ----

SSDT BAE86AD6 ZwCreateKey
SSDT BAE86ACC ZwCreateThread
SSDT BAE86ADB ZwDeleteKey
SSDT BAE86AE5 ZwDeleteValueKey
SSDT BAE86AEA ZwLoadKey
SSDT BAE86AB8 ZwOpenProcess
SSDT BAE86ABD ZwOpenThread
SSDT BAE86AF4 ZwReplaceKey
SSDT BAE86AEF ZwRestoreKey
SSDT BAE86AE0 ZwSetValueKey
SSDT BAE86AC7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2D58 805045F4 4 Bytes JMP BEBAE86A
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9267360, 0x34CDBF, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[3104] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- EOF - GMER 1.0.15 ----





ComboFix first log:

ComboFix 10-02-16.01 - Xaelya 02/16/2010 20:03:23.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2737 [GMT -5:00]
Running from: c:\documents and settings\Xaelya\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}
c:\documents and settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome.manifest
c:\documents and settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome\content\_cfg.js
c:\documents and settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome\content\overlay.xul
c:\documents and settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\install.rdf
c:\windows\system\msvbvm60.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 00:01 . 2010-02-17 00:01 -------- d-----w- C:\VundoFix Backups
2010-02-16 20:43 . 2010-02-16 20:43 120 ----a-w- c:\windows\Sbeminireyil.dat
2010-02-16 20:43 . 2010-02-16 20:43 0 ----a-w- c:\windows\Lcuzuciv.bin
2010-02-03 14:46 . 2010-02-03 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 04:32 . 2010-02-03 04:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:58 . 2010-01-24 22:58 -------- d-----w- c:\program files\Funcom
2010-01-21 02:27 . 2010-01-21 02:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Metaversum
2010-01-21 02:26 . 2010-01-21 02:26 -------- d-----w- c:\program files\Metaversum
2010-01-20 02:56 . 2010-01-20 17:51 -------- d-----w- c:\program files\Multiverse World Browser
2010-01-19 16:34 . 2010-01-19 16:35 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-19 15:05 . 2010-02-04 02:55 -------- d-----w- c:\program files\Entropia Universe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 00:00 . 2009-01-27 00:02 256 ----a-w- c:\windows\system32\pool.bin
2010-02-17 00:00 . 2009-04-11 23:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-16 20:58 . 2008-12-06 19:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Skype
2010-02-16 13:01 . 2008-12-06 19:13 -------- d-----w- c:\documents and settings\Xaelya\Application Data\skypePM
2010-02-10 22:36 . 2008-12-09 23:57 1 ----a-w- c:\documents and settings\Xaelya\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 04:11 . 2009-11-10 21:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Move Networks
2010-02-04 18:54 . 2009-09-23 19:08 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 18:54 . 2009-07-01 13:03 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 18:54 . 2009-07-01 13:03 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 18:54 . 2009-07-01 13:03 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 04:32 . 2008-12-06 19:12 -------- d-----w- c:\program files\Google
2010-01-31 22:20 . 2008-12-06 19:19 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SecondLife
2010-01-16 21:12 . 2010-01-16 21:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\MH GED
2010-01-16 21:06 . 2008-12-06 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:06 . 2010-01-16 21:06 -------- d-----w- c:\program files\McGraw Hill
2010-01-16 20:17 . 2009-02-09 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-16 00:29 . 2010-01-03 21:26 -------- d-----w- c:\program files\Sudoku
2010-01-13 20:48 . 2009-09-30 19:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\DivX
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 21:09 . 2009-04-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:08 . 2009-07-01 13:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 17:18 . 2009-08-17 13:33 -------- d-----w- c:\program files\Logitech
2010-01-09 02:35 . 2010-01-09 02:35 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Artogon
2010-01-09 02:35 . 2009-12-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-08 23:19 . 2010-01-08 23:18 -------- d-----w- c:\program files\Haunted Hotel
2010-01-08 23:16 . 2009-12-12 04:17 -------- d-----w- c:\program files\bfgclient
2010-01-08 22:36 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-08 00:48 . 2010-01-03 19:30 -------- d-----w- c:\program files\Hidden Wonders of the Depths
2010-01-07 21:53 . 2009-12-12 04:23 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-01-07 21:07 . 2009-04-12 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-04-12 00:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:52 . 2010-01-03 21:33 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Big Fish Games
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\Xaelya\Application Data\PlayFirst
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\Xaelya\Application Data\blg
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-01-04 02:37 . 2010-01-03 21:32 -------- d-----w- c:\program files\Burger Rush
2010-01-03 21:27 . 2010-01-03 21:27 -------- d-----w- c:\program files\Mystic Inn
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\program files\BFG
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\documents and settings\Xaelya\Application Data\demo
2010-01-03 21:09 . 2010-01-03 21:08 -------- d-----w- c:\program files\Hidden Expedition_DevilsTriangle
2010-01-03 19:38 . 2010-01-03 19:38 -------- d-----w- c:\program files\Treasure Seekers - Visions of Gold
2010-01-03 19:35 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-01-03 19:34 . 2010-01-03 19:34 -------- d-----w- c:\program files\Azada
2010-01-03 19:32 . 2010-01-03 19:32 -------- d-----w- c:\program files\Spa Mania
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Hotel Dash - Suite Success
2009-12-31 16:28 . 2009-12-31 16:27 -------- d-----w- c:\program files\Avenue Flo
2009-12-07 17:50 . 2009-04-28 23:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-30 22:53 . 2009-11-30 22:53 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-26 22:02 . 2009-11-26 22:02 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-11-23 16:03 . 2009-11-23 16:03 152576 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-23 16:03 . 2009-11-23 16:03 79488 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-09-02 15:48 . 2009-09-02 15:47 73 --sha-w- c:\windows\system32\SYSDRV004.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\Xaelya\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Hippo_OpenSim_Viewer\\Hippo_OpenSim_Viewer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metaversum\\Twinity\\bin\\Twinity.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 7:51 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2009 6:38 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [12/6/2008 4:05 AM 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/6/2008 2:54 PM 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:32 PM 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [12/6/2008 4:11 AM 13225]
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\nvLsp.dll
.
Completion time: 2010-02-16 20:07:34
ComboFix-quarantined-files.txt 2010-02-17 01:07

Pre-Run: 959,053,393,920 bytes free
Post-Run: 960,283,119,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 63B6B5C8DAA19D911A78407377BBB1BC




Combofix second log:



ComboFix 10-02-16.01 - Xaelya 02/16/2010 20:39:59.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2982 [GMT -5:00]
Running from: c:\documents and settings\Xaelya\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 )))))))))))))))))))))))))))))))
.

2010-02-17 01:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-17 01:26 . 2010-02-17 01:26 503808 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcp71.dll
2010-02-17 01:26 . 2010-02-17 01:26 499712 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\jmc.dll
2010-02-17 01:26 . 2010-02-17 01:26 348160 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcr71.dll
2010-02-17 01:26 . 2010-02-17 01:26 61440 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-sse.dll
2010-02-17 01:26 . 2010-02-17 01:26 12800 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-d3d.dll
2010-02-17 01:13 . 2010-02-17 01:13 52224 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 01:13 . 2010-02-17 01:13 117760 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 01:13 . 2010-02-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com
2010-02-17 00:01 . 2010-02-17 00:01 -------- d-----w- C:\VundoFix Backups
2010-02-16 20:43 . 2010-02-16 20:43 120 ----a-w- c:\windows\Sbeminireyil.dat
2010-02-16 20:43 . 2010-02-16 20:43 0 ----a-w- c:\windows\Lcuzuciv.bin
2010-02-03 14:46 . 2010-02-03 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 04:32 . 2010-02-03 04:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:58 . 2010-01-24 22:58 -------- d-----w- c:\program files\Funcom
2010-01-21 02:27 . 2010-01-21 02:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Metaversum
2010-01-21 02:26 . 2010-01-21 02:26 -------- d-----w- c:\program files\Metaversum
2010-01-20 02:56 . 2010-01-20 17:51 -------- d-----w- c:\program files\Multiverse World Browser
2010-01-19 16:34 . 2010-01-19 16:35 -------- d--h--w- c:\windows\msdownld.tmp
2010-01-19 15:05 . 2010-02-04 02:55 -------- d-----w- c:\program files\Entropia Universe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-17 01:38 . 2009-01-27 00:02 256 ----a-w- c:\windows\system32\pool.bin
2010-02-17 01:38 . 2009-04-11 23:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 01:37 . 2008-12-06 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Java
2010-02-17 01:12 . 2008-12-10 18:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 20:58 . 2008-12-06 19:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Skype
2010-02-16 13:01 . 2008-12-06 19:13 -------- d-----w- c:\documents and settings\Xaelya\Application Data\skypePM
2010-02-10 22:36 . 2008-12-09 23:57 1 ----a-w- c:\documents and settings\Xaelya\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 04:11 . 2009-11-10 21:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Move Networks
2010-02-04 18:54 . 2009-09-23 19:08 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 18:54 . 2009-07-01 13:03 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-04 18:54 . 2009-07-01 13:03 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-04 18:54 . 2009-07-01 13:03 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-03 04:32 . 2008-12-06 19:12 -------- d-----w- c:\program files\Google
2010-01-31 22:20 . 2008-12-06 19:19 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SecondLife
2010-01-16 21:12 . 2010-01-16 21:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\MH GED
2010-01-16 21:06 . 2008-12-06 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:06 . 2010-01-16 21:06 -------- d-----w- c:\program files\McGraw Hill
2010-01-16 20:17 . 2009-02-09 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-16 00:29 . 2010-01-03 21:26 -------- d-----w- c:\program files\Sudoku
2010-01-13 20:48 . 2009-09-30 19:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\DivX
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 21:09 . 2009-04-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:08 . 2009-07-01 13:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 17:18 . 2009-08-17 13:33 -------- d-----w- c:\program files\Logitech
2010-01-09 02:35 . 2010-01-09 02:35 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Artogon
2010-01-09 02:35 . 2009-12-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-08 23:19 . 2010-01-08 23:18 -------- d-----w- c:\program files\Haunted Hotel
2010-01-08 23:16 . 2009-12-12 04:17 -------- d-----w- c:\program files\bfgclient
2010-01-08 22:36 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-08 00:48 . 2010-01-03 19:30 -------- d-----w- c:\program files\Hidden Wonders of the Depths
2010-01-07 21:53 . 2009-12-12 04:23 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-01-07 21:07 . 2009-04-12 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-04-12 00:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:52 . 2010-01-03 21:33 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Big Fish Games
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\Xaelya\Application Data\PlayFirst
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-01-05 10:00 . 2004-08-04 01:07 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\Xaelya\Application Data\blg
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-01-04 02:37 . 2010-01-03 21:32 -------- d-----w- c:\program files\Burger Rush
2010-01-03 21:27 . 2010-01-03 21:27 -------- d-----w- c:\program files\Mystic Inn
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\program files\BFG
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\documents and settings\Xaelya\Application Data\demo
2010-01-03 21:09 . 2010-01-03 21:08 -------- d-----w- c:\program files\Hidden Expedition_DevilsTriangle
2010-01-03 19:38 . 2010-01-03 19:38 -------- d-----w- c:\program files\Treasure Seekers - Visions of Gold
2010-01-03 19:35 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-01-03 19:34 . 2010-01-03 19:34 -------- d-----w- c:\program files\Azada
2010-01-03 19:32 . 2010-01-03 19:32 -------- d-----w- c:\program files\Spa Mania
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Hotel Dash - Suite Success
2009-12-31 16:50 . 2004-08-04 01:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:28 . 2009-12-31 16:27 -------- d-----w- c:\program files\Avenue Flo
2009-12-17 22:14 . 2008-12-10 18:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-12-06 19:38 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 01:07 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 17:50 . 2009-04-28 23:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2004-08-04 01:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 22:53 . 2009-11-30 22:53 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-27 17:11 . 2004-08-04 01:07 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-26 22:02 . 2009-11-26 22:02 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-11-21 15:51 . 2004-08-04 01:07 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-09-02 15:48 . 2009-09-02 15:47 73 --sha-w- c:\windows\system32\SYSDRV004.SYS
.

((((((((((((((((((((((((((((( SnapShot@2010-02-17_01.06.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-17 01:38 . 2010-02-17 01:38 16384 c:\windows\Temp\Perflib_Perfdata_908.dat
- 2004-08-04 01:07 . 2008-04-14 00:12 75776 c:\windows\system32\strmfilt.dll
+ 2004-08-04 01:07 . 2009-10-21 05:38 75776 c:\windows\system32\strmfilt.dll
- 2004-08-04 01:07 . 2008-04-14 00:12 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 01:07 . 2009-10-12 13:38 79872 c:\windows\system32\raschap.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 44544 c:\windows\system32\pngfilt.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 44544 c:\windows\system32\pngfilt.dll
+ 2004-08-04 01:07 . 2010-02-17 01:42 78318 c:\windows\system32\perfc009.dat
- 2004-08-04 01:07 . 2010-02-17 00:04 78318 c:\windows\system32\perfc009.dat
- 2007-08-13 23:54 . 2009-08-29 07:36 52224 c:\windows\system32\msfeedsbs.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 27648 c:\windows\system32\jsproxy.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 23:39 . 2009-08-28 10:28 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 23:39 . 2009-12-31 15:33 13824 c:\windows\system32\ieudinit.exe
+ 2004-08-04 01:07 . 2010-01-05 10:00 44544 c:\windows\system32\iernonce.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 01:07 . 2009-12-31 15:33 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-04 01:07 . 2009-08-28 10:28 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 23:36 . 2009-08-29 07:36 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 23:36 . 2010-01-05 10:00 63488 c:\windows\system32\icardie.dll
+ 2004-08-04 01:07 . 2009-10-21 05:38 25088 c:\windows\system32\httpapi.dll
- 2004-08-04 01:07 . 2009-06-16 14:36 81920 c:\windows\system32\fontsub.dll
+ 2004-08-04 01:07 . 2009-10-15 16:28 81920 c:\windows\system32\fontsub.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2004-08-04 01:07 . 2009-11-27 16:07 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-08-26 07:24 . 2010-01-05 10:00 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24 . 2009-08-29 07:36 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2008-08-25 08:38 . 2009-12-31 15:33 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2008-08-25 08:38 . 2009-08-28 10:28 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2004-08-04 01:07 . 2009-08-29 07:36 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 44544 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-13 23:45 . 2010-01-05 10:00 78336 c:\windows\system32\dllcache\ieencode.dll
- 2007-08-13 23:45 . 2009-08-29 07:36 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 01:07 . 2009-12-31 15:33 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 01:07 . 2009-08-28 10:28 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2008-08-26 07:24 . 2009-08-29 07:36 63488 c:\windows\system32\dllcache\icardie.dll
+ 2008-08-26 07:24 . 2010-01-05 10:00 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 81920 c:\windows\system32\dllcache\fontsub.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2007-08-13 23:42 . 2010-01-05 10:00 17408 c:\windows\system32\dllcache\corpol.dll
- 2007-08-13 23:42 . 2009-08-29 07:36 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-10 14:13 . 2009-11-27 16:07 84992 c:\windows\system32\dllcache\avifil32.dll
- 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2010-02-17 01:12 . 2010-02-17 01:12 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-17 01:12 . 2010-02-17 01:12 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-17 01:32 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB978207-IE7\pngfilt.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 52224 c:\windows\ie7updates\KB978207-IE7\msfeedsbs.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 27648 c:\windows\ie7updates\KB978207-IE7\jsproxy.dll
+ 2010-02-17 01:32 . 2009-08-28 10:28 13824 c:\windows\ie7updates\KB978207-IE7\ieudinit.exe
+ 2010-02-17 01:32 . 2009-08-29 07:36 44544 c:\windows\ie7updates\KB978207-IE7\iernonce.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 78336 c:\windows\ie7updates\KB978207-IE7\ieencode.dll
+ 2010-02-17 01:32 . 2009-08-28 10:28 70656 c:\windows\ie7updates\KB978207-IE7\ie4uinit.exe
+ 2010-02-17 01:32 . 2009-08-29 07:36 63488 c:\windows\ie7updates\KB978207-IE7\icardie.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 17408 c:\windows\ie7updates\KB978207-IE7\corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-02-17 01:12 . 2010-02-17 01:12 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2008-12-06 19:40 . 2009-08-07 00:23 209624 c:\windows\system32\wuweb.dll
+ 2004-08-04 01:07 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 233472 c:\windows\system32\webcheck.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 233472 c:\windows\system32\webcheck.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 105984 c:\windows\system32\url.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 105984 c:\windows\system32\url.dll
+ 2004-08-04 01:07 . 2009-10-15 16:28 119808 c:\windows\system32\t2embed.dll
- 2004-08-04 01:07 . 2009-06-16 14:36 119808 c:\windows\system32\t2embed.dll
+ 2004-08-04 01:07 . 2009-12-08 09:23 474112 c:\windows\system32\shlwapi.dll
- 2004-08-04 01:07 . 2008-04-14 00:12 474112 c:\windows\system32\shlwapi.dll
+ 2004-08-04 01:07 . 2009-10-12 13:38 149504 c:\windows\system32\rastls.dll
- 2004-08-04 01:07 . 2010-02-17 00:04 462498 c:\windows\system32\perfh009.dat
+ 2004-08-04 01:07 . 2010-02-17 01:42 462498 c:\windows\system32\perfh009.dat
- 2004-08-04 01:07 . 2009-08-29 07:36 102912 c:\windows\system32\occache.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 102912 c:\windows\system32\occache.dll
- 2004-08-04 01:07 . 2008-04-14 00:12 270336 c:\windows\system32\oakley.dll
+ 2004-08-04 01:07 . 2009-10-13 10:30 270336 c:\windows\system32\oakley.dll
+ 2008-10-16 19:07 . 2009-08-07 00:23 215904 c:\windows\system32\muweb.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 671232 c:\windows\system32\mstime.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 671232 c:\windows\system32\mstime.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 193024 c:\windows\system32\msrating.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 193024 c:\windows\system32\msrating.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 477696 c:\windows\system32\mshtmled.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 459264 c:\windows\system32\msfeeds.dll
- 2007-08-13 23:54 . 2009-08-29 07:36 459264 c:\windows\system32\msfeeds.dll
+ 2008-12-06 22:32 . 2009-12-17 22:14 153376 c:\windows\system32\javaws.exe
- 2008-12-06 22:32 . 2009-10-11 09:17 145184 c:\windows\system32\javaw.exe
+ 2008-12-06 22:32 . 2009-12-17 22:14 145184 c:\windows\system32\javaw.exe
- 2008-12-06 22:32 . 2009-10-11 09:17 145184 c:\windows\system32\java.exe
+ 2008-12-06 22:32 . 2009-12-17 22:14 145184 c:\windows\system32\java.exe
+ 2007-08-13 23:34 . 2010-01-05 10:00 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 23:34 . 2009-08-29 07:36 268288 c:\windows\system32\iertutil.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 192512 c:\windows\system32\iepeers.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 385024 c:\windows\system32\iedkcs32.dll
+ 2007-07-11 17:27 . 2010-01-05 10:00 380928 c:\windows\system32\ieapfltr.dll
- 2007-07-11 17:27 . 2009-08-29 07:36 380928 c:\windows\system32\ieapfltr.dll
- 2004-08-04 01:07 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 01:07 . 2009-12-18 13:04 161792 c:\windows\system32\ieakui.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 230400 c:\windows\system32\ieaksie.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 153088 c:\windows\system32\ieakeng.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 133120 c:\windows\system32\extmgr.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 347136 c:\windows\system32\dxtmsft.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 01:07 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
+ 2008-12-06 19:40 . 2009-08-07 00:23 209624 c:\windows\system32\dllcache\wuweb.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 832512 c:\windows\system32\dllcache\wininet.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 832512 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 105984 c:\windows\system32\dllcache\url.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 105984 c:\windows\system32\dllcache\url.dll
- 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2009-06-16 14:36 . 2009-10-15 16:28 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-06 18:32 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
+ 2006-09-23 18:12 . 2009-12-08 09:23 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2006-09-23 18:12 . 2006-09-23 18:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 193024 c:\windows\system32\dllcache\msrating.dll
+ 2009-12-16 18:43 . 2009-12-16 18:43 343040 c:\windows\system32\dllcache\mspaint.exe
+ 2004-08-04 01:07 . 2010-01-05 10:00 477696 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-08-26 07:24 . 2010-01-05 10:00 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24 . 2009-08-29 07:36 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-12-06 18:34 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-12-06 19:39 . 2009-12-18 13:05 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-12-06 19:39 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
- 2008-08-26 07:24 . 2009-08-29 07:36 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-26 07:24 . 2010-01-05 10:00 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 192512 c:\windows\system32\dllcache\iepeers.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2008-08-26 07:24 . 2009-08-29 07:36 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-08-26 07:24 . 2010-01-05 10:00 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2004-08-04 01:07 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 01:07 . 2009-12-18 13:04 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
- 2004-08-04 01:07 . 2009-08-29 07:36 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 124928 c:\windows\system32\advpack.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 124928 c:\windows\system32\advpack.dll
+ 2010-02-17 01:26 . 2010-02-17 01:26 178176 c:\windows\Installer\4f778f.msi
+ 2010-02-17 01:32 . 2009-08-29 07:36 832512 c:\windows\ie7updates\KB978207-IE7\wininet.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 233472 c:\windows\ie7updates\KB978207-IE7\webcheck.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 105984 c:\windows\ie7updates\KB978207-IE7\url.dll
+ 2010-02-17 01:32 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB978207-IE7\spuninst\updspapi.dll
+ 2010-02-17 01:32 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB978207-IE7\spuninst\spuninst.exe
+ 2010-02-17 01:32 . 2009-08-29 07:36 102912 c:\windows\ie7updates\KB978207-IE7\occache.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 671232 c:\windows\ie7updates\KB978207-IE7\mstime.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 193024 c:\windows\ie7updates\KB978207-IE7\msrating.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 477696 c:\windows\ie7updates\KB978207-IE7\mshtmled.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 459264 c:\windows\ie7updates\KB978207-IE7\msfeeds.dll
+ 2010-02-17 01:32 . 2009-08-27 05:18 634648 c:\windows\ie7updates\KB978207-IE7\iexplore.exe
+ 2010-02-17 01:32 . 2009-08-29 07:36 268288 c:\windows\ie7updates\KB978207-IE7\iertutil.dll
+ 2010-02-17 01:32 . 2007-08-13 23:54 191488 c:\windows\ie7updates\KB978207-IE7\iepeers.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 385024 c:\windows\ie7updates\KB978207-IE7\iedkcs32.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 380928 c:\windows\ie7updates\KB978207-IE7\ieapfltr.dll
+ 2010-02-17 01:32 . 2009-08-27 05:18 161792 c:\windows\ie7updates\KB978207-IE7\ieakui.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 230400 c:\windows\ie7updates\KB978207-IE7\ieaksie.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 153088 c:\windows\ie7updates\KB978207-IE7\ieakeng.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 133120 c:\windows\ie7updates\KB978207-IE7\extmgr.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 214528 c:\windows\ie7updates\KB978207-IE7\dxtrans.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 347136 c:\windows\ie7updates\KB978207-IE7\dxtmsft.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 124928 c:\windows\ie7updates\KB978207-IE7\advpack.dll
+ 2008-12-06 18:34 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
- 2004-08-04 01:07 . 2009-08-29 07:36 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 3599360 c:\windows\system32\mshtml.dll
- 2007-08-13 23:54 . 2009-08-29 07:36 6067200 c:\windows\system32\ieframe.dll
+ 2007-08-13 23:54 . 2010-01-05 10:00 6067200 c:\windows\system32\ieframe.dll
- 2004-08-04 01:07 . 2009-08-29 07:36 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 01:07 . 2010-01-05 10:00 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-11-27 17:11 1291776 c:\windows\system32\dllcache\quartz.dll
+ 2008-12-06 18:32 . 2009-12-08 19:27 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-12-06 18:32 . 2009-08-05 01:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-12-06 18:32 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-12-06 18:32 . 2009-12-08 18:43 2023936 c:\windows\system32\dllcache\ntkrpamp.exe
- 2008-12-06 18:32 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-12-06 18:32 . 2009-12-08 18:43 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-12-06 18:32 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-12-06 18:32 . 2009-12-08 19:26 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-04 01:07 . 2010-01-05 10:00 3599360 c:\windows\system32\dllcache\mshtml.dll
- 2008-10-03 17:41 . 2009-08-29 07:36 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-03 17:41 . 2010-01-05 10:00 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2010-02-17 01:12 . 2010-02-17 01:12 1583616 c:\windows\Installer\42ec17.msi
+ 2010-02-17 01:32 . 2009-08-29 07:36 1168384 c:\windows\ie7updates\KB978207-IE7\urlmon.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 3598336 c:\windows\ie7updates\KB978207-IE7\mshtml.dll
+ 2010-02-17 01:32 . 2009-08-29 07:36 6067200 c:\windows\ie7updates\KB978207-IE7\ieframe.dll
+ 2008-12-06 18:32 . 2009-12-08 19:27 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-12-06 18:32 . 2009-08-05 01:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-12-06 18:32 . 2009-12-08 18:43 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-12-06 18:32 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-12-06 18:32 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-12-06 18:32 . 2009-12-08 18:43 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-12-06 18:32 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-12-06 18:32 . 2009-12-08 19:26 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-12-06 18:39 . 2010-02-01 16:26 30364104 c:\windows\system32\MRT.exe
+ 2010-02-17 01:32 . 2010-02-17 01:32 15710720 c:\windows\Installer\4f7796.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\Xaelya\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Hippo_OpenSim_Viewer\\Hippo_OpenSim_Viewer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metaversum\\Twinity\\bin\\Twinity.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 7:51 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2009 6:38 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [12/6/2008 4:05 AM 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/6/2008 2:54 PM 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:32 PM 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [12/6/2008 4:11 AM 13225]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 18:54]

2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]

2010-02-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-16 20:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-16 20:45:23
ComboFix-quarantined-files.txt 2010-02-17 01:45
ComboFix2.txt 2010-02-17 01:07

Pre-Run: 959,750,352,896 bytes free
Post-Run: 959,716,388,864 bytes free

- - End Of File - - EE067829FCD466A66FF1FA3C34E2E8B9


Combofix quarantined files log:

2010-02-17 01:04:51 . 2010-02-17 02:00:33 8,616 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-02-17 01:00:42 . 2010-02-17 01:59:02 204 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-02-16 20:43:41 . 2010-02-16 20:43:41 6,778 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome\content\overlay.xul.vir
2010-02-16 20:43:41 . 2010-02-16 20:43:41 2,030 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome\content\_cfg.js.vir
2010-02-16 20:43:41 . 2010-02-16 20:43:41 764 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\install.rdf.vir
2010-02-16 20:43:41 . 2010-02-16 20:43:41 122 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Xaelya\Local Settings\Application Data\{86194D36-F4F3-41CB-B7F8-12B07861DCD2}\chrome.manifest.vir
2009-09-02 15:22:24 . 2000-08-21 04:00:00 1,388,544 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system\Msvbvm60.dll.vir

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 21 February 2010 - 06:32 AM

Hello, Xae
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/296482/vundohvirtumondeprx-and-others/

Collect::
c:\windows\Sbeminireyil.dat
c:\windows\Lcuzuciv.bin


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.







Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 21 February 2010 - 02:43 PM

Hi Tom,
Thanks a lot for your help. I'll be posting the logs you asked for in the same order you gave. Although I didn't have an option to export the ESET log as you instructed so I'm going to put the one from C:\Program Files\ESET\ESET Online Scanner\log.txt.
Also combofix crashed the computer when I ran the script into it the first time (blue screen for a couple seconds then restarted on its own). The second time it went fine.


ComboFix log:



ComboFix 10-02-20.04 - Xaelya 02/21/2010 10:56:14.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2826 [GMT -5:00]
Running from: c:\documents and settings\Xaelya\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Xaelya\Desktop\CFScript.txt.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-17 02:48 . 2005-08-26 00:18 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-02-17 02:48 . 2010-02-17 02:51 -------- d-----w- c:\program files\SpywareBlaster
2010-02-17 02:08 . 2010-02-17 02:08 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-17 02:08 . 2010-02-17 02:08 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-17 02:07 . 2010-02-17 02:07 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-17 02:07 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-17 01:29 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-02-17 01:26 . 2010-02-17 01:26 503808 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcp71.dll
2010-02-17 01:26 . 2010-02-17 01:26 499712 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\jmc.dll
2010-02-17 01:26 . 2010-02-17 01:26 348160 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61362516-n\msvcr71.dll
2010-02-17 01:26 . 2010-02-17 01:26 61440 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-sse.dll
2010-02-17 01:26 . 2010-02-17 01:26 12800 ----a-w- c:\documents and settings\Xaelya\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-71a749c3-n\decora-d3d.dll
2010-02-17 01:13 . 2010-02-17 01:13 52224 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-17 01:13 . 2010-02-17 01:13 117760 ----a-w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-17 01:13 . 2010-02-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-17 01:12 . 2010-02-17 01:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SUPERAntiSpyware.com
2010-02-17 00:01 . 2010-02-17 00:01 -------- d-----w- C:\VundoFix Backups
2010-02-03 14:46 . 2010-02-03 14:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 04:32 . 2010-02-03 04:32 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-01-24 22:58 . 2010-01-24 22:58 -------- d-----w- c:\program files\Funcom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 15:47 . 2009-01-27 00:02 256 ----a-w- c:\windows\system32\pool.bin
2010-02-21 15:46 . 2009-04-11 23:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-17 17:52 . 2009-02-09 00:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-17 02:07 . 2009-02-09 00:49 -------- d-----w- c:\program files\Lavasoft
2010-02-17 01:37 . 2008-12-06 18:38 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Common Files\Java
2010-02-17 01:26 . 2008-12-06 22:31 -------- d-----w- c:\program files\Java
2010-02-17 01:12 . 2008-12-10 18:29 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-16 20:58 . 2008-12-06 19:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Skype
2010-02-16 13:01 . 2008-12-06 19:13 -------- d-----w- c:\documents and settings\Xaelya\Application Data\skypePM
2010-02-10 22:36 . 2008-12-09 23:57 1 ----a-w- c:\documents and settings\Xaelya\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-05 04:11 . 2009-11-10 21:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Move Networks
2010-02-04 18:54 . 2009-09-23 19:08 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 15:53 . 2009-02-09 00:51 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-04 02:55 . 2010-01-19 15:05 -------- d-----w- c:\program files\Entropia Universe
2010-02-03 04:32 . 2008-12-06 19:12 -------- d-----w- c:\program files\Google
2010-01-31 22:20 . 2008-12-06 19:19 -------- d-----w- c:\documents and settings\Xaelya\Application Data\SecondLife
2010-01-27 18:54 . 2009-07-01 13:03 8 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-21 02:27 . 2010-01-21 02:27 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Metaversum
2010-01-21 02:26 . 2010-01-21 02:26 -------- d-----w- c:\program files\Metaversum
2010-01-20 17:51 . 2010-01-20 02:56 -------- d-----w- c:\program files\Multiverse World Browser
2010-01-16 21:12 . 2010-01-16 21:12 -------- d-----w- c:\documents and settings\Xaelya\Application Data\MH GED
2010-01-16 21:06 . 2008-12-06 19:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-16 21:06 . 2010-01-16 21:06 -------- d-----w- c:\program files\McGraw Hill
2010-01-16 00:29 . 2010-01-03 21:26 -------- d-----w- c:\program files\Sudoku
2010-01-13 20:48 . 2009-09-30 19:04 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\DivX
2010-01-13 03:22 . 2010-01-13 03:22 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-12 21:09 . 2009-04-12 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 21:08 . 2009-07-01 13:35 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-11 17:18 . 2009-08-17 13:33 -------- d-----w- c:\program files\Logitech
2010-01-09 02:35 . 2010-01-09 02:35 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Artogon
2010-01-09 02:35 . 2009-12-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2010-01-08 23:19 . 2010-01-08 23:18 -------- d-----w- c:\program files\Haunted Hotel
2010-01-08 23:16 . 2009-12-12 04:17 -------- d-----w- c:\program files\bfgclient
2010-01-08 22:36 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mystery Case Files - Huntsville
2010-01-08 00:48 . 2010-01-03 19:30 -------- d-----w- c:\program files\Hidden Wonders of the Depths
2010-01-07 21:53 . 2009-12-12 04:23 -------- d-----w- c:\program files\Megaplex Madness - Now Playing
2010-01-07 21:07 . 2009-04-12 00:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-04-12 00:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 23:52 . 2010-01-03 21:33 -------- d-----w- c:\documents and settings\Xaelya\Application Data\Big Fish Games
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\Xaelya\Application Data\PlayFirst
2010-01-06 04:47 . 2010-01-02 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2010-01-05 10:00 . 2004-08-04 01:07 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 01:07 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\Xaelya\Application Data\blg
2010-01-05 03:22 . 2010-01-05 03:22 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2010-01-04 02:37 . 2010-01-03 21:32 -------- d-----w- c:\program files\Burger Rush
2010-01-03 21:27 . 2010-01-03 21:27 -------- d-----w- c:\program files\Mystic Inn
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\program files\BFG
2010-01-03 21:26 . 2010-01-03 21:26 -------- d-----w- c:\documents and settings\Xaelya\Application Data\demo
2010-01-03 21:09 . 2010-01-03 21:08 -------- d-----w- c:\program files\Hidden Expedition_DevilsTriangle
2010-01-03 19:38 . 2010-01-03 19:38 -------- d-----w- c:\program files\Treasure Seekers - Visions of Gold
2010-01-03 19:35 . 2010-01-03 19:35 -------- d-----w- c:\program files\Mahjong Towers Eternity
2010-01-03 19:34 . 2010-01-03 19:34 -------- d-----w- c:\program files\Azada
2010-01-03 19:32 . 2010-01-03 19:32 -------- d-----w- c:\program files\Spa Mania
2010-01-02 01:49 . 2010-01-02 01:49 -------- d-----w- c:\program files\Hotel Dash - Suite Success
2009-12-31 16:50 . 2004-08-04 01:07 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-31 16:28 . 2009-12-31 16:27 -------- d-----w- c:\program files\Avenue Flo
2009-12-17 22:14 . 2008-12-10 18:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 18:43 . 2008-12-06 19:38 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 01:07 2145280 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-07 17:50 . 2009-04-28 23:38 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-04 18:22 . 2004-08-04 01:07 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-30 22:53 . 2009-11-30 22:53 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-27 17:11 . 2004-08-04 01:07 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-26 22:02 . 2009-11-26 22:02 236160 ----a-w- c:\windows\EasyGifAnimator_Toolbar_Uninstaller_2375.exe
2009-09-02 15:48 . 2009-09-02 15:47 73 --sha-w- c:\windows\system32\SYSDRV004.SYS
.

((((((((((((((((((((((((((((( SnapShot_2010-02-17_01.44.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 15:46 . 2010-02-21 15:46 16384 c:\windows\Temp\Perflib_Perfdata_1d4.dat
+ 2004-08-04 01:07 . 2010-02-21 15:50 78318 c:\windows\system32\perfc009.dat
- 2004-08-04 01:07 . 2010-02-17 01:42 78318 c:\windows\system32\perfc009.dat
+ 2009-02-09 01:19 . 2010-02-17 02:08 15880 c:\windows\system32\lsdelete.exe
- 2009-02-09 01:19 . 2009-10-29 17:55 15880 c:\windows\system32\lsdelete.exe
- 2009-10-15 17:54 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-10-15 17:54 . 2010-02-04 15:53 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-10-29 17:55 . 2010-02-17 02:08 95024 c:\windows\system32\drivers\SBREDrv.sys
- 2008-12-06 19:44 . 2010-02-16 20:39 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 19:44 . 2010-02-17 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-06 19:44 . 2010-02-17 02:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-06 19:44 . 2010-02-16 20:39 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-17 02:07 . 2010-02-17 02:07 29926 c:\windows\Installer\{338F08AB-C262-42C7-B000-34DE1A475273}\_6FEFF9B68218417F98F549.exe
+ 2009-07-12 05:02 . 2009-07-12 05:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 05:02 . 2009-07-12 05:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 05:05 . 2009-07-12 05:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2004-08-04 01:07 . 2010-02-21 15:51 462498 c:\windows\system32\perfh009.dat
- 2004-08-04 01:07 . 2010-02-17 01:42 462498 c:\windows\system32\perfh009.dat
+ 2010-02-17 02:07 . 2010-02-17 02:07 167424 c:\windows\Installer\1af13c.msi
+ 2010-02-17 02:07 . 2010-02-17 02:07 1859072 c:\windows\Installer\1af132.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-07 16862208]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2008-01-28 1413120]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-12-01 881152]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2007-11-20 147456]
"Diamondback"="c:\program files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 147456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-07-13 57344]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-02-17 815184]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

c:\documents and settings\Xaelya\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Desktop Manager.lnk - c:\program files\Research In Motion\BlackBerry\DesktopMgr.exe [2007-11-12 1447184]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-09-03 21:17 3342336 ----a-w- c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\Program Files\\SecondLifeReleaseCandidate\\SLVoice.exe"=
"c:\\Program Files\\SecondLife\\SecondLife.exe"=
"c:\\Program Files\\Roxio\\Media Manager 9\\MediaManager9.exe"=
"c:\\Program Files\\Roxio\\Digital Home 9\\RoxioUPnPRenderer9.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Hippo_OpenSim_Viewer\\Hippo_OpenSim_Viewer.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Metaversum\\Twinity\\bin\\Twinity.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/8/2009 7:51 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/28/2009 6:38 PM 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [12/6/2008 4:05 AM 16128]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [12/6/2008 2:54 PM 38560]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 11:32 PM 135664]
S3 Razerlow;Diamondback 3G USB Filter Driver;c:\windows\system32\drivers\DB3G.sys [12/6/2008 4:11 AM 13225]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 02:08]

2010-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 04:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {F6F31691-C6C1-4122-9B60-95975A5B74C2} = 137.118.1.32,137.118.1.33
DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} - hxxp://apps.vivaty.com/downloads/player/Vivaty%20Player%20for%20Viewing%203D%20Content.cab
DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} - hxxp://aolsvc.aol.com/onlinegames/free-trial-fashion-dash/fashiondashweb.1.0.0.21.cab
DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dairy-dash/DairyDashWeb.1.0.0.16.cab
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
DPF: {D40F5876-A494-4124-8161-82625BB28C06} - hxxp://aolsvc.aol.com/onlinegames/free-trial-chocolatier-2-secret-ingredients/Chocolatier2Web.1.0.0.14.cab
DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} - hxxp://aolsvc.aol.com/onlinegames/free-trial-dress-shop-hop/DressShopHopWeb.1.0.0.9.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(620)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\nvLsp.dll

- - - - - - - > 'explorer.exe'(1956)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-21 11:01:28
ComboFix-quarantined-files.txt 2010-02-21 16:01
ComboFix2.txt 2010-02-21 15:24
ComboFix3.txt 2010-02-17 02:02
ComboFix4.txt 2010-02-17 01:45
ComboFix5.txt 2010-02-21 15:43

Pre-Run: 959,606,923,264 bytes free
Post-Run: 959,560,478,720 bytes free

- - End Of File - - 6F0A613D161C42B5EDFE173FE32D4712




Malwarebytes log:


Malwarebytes' Anti-Malware 1.44
Database version: 3770
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

2/21/2010 10:37:32 AM
mbam-log-2010-02-21 (10-37-32).txt

Scan type: Quick Scan
Objects scanned: 113269
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




ESET Online Scan log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=7.00.6000.16981 (vista_gdr.091215-2244)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=3c42895e9efb024ea65398bbbc9b93aa
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-21 05:11:18
# local_time=2010-02-21 12:11:18 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 36243033 36243033 0 0
# compatibility_mode=768 16777215 100 0 37267221 37267221 0 0
# compatibility_mode=1797 16775141 100 100 0 42266096 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109145
# found=0
# cleaned=0
# scan_time=3821




OTL.txt log:


OTL logfile created on: 2/21/2010 2:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Xaelya\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 893.59 Gb Free Space | 95.93% Space Free | Partition Type: NTFS
Drive D: | 33.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D60C9E255B
Current User Name: Xaelya
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
PRC - [2010/02/16 21:08:08 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/07/08 16:41:02 | 002,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/07 02:39:52 | 016,862,208 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2008/04/13 19:12:41 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/31 03:30:58 | 000,614,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/07 13:28:02 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 16:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe
PRC - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2006/04/18 01:41:24 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/03 20:07:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
MOD - [2009/11/21 10:51:04 | 000,471,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\aclayers.dll
MOD - [2008/04/13 19:12:05 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shimeng.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/02 23:32:37 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/23 21:51:35 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Stopped] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/08/16 08:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/02/08 20:36:10 | 000,292,138 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Xaelya\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab (Reg Error: Key error.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.16.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1266370060343 (WUWebControl Class)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1266370053406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.14.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://aolsvc.aol.com/onlinegames/free-tri...Web.1.0.0.9.cab (CPlayFirstDressShopHControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/06 14:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 11:22:51 | 000,000,043 | RH-- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 09:25:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56016913389584384)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/21 14:23:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/21 10:55:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/21 10:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/17 12:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Desktop\pics
[2010/02/16 23:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\My Documents\gmer
[2010/02/16 21:56:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xaelya\Recent
[2010/02/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/16 21:07:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 21:07:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/02/16 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/16 20:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/16 20:02:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/16 20:01:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/16 20:01:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/16 20:01:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/16 20:01:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/16 20:00:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/16 19:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 19:01:55 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/02/03 09:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/02 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/11 18:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/08 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/26 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/01/13 01:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/12 17:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/06 14:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 13:54:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/21 13:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/21 11:01:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/21 11:00:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 10:51:00 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/21 10:50:59 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/21 10:50:59 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/21 10:47:11 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/21 10:46:39 | 000,197,602 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/21 10:46:34 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/21 10:46:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/21 10:42:28 | 003,866,973 | R--- | M] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/20 19:32:42 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Xaelya\NTUSER.DAT
[2010/02/20 19:32:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Xaelya\ntuser.ini
[2010/02/20 12:00:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/20 11:59:45 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\dds.scr
[2010/02/20 11:55:23 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/16 23:32:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:08:40 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/16 21:08:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/16 21:07:34 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/16 19:29:03 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 17:14:30 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\CCleaner.lnk
[2010/02/16 16:04:33 | 000,000,251 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/15 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 13:53:10 | 000,133,396 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:49:00 | 000,133,060 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:44:01 | 000,134,119 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 13:03:10 | 000,132,765 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:37 | 000,124,603 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:24 | 000,263,877 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:49 | 000,243,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:08 | 000,275,956 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:45 | 000,286,955 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:18 | 000,258,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:03 | 000,173,615 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:16 | 000,153,103 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[2010/02/09 13:49:26 | 000,145,394 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia.jpg
[2010/02/09 13:48:55 | 000,024,035 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 10.jpg
[2010/02/09 13:48:43 | 000,021,793 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 8.jpg
[2010/02/09 13:34:12 | 000,039,882 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 15.jpg
[2010/02/08 22:38:57 | 000,285,788 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.jpg
[2010/02/08 22:37:15 | 000,275,978 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.jpg
[2010/02/08 22:36:40 | 002,278,043 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.png
[2010/02/08 22:15:11 | 001,137,115 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_008.png
[2010/02/08 22:10:46 | 001,332,137 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_007.png
[2010/02/08 22:09:04 | 001,131,203 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_006.png
[2010/02/08 22:07:16 | 001,006,706 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_005.png
[2010/02/08 21:59:34 | 001,058,321 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_004.png
[2010/02/08 21:01:41 | 001,478,195 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_003.png
[2010/02/08 21:00:01 | 001,652,286 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.png
[2010/02/08 19:37:44 | 001,581,484 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001.png
[2010/02/08 12:51:02 | 000,014,261 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\valley of the shadow.docx
[2010/02/08 00:09:17 | 000,227,911 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.jpg
[2010/02/08 00:08:31 | 000,255,677 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.jpg
[2010/02/07 23:46:59 | 001,079,913 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.png
[2010/02/07 23:37:09 | 001,451,794 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.png
[2010/02/07 19:24:38 | 001,101,277 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Bang meditating to the eebil spirits_001.png
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/20 12:00:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/16 23:33:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\gmer.exe
[2010/02/16 23:32:24 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:07:34 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/02/16 20:02:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/16 20:01:28 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/16 20:01:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/16 20:01:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/16 20:01:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/16 20:01:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/16 19:35:38 | 003,866,973 | R--- | C] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/16 19:29:02 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 16:04:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/15 13:53:07 | 000,133,396 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:48:58 | 000,133,060 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:42:41 | 000,134,119 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 12:59:44 | 000,132,765 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:23 | 000,124,603 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:22 | 000,263,877 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:48 | 000,243,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:07 | 000,275,956 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:44 | 000,286,955 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:16 | 000,258,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:02 | 000,173,615 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:15 | 000,153,103 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[2010/02/09 13:49:22 | 000,145,394 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia.jpg
[2010/02/09 13:48:54 | 000,024,035 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 10.jpg
[2010/02/09 13:48:42 | 000,021,793 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 8.jpg
[2010/02/09 13:34:10 | 000,039,882 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Picture 15.jpg
[2010/02/08 22:38:55 | 000,285,788 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.jpg
[2010/02/08 22:37:10 | 000,275,978 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.jpg
[2010/02/08 22:36:32 | 002,278,043 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001-2.png
[2010/02/08 22:15:11 | 001,137,115 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_008.png
[2010/02/08 22:10:46 | 001,332,137 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_007.png
[2010/02/08 22:09:04 | 001,131,203 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_006.png
[2010/02/08 22:07:16 | 001,006,706 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_005.png
[2010/02/08 21:59:34 | 001,058,321 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_004.png
[2010/02/08 21:01:41 | 001,478,195 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_003.png
[2010/02/08 21:00:01 | 001,652,286 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_002.png
[2010/02/08 19:37:44 | 001,581,484 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Core in bed_001.png
[2010/02/08 12:51:01 | 000,014,261 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\valley of the shadow.docx
[2010/02/08 00:09:09 | 000,227,911 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.jpg
[2010/02/08 00:08:28 | 000,255,677 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.jpg
[2010/02/07 23:46:59 | 001,079,913 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_002.png
[2010/02/07 23:37:09 | 001,451,794 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ashalia's frist appearance_001.png
[2010/02/07 19:24:38 | 001,101,277 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Bang meditating to the eebil spirits_001.png
[2009/11/26 19:45:33 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\libmng.dll
[2009/09/02 10:47:45 | 000,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2009/09/02 10:47:43 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Xaelya\Application Data\Karaoke-Sing-n-Burn.INI
[2009/09/02 10:47:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2009/08/17 08:34:26 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/08/17 08:34:26 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/25 14:04:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/07 15:31:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/07 15:31:37 | 000,007,023 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/30 10:12:38 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Xaelya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 08:43:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/18 08:43:14 | 000,000,441 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/18 08:42:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2008/12/18 08:42:44 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2008/12/06 15:01:12 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/06 15:01:12 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/06 15:01:09 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/06 15:01:09 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/06 14:47:14 | 000,037,017 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/12/06 14:46:41 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/06 14:46:34 | 000,036,059 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/06 14:46:34 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/06 14:10:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/06 14:10:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/06 14:10:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/06 14:10:24 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/06 14:10:24 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/06 14:10:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/06 14:10:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/27 00:18:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/27 00:18:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/27 00:18:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/27 00:18:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/27 00:18:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/08/03 20:07:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2004/08/03 20:07:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2004/08/03 20:07:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2004/08/03 20:07:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2004/08/03 20:07:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/04 18:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/12 00:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/01/07 15:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/12/06 14:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/09/02 10:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/06 04:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2010/02/21 10:46:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/06 03:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/06 03:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/16 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/16 21:07:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/30 18:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/17 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/08 21:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Artogon
[2009/08/28 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Auslogics
[2010/01/06 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Big Fish Games
[2009/11/10 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Blender Foundation
[2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\blg
[2010/01/03 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\demo
[2009/09/02 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Focus Mp3 Recorder
[2009/04/11 19:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\GetRightToGo
[2009/05/19 10:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Hippo_OpenSim_Viewer
[2009/01/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MAGIX
[2010/01/20 21:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Metaversum
[2010/01/16 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MH GED
[2008/12/09 18:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\OpenOffice.org
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\PlayFirst
[2009/01/26 19:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Research In Motion
[2010/01/31 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\SecondLife
[2008/12/06 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Desktop Search
[2009/01/08 09:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Search
[2010/02/21 13:54:53 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 20:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 20:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 20:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >





Extra.txt log:




OTL Extras logfile created on: 2/21/2010 2:24:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Xaelya\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 893.59 Gb Free Space | 95.93% Space Free | Partition Type: NTFS
Drive D: | 33.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D60C9E255B
Current User Name: Xaelya
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe" = C:\Program Files\SecondLifeReleaseCandidate\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\Program Files\SecondLife\SecondLife.exe" = C:\Program Files\SecondLife\SecondLife.exe:*:Enabled:Second Life -- (Linden Lab)
"C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe" = C:\Program Files\Roxio\Media Manager 9\MediaManager9.exe:*:Enabled:MediaManager9 Module -- (Sonic Solutions)
"C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe" = C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe:*:Enabled:RoxioUPnPRenderer9 -- (Sonic Solutions)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Hippo_OpenSim_Viewer\Hippo_OpenSim_Viewer.exe" = C:\Program Files\Hippo_OpenSim_Viewer\Hippo_OpenSim_Viewer.exe:*:Enabled:Hippo OpenSim Viewer -- (Linden Lab)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager -- (Electronic Arts)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Metaversum\Twinity\bin\Twinity.exe" = C:\Program Files\Metaversum\Twinity\bin\Twinity.exe:*:Enabled:Twinity -- (Metaversum)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 18
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{685C7EBA-82F4-44F8-9514-911A69850DA3}" = Express Gate
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{AF5A39FE-51FB-4BA3-B399-2D1F0C65D617}_is1" = AusLogics System Information
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{e7394a0f-3f80-45b1-87fc-abcd51893246}" = Python 2.6.4
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"593AFD5277FA19E67C70E56534B45B0DDD9ED9FE" = Windows Driver Package - Razer (HidUsb) HIDClass (01/11/2007 1.0)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AFD653D92C0CA9E8F375124D6A0B19FFBA89B1D2" = Windows Driver Package - Razer (Razerlow) HIDClass (03/07/2007 1.0.0.2)
"Anarchy Online_is1" = Anarchy Online
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Avenue Flo" = Avenue Flo
"BFG-Azada" = Azada &reg;
"BFG-Burger Rush" = Burger Rush
"BFG-Burger Shop 2" = Burger Shop 2
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Hidden Expedition - Devils Triangle" = Hidden Expedition &reg; - Devil's Triangle
"BFG-Hidden Expedition - Everest" = Hidden Expedition: Everest ™
"BFG-Hidden Wonders of the Depths" = Hidden Wonders of the Depths
"BFG-Hotel Dash - Suite Success" = Hotel Dash: Suite Success
"BFG-Mahjong Towers Eternity" = Mahjong Towers Eternity
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BFG-Mystery Case Files - Huntsville" = Mystery Case Files: Huntsville ™
"BFG-Mystic Inn" = Mystic Inn ™
"BFG-Spa Mania" = Spa Mania
"BFG-Treasure Seekers - Visions of Gold" = Treasure Seekers: Visions of Gold ™
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"BlackBerry_{C178B38F-613A-4EFE-B718-A675BD27A1E1}" = BlackBerry Desktop Software 4.3
"Blender" = Blender (remove only)
"Burger Shop_is1" = Burger Shop
"CCleaner" = CCleaner
"Clickable Card" = Clickable Card
"EADM" = EA Download Manager
"Easy Gif Animator Extension" = Easy Gif Animator Extension
"Easy GIF Animator_is1" = Easy GIF Animator 5.02
"Entropia Universe10.6.4.39182" = Entropia Universe
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"GMG 4" = Gif Movie Gear 4
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{F63A3F0E-BE83-43E4-A9A2-153E877A857C}" = McGraw-Hill's GED
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4
"Lexmark 1200 Series" = Lexmark 1200 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PhotoFiltre Studio" = PhotoFiltre Studio
"QcDrv" = Logitech® Camera Driver
"Registry Mechanic_is1" = Registry Mechanic 8.0
"SecondLife" = SecondLife (remove only)
"SecondLifeReleaseCandidate" = SecondLifeReleaseCandidate (remove only)
"Sound Forge 5.0" = Sound Forge 5.0
"SpeedFan" = SpeedFan (remove only)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"Twinity" = Twinity (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2010 12:54:08 AM | Computer Name = HOME-D60C9E255B | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15281, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/17/2010 11:38:27 AM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/17/2010 12:37:31 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 1:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 2:37:21 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 3:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 4:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 5:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 6:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

Error - 2/20/2010 7:37:05 PM | Computer Name = HOME-D60C9E255B | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 2/16/2010 9:03:17 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/16/2010 9:39:46 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/20/2010 6:08:26 PM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the JavaQuickStarterService service.

Error - 2/21/2010 11:18:46 AM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).

Error - 2/21/2010 11:47:24 AM | Computer Name = HOME-D60C9E255B | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 bac012a4, parameter2 000000ff, parameter3
00000008, parameter4 bac012a4.

Error - 2/21/2010 11:56:03 AM | Computer Name = HOME-D60C9E255B | Source = Service Control Manager | ID = 7034
Description = The ForceWare IP service service terminated unexpectedly. It has
done this 1 time(s).


< End of report >

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 22 February 2010 - 03:19 PM

Hi,

Please attach C:\Qoobox\

Combofix2.txt
Combofix3.txt
Combofix4.txt
Combofix5.txt

in your next reply.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 22 February 2010 - 04:09 PM

Attaching files requested to my reply.

Thank you,

Xae

Attached Files


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 23 February 2010 - 02:51 PM

How is it running now? smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 23 February 2010 - 03:04 PM

Hi Tom,

Well from the short times I spent on that computer lately (mostly using another one until I get the all clean) I would say it's still running kinda slow and it seems like it crashes a lot...which wasn't the case before. :s

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 24 February 2010 - 02:04 PM

Hi,


We need to repair some of windows' internal registration settings
  1. Please download Dial-A-Fix from one of the following mirrors:
  2. Extract the zip file to your desktop.
  3. Double click Dial-a-Fix.exe to start the program.
  4. Press the green double checkmark box (Looks like this: )
  5. UNcheck "Empty Temp Folders", as well as "Adjust Time/Date" in the prep section. The prep section should then look like this:
  6. When the window looks like this, press the GO button in the bottom of the window.
  7. Exit/Close Dial-A-Fix



Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 24 February 2010 - 02:20 PM

Hi Tom,

I will be switching to the desktop in a few minutes to perform the tasks you asked me to. I'll be posting the OTL log ASAP.

I have a question though, some stuff in the OTL log caught my eye, are those files legitimate? I mean... I don't go to adult sites so it's kinda weird there are those links down below in my host file. Also I've read wininit.ini is not part of XP somewhere, is it true?

[2010/02/16 20:01:28 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/16 20:01:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/16 20:01:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/16 20:01:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/16 20:01:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/16 16:04:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/16 20:01:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/16 20:01:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/16 20:01:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/16 20:01:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

+ 2010-02-17 01:12 . 2010-02-17 01:12 65024 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2010-02-17 01:12 . 2010-02-17 01:12 18944 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2010-02-17 01:12 . 2010-02-17 01:12 5120 c:\windows\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF16.exe
+ 2010-02-17 01:38 . 2010-02-17 01:38 16384 c:\windows\Temp\Perflib_Perfdata_908.dat

O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com

Thanks for your help.

Xae

#14 Xae

Xae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
    •  
  • Local time:05:05 PM

Posted 24 February 2010 - 02:46 PM

Hi again,

I ran the Dial-A-Fix tool as instructed.

Thank you,

Xae

OTL log:


OTL logfile created on: 2/24/2010 2:40:24 PM - Run 2
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Documents and Settings\Xaelya\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 893.53 Gb Free Space | 95.92% Space Free | Partition Type: NTFS
Drive D: | 33.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D60C9E255B
Current User Name: Xaelya
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
PRC - [2010/02/16 21:08:08 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2009/12/18 08:05:43 | 000,634,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/11/12 16:33:10 | 000,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/30 17:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 17:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/07/08 16:41:02 | 002,828,184 | ---- | M] (PC Tools) -- C:\Program Files\Registry Mechanic\RegMech.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/05/07 02:39:52 | 016,862,208 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/31 03:30:58 | 000,614,400 | R--- | M] () -- C:\Program Files\ASUS\AASP\1.00.61\aaCenter.exe
PRC - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Program Files\bin32\nSvcAppFlt.exe
PRC - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Program Files\bin32\nSvcIp.exe
PRC - [2008/01/28 12:55:10 | 001,413,120 | ---- | M] () -- C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
PRC - [2008/01/07 13:28:02 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2007/11/20 16:53:36 | 000,147,456 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2007/08/01 14:07:06 | 000,147,456 | ---- | M] () -- C:\Program Files\Razer\Diamondback 3G\razerhid.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/02/14 11:11:18 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files\Razer\Diamondback 3G\razerofa.exe
PRC - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2006/04/18 01:41:24 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2005/07/19 16:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 14:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 13:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/08/03 20:07:00 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/16 21:08:07 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/02 23:32:37 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/17 17:14:11 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/12 16:33:00 | 000,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/08/05 10:00:38 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/09 11:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/06/09 10:06:36 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/04/23 21:51:35 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 10:17:38 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/12 14:54:00 | 000,163,908 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008/01/29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Program Files\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2007/08/16 08:56:16 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 001,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/04/18 01:42:14 | 000,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2009/02/08 20:36:10 | 000,292,138 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10060 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Easy Gif Animator Toolbar Helper) - {96372AB6-15EB-4316-B497-71C741BC548C} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Easy Gif Animator Toolbar) - {35065594-9169-4A34-B167-FC4865038E53} - C:\Program Files\Easy Gif Animator Extension\v3.3.0.3\EasyGifAnimator_Toolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [Ai Nap] C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [ASUS Energy Saving] C:\Program Files\ASUS\Ai Suite\EnergySaving\PwSave.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe ()
O4 - HKLM..\Run: [CPU Power Monitor] C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe (PC Tools)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Xaelya\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvLsp.dll (NVIDIA)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {03A99563-4F42-4DCF-A069-C728A71164A3} http://apps.vivaty.com/downloads/player/Vi...D%20Content.cab (Reg Error: Key error.)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.16.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1266370060343 (WUWebControl Class)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1266370053406 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://aolsvc.aol.com/onlinegames/free-tri...eb.1.0.0.14.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F4EBFE42-D82A-48EB-B70E-7499FFEAFF3F} http://aolsvc.aol.com/onlinegames/free-tri...Web.1.0.0.9.cab (CPlayFirstDressShopHControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.50.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/06 14:41:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 11:22:51 | 000,000,043 | RH-- | M] () - D:\AutoRun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/12/06 09:25:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16891891626803200)

========== Files/Folders - Created Within 14 Days ==========

[2010/02/24 14:38:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/02/24 14:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Desktop\Dial-a-fix-v0.60.0.24
[2010/02/21 14:23:27 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 11:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/02/21 10:55:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/21 10:46:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/17 12:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Desktop\pics
[2010/02/16 23:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\My Documents\gmer
[2010/02/16 21:56:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Xaelya\Recent
[2010/02/16 21:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/02/16 21:07:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/16 20:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/02/16 20:13:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Xaelya\Application Data\SUPERAntiSpyware.com
[2010/02/16 20:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/02/16 20:02:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/16 20:01:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/16 20:01:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/16 20:01:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/16 20:01:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/16 20:00:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/16 19:59:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/16 19:01:55 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/02/03 09:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/02/02 23:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/04/11 18:47:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2009/02/08 20:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/01/26 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2009/01/13 01:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/01/12 17:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/12/06 14:44:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/12/06 14:41:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/02/24 14:38:52 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/24 14:38:52 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/24 14:37:01 | 000,551,164 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/24 14:37:01 | 000,462,498 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/24 14:37:01 | 000,078,318 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/24 14:37:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/24 14:36:44 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/02/24 14:33:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/24 14:33:14 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin
[2010/02/24 14:32:40 | 000,197,602 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/02/24 14:32:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/24 14:32:33 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/24 14:32:33 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/24 14:32:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/22 16:21:02 | 008,912,896 | -H-- | M] () -- C:\Documents and Settings\Xaelya\NTUSER.DAT
[2010/02/21 14:50:35 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Xaelya\ntuser.ini
[2010/02/21 14:24:01 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Xaelya\Desktop\OTL.exe
[2010/02/21 11:00:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/21 10:42:28 | 003,866,973 | R--- | M] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/20 12:00:04 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/20 11:59:45 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\dds.scr
[2010/02/16 23:32:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:08:40 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/16 21:08:35 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/02/16 21:07:34 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/16 19:29:03 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 17:14:30 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Xaelya\Desktop\CCleaner.lnk
[2010/02/16 16:04:33 | 000,000,251 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/02/15 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/15 13:53:10 | 000,133,396 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:49:00 | 000,133,060 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:44:01 | 000,134,119 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 13:03:10 | 000,132,765 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:37 | 000,124,603 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:24 | 000,263,877 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:49 | 000,243,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:08 | 000,275,956 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:45 | 000,286,955 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:18 | 000,258,702 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:03 | 000,173,615 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:16 | 000,153,103 | ---- | M] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/24 14:36:43 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\Dial-a-fix-v0.60.0.24.zip
[2010/02/20 12:00:02 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\66f5yjsv.exe
[2010/02/16 23:33:36 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\gmer.exe
[2010/02/16 23:32:24 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\gmer.zip
[2010/02/16 21:48:02 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\SpywareBlaster.lnk
[2010/02/16 21:07:34 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/02/16 20:12:54 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/02/16 20:02:16 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/02/16 20:02:13 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/16 20:01:28 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/16 20:01:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/16 20:01:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/16 20:01:28 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/16 20:01:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/16 19:35:38 | 003,866,973 | R--- | C] () -- C:\Documents and Settings\Xaelya\Desktop\ComboFix.exe
[2010/02/16 19:29:02 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Xaelya\Desktop\JavaRa.zip
[2010/02/16 16:04:32 | 000,000,251 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/15 13:53:07 | 000,133,396 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-5.jpg
[2010/02/15 13:48:58 | 000,133,060 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-4.jpg
[2010/02/15 13:42:41 | 000,134,119 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-3.jpg
[2010/02/15 12:59:44 | 000,132,765 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\t_508-2.jpg
[2010/02/14 17:09:23 | 000,124,603 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic1.jpg
[2010/02/14 17:04:43 | 001,215,176 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Xae ning pic_001.png
[2010/02/14 16:47:22 | 000,263,877 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.jpg
[2010/02/14 16:46:48 | 000,243,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.jpg
[2010/02/14 16:46:07 | 000,275,956 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.jpg
[2010/02/14 16:45:32 | 000,281,964 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.jpg
[2010/02/14 16:34:57 | 001,561,847 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_005.png
[2010/02/14 16:31:48 | 001,338,842 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_004.png
[2010/02/14 16:31:24 | 001,418,883 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_003.png
[2010/02/14 16:30:00 | 001,449,528 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_002.png
[2010/02/14 16:28:03 | 001,625,762 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's valentine gift_001.png
[2010/02/11 22:46:06 | 000,605,892 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_003.png
[2010/02/11 22:09:44 | 000,286,955 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.jpg
[2010/02/11 22:09:16 | 000,258,702 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.jpg
[2010/02/11 20:25:46 | 001,633,804 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_002.png
[2010/02/11 19:25:11 | 001,544,288 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\Ande's awakening_001.png
[2010/02/10 19:14:02 | 000,173,615 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing2.jpg
[2010/02/10 19:13:15 | 000,153,103 | ---- | C] () -- C:\Documents and Settings\Xaelya\My Documents\xae writing1.jpg
[2009/11/26 19:45:33 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\libmng.dll
[2009/09/02 10:47:45 | 000,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2009/09/02 10:47:43 | 000,000,099 | ---- | C] () -- C:\Documents and Settings\Xaelya\Application Data\Karaoke-Sing-n-Burn.INI
[2009/09/02 10:47:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2009/08/17 08:34:26 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2009/08/17 08:34:26 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/03/25 14:04:42 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/01/07 15:31:50 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/07 15:31:37 | 000,007,023 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/30 10:12:38 | 000,008,192 | ---- | C] () -- C:\Documents and Settings\Xaelya\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 08:43:15 | 000,000,092 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/12/18 08:43:14 | 000,000,441 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2008/12/18 08:42:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxczvs.dll
[2008/12/18 08:42:44 | 000,000,270 | ---- | C] () -- C:\WINDOWS\System32\lxczcoin.ini
[2008/12/06 15:01:12 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/12/06 15:01:12 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/12/06 15:01:09 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/12/06 15:01:09 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/12/06 14:47:14 | 000,037,017 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/12/06 14:46:41 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/12/06 14:46:34 | 000,036,059 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/12/06 14:46:34 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/12/06 14:10:26 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/12/06 14:10:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/12/06 14:10:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/12/06 14:10:24 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/06 14:10:24 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/06 14:10:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/12/06 14:10:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/07/27 00:18:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/27 00:18:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/27 00:18:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/27 00:18:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/27 00:18:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2009/06/04 18:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009/12/12 00:24:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2009/01/07 15:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2008/12/06 14:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/09/02 10:50:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/06 04:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Razer
[2010/02/24 14:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/12/06 03:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2008/12/06 03:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/03/16 17:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/02/16 21:07:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/30 18:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/17 17:05:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/01/08 21:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Artogon
[2009/08/28 15:44:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Auslogics
[2010/01/06 18:52:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Big Fish Games
[2009/11/10 20:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Blender Foundation
[2010/01/04 22:22:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\blg
[2010/01/03 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\demo
[2009/09/02 11:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Focus Mp3 Recorder
[2009/04/11 19:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\GetRightToGo
[2009/05/19 10:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Hippo_OpenSim_Viewer
[2009/01/07 15:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MAGIX
[2010/01/20 21:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Metaversum
[2010/01/16 16:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\MH GED
[2008/12/09 18:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\OpenOffice.org
[2010/01/05 23:47:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\PlayFirst
[2009/01/26 19:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Research In Motion
[2010/01/31 17:20:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\SecondLife
[2008/12/06 13:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Desktop Search
[2009/01/08 09:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Xaelya\Application Data\Windows Search
[2010/02/24 14:33:46 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/03 20:07:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/06 12:49:12 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 20:07:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 20:07:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 20:07:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/03 20:07:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
@Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
@Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
@Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:10:05 PM

Posted 25 February 2010 - 12:36 PM

Hi,

the files are related to Combofix and the o1 lines are set by Spybot to protect you smile.gif




Download and Run StartupLite

This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.





Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    @Alternate Data Stream - 246 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
    @Alternate Data Stream - 237 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
    @Alternate Data Stream - 225 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D8F9D810
    @Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:80E965A3
    @Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EA701346
    @Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F0762150
    @Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
    @Alternate Data Stream - 212 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E51234A9
    @Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8247A199
    @Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F1F66C0
    @Alternate Data Stream - 205 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A7DA2BCD
    @Alternate Data Stream - 203 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:639F0420
    @Alternate Data Stream - 200 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A688EF17
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24051EFF
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    :Commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image
Back to Virus, Trojan, Spyware, and Malware Removal Help


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Virus, Trojan, Spyware, and Malware Removal Help
  4. Privacy Policy
  5. Rules ·