Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recieved a pm from a site claiming I was infected


  • This topic is locked This topic is locked
21 replies to this topic

#1 wavemaker

wavemaker

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 26 February 2010 - 02:10 AM

Referred from here: http://www.bleepingcomputer.com/forums/t/297933/aii/ ~ OB

Gooday all and thank you for being here. I received a P.M. from a site that I haven't visited for some time telling me that they had detected that I was infected and that if I were to return still infected I would be delisted and barred from the site. There was a link to a scanner and offer to fix the computer. I clicked the link and AVG blocked it. All good. I don't know if I am infected or not and so I have followed instructions given by boopme and will now post the results of the scans.



DDS (Ver_09-12-01.01) - NTFSx86
Run by james at 17:52:39.34 on 25-Feb-10
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.948 [GMT -8:00]

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\SOUNDMAN.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Spyware Doctor\Update.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Users\james\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com.au/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\james\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office14\officesas\officeSASscheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\james\appdata\roaming\mozilla\firefox\profiles\4bxqqf4c.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-2-22 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-23 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-23 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-23 360584]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 142832]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-23 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-23 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-2-22 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-2-22 359624]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-2-22 1141712]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42480]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-27 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2009-10-3 30604144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

=============== Created Last 30 ================

2010-02-26 01:49:04 0 ----a-w- c:\users\james\defogger_reenable
2010-02-26 01:33:41 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-26 01:33:31 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-26 01:33:30 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-26 01:33:30 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-02-26 01:33:29 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-25 01:07:17 0 d-----w- c:\program files\ESET
2010-02-25 01:02:01 228974039 ----a-w- c:\windows\MEMORY.DMP
2010-02-24 01:31:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 01:31:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 01:31:18 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 04:29:25 0 d-----w- c:\program files\CCleaner
2010-02-23 04:03:09 767952 ----a-w- c:\windows\BDTSupport.dll.old
2010-02-23 04:03:09 767952 ----a-w- c:\windows\BDTSupport.dll
2010-02-23 04:03:08 882 ----a-w- c:\windows\RegSDImport.xml
2010-02-23 04:03:08 879 ----a-w- c:\windows\RegISSImport.xml
2010-02-23 04:03:08 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-02-23 04:03:08 131 ----a-w- c:\windows\IDB.zip
2010-02-23 04:03:08 1152444 ----a-w- c:\windows\UDB.zip
2010-02-23 04:03:07 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-02-23 04:03:07 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-02-23 04:03:07 1640400 ----a-w- c:\windows\PCTBDCore.dll.old
2010-02-23 03:57:06 98600 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-02-23 03:57:06 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-02-23 03:57:06 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-02-23 03:56:45 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-02-23 03:56:45 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-02-23 03:56:45 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-02-23 03:56:45 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-02-23 03:56:27 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-02-23 03:56:27 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-02-23 03:55:48 0 d-----w- c:\users\james\appdata\roaming\PC Tools
2010-02-23 03:55:48 0 d-----w- c:\programdata\PC Tools
2010-02-23 03:55:48 0 d-----w- c:\program files\Spyware Doctor
2010-02-23 03:55:48 0 d-----w- c:\program files\common files\PC Tools
2010-02-23 03:55:30 0 d---a-w- c:\programdata\TEMP
2010-02-23 03:48:58 0 d-----w- c:\program files\Everything
2010-02-23 02:47:44 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-23 02:47:32 0 d-----w- c:\users\james\appdata\roaming\SUPERAntiSpyware.com
2010-02-23 02:47:32 0 d-----w- c:\program files\SUPERAntiSpyware
2010-02-23 02:46:43 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-02-23 01:26:03 0 d-----w- c:\program files\Microsoft Security Essentials
2010-02-22 02:16:44 0 d-----w- c:\program files\Microsoft Synchronization Services
2010-02-22 02:16:04 0 d-----w- c:\windows\PCHEALTH
2010-02-22 02:16:04 0 d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-22 02:15:14 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-22 02:14:33 0 d-----w- c:\program files\Microsoft Analysis Services
2010-02-22 02:13:59 0 d-----w- c:\programdata\Microsoft Help
2010-02-20 02:08:48 65536 --sha-w- c:\users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TM.blf
2010-02-20 02:08:48 524288 --sha-w- c:\users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000002.regtrans-ms
2010-02-20 02:08:48 524288 --sha-w- c:\users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000001.regtrans-ms
2010-02-20 01:54:11 0 d-----w- c:\program files\NVIDIA Corporation
2010-02-18 02:17:40 0 d-----w- c:\users\james\appdata\roaming\HandBrake
2010-02-18 02:17:35 0 d-----w- c:\program files\Handbrake
2010-02-15 05:44:29 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 05:44:29 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-15 05:44:29 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-07 19:12:39 0 d-----w- c:\program files\Smith Micro
2010-01-28 23:42:31 0 d-----w- C:\TRAVIATA
2010-01-28 23:37:04 0 d-----w- c:\programdata\DVD Shrink
2010-01-28 23:37:03 0 d-----w- c:\program files\DVD Shrink
2010-01-27 17:10:43 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 17:10:43 2614272 ----a-w- c:\windows\explorer.exe

==================== Find3M ====================

2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-01-23 22:40:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 22:40:01 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 22:39:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-31 23:25:12 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-19 09:02:55 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:53:23.58 ===============

Attached Files


Edited by Orange Blossom, 26 February 2010 - 12:00 PM.

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 26 February 2010 - 10:14 PM

Hi and welcome to the Virus/Trojan/Spyware/Malware Removal forum,

I am thcbytes and I am here to help you!

I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if your topic is not replied I we assume it has been abandoned and I will close it.

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Download and Run ComboFix (by sUBs)

You must rename it before saving it.





Please download ComboFix from one of these locations:

Link 1
Link 2

Save thcbytes.exe to your Desktop <-- Important!!!
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Please refer to this link for instructions.

  • Double click on thcbytes.exe & follow the prompts.
  • You will see this warning based on your particular OS. Please select "Yes" and proceed.


  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

The infection has created a Proxy with your internet connection. We will need to reset that.
Do this....

- In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

- In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver.

Reset TCP/IP Properties

First:

* Go to Start -> Control Panel -> Double click on Network Connections.
* Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.

* Select the General tab.
* Double click on Internet Protocol (TCP/IP).

Under General tab:

- Select "Obtain an IP address automatically".
- Select "Obtain DNS server address automatically".

* Click OK twice to save the settings.
* Reboot if you had to change any setting.

Next:

* Go to start > Run copy/paste the contents of the code box excluding "code" in the run box and click OK.

CODE
cmd /c (ipconfig /all&nslookup google.com&ping -n 2 google.com&route print) >log.txt&log.txt&del log.txt

A command window opens. Wait until a log.txt file opens.

* Please copy/paste the log file in your reply.

==========

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under "Extra Registry" please check "Use Safelist" and also check "LOP Check" and "Purity Check" as pictured.
  6. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT

  7. Push
  8. A report will open. Copy and Paste that report in your next reply.
  9. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

==========

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

==========

With your next post please provide:

* Combofix.txt
* OTL.txt
* Extra.txt
* Gmer log

Kind regards,
~t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 27 February 2010 - 03:40 AM


Windows IP Configuration

Host Name . . . . . . . . . . . . : office
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Physical Address. . . . . . . . . : 00-1A-92-61-DC-28
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a9f6:5d7a:d538:a53a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Saturday, February 27, 2010 4:04:41 PM
Lease Expires . . . . . . . . . . : Saturday, February 27, 2010 6:34:40 PM
Default Gateway . . . . . . . . . : 10.1.1.1
DHCP Server . . . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 234887826
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-BD-D8-2B-00-1A-92-61-DC-28
DNS Servers . . . . . . . . . . . : 10.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:cf2e:3096:14ec:15b7:c2ba:3e25(Preferred)
Link-local IPv6 Address . . . . . : fe80::14ec:15b7:c2ba:3e25%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{4DDCAD38-438B-4D31-A70C-81F062F14896}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: mygateway1.ar7
Address: 10.1.1.1

Name: google.com
Addresses: 66.249.89.103
66.249.89.99
66.249.89.147
66.249.89.104


Pinging google.com [66.249.89.103] with 32 bytes of data:
Reply from 66.249.89.103: bytes=32 time=352ms TTL=52
Reply from 66.249.89.103: bytes=32 time=202ms TTL=52

Ping statistics for 66.249.89.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 202ms, Maximum = 352ms, Average = 277ms
===========================================================================
Interface List
11...00 1a 92 61 dc 28 ......Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.6 20
10.0.0.0 255.0.0.0 On-link 10.1.1.6 276
10.1.1.6 255.255.255.255 On-link 10.1.1.6 276
10.255.255.255 255.255.255.255 On-link 10.1.1.6 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.6 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.6 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:cf2e:3096:14ec:15b7:c2ba:3e25/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
12 306 fe80::14ec:15b7:c2ba:3e25/128
On-link
11 276 fe80::a9f6:5d7a:d538:a53a/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
OTL logfile created on: 27-Feb-10 6:07:31 PM - Run 1
OTL by OldTimer - Version 3.1.30.3 Folder = C:\Users\james\Desktop
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 133.17 Gb Total Space | 76.91 Gb Free Space | 57.76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 48.83 Gb Total Space | 0.83 Gb Free Space | 1.69% Space Free | Partition Type: NTFS
Drive G: | 882.68 Gb Total Space | 867.90 Gb Free Space | 98.33% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OFFICE
Current User Name: james
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-02-27 18:04:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
PRC - [2010-02-18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010-01-23 17:02:03 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010-01-23 14:39:55 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010-01-23 14:39:55 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010-01-23 14:39:55 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010-01-23 14:39:55 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010-01-23 14:39:55 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010-01-23 14:39:52 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010-01-23 14:39:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010-01-21 15:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009-11-18 12:47:14 | 001,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009-10-30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009-10-11 04:17:36 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009-09-27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2009-09-26 06:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe
PRC - [2009-09-26 06:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe
PRC - [2009-08-19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009-08-19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009-08-18 16:25:16 | 000,304,128 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\swriter.exe
PRC - [2009-07-13 17:17:29 | 000,673,048 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-07-13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009-07-02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009-04-14 07:43:42 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2007-03-23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe


========== Modules (SafeList) ==========

MOD - [2010-02-27 18:04:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
MOD - [2009-07-13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009-07-13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009-07-13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009-07-13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009-07-13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009-07-13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009-07-13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009-07-13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009-07-13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009-07-13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009-07-13 17:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010-01-23 14:39:52 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010-01-23 14:39:52 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010-01-21 15:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009-12-27 14:05:36 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009-11-13 14:56:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009-11-06 14:29:22 | 001,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009-10-30 11:18:16 | 000,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009-10-03 20:51:46 | 030,604,144 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009-09-27 17:47:00 | 000,215,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2009-09-26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009-09-26 04:31:58 | 000,149,336 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009-07-13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009-07-13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009-07-13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009-07-13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009-07-13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009-07-13 17:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009-07-13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009-07-13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009-07-13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009-07-13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009-07-13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009-07-13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009-07-13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009-07-13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009-07-13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009-07-13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009-07-13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009-07-13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009-07-13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009-07-13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009-07-13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009-07-13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009-07-02 17:36:52 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2007-03-26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


========== Driver Services (SafeList) ==========

DRV - [2010-02-17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010-01-23 14:40:01 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010-01-23 14:39:57 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010-01-23 14:39:57 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009-11-09 11:20:12 | 000,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009-09-28 09:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009-09-27 23:12:22 | 009,509,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-07-13 17:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009-07-13 17:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009-07-13 17:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009-07-13 17:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009-07-13 17:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009-07-13 17:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009-07-13 17:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009-07-13 17:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009-07-13 17:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009-07-13 17:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009-07-13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009-07-13 17:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009-07-13 17:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009-07-13 17:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009-07-13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009-07-13 17:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009-07-13 17:20:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009-07-13 17:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009-07-13 17:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009-07-13 17:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009-07-13 17:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009-07-13 17:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009-07-13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009-07-13 17:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009-07-13 17:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009-07-13 17:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009-07-13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009-07-13 17:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009-07-13 17:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009-07-13 17:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009-07-13 17:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009-07-13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009-07-13 17:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009-07-13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009-07-13 17:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009-07-13 17:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009-07-13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009-07-13 17:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009-07-13 17:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009-07-13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009-07-13 17:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009-07-13 17:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009-07-13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009-07-13 16:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009-07-13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009-07-13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009-07-13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009-07-13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009-07-13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009-07-13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009-07-13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009-07-13 15:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009-07-13 15:51:17 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV - [2009-07-13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009-07-13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009-07-13 15:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009-07-13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009-07-13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009-07-13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009-07-13 15:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009-07-13 15:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009-07-13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009-07-13 15:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009-07-13 15:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009-07-13 15:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009-07-13 14:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-13 14:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009-07-13 14:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009-07-13 14:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009-07-13 14:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009-07-13 14:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009-07-13 14:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009-07-13 14:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009-07-13 14:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009-07-13 12:50:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009-06-18 19:45:02 | 004,172,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009-06-18 18:48:04 | 000,142,832 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009-06-18 18:48:04 | 000,042,480 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2008-05-02 10:58:28 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008-05-02 10:58:14 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008-05-02 10:58:14 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008-05-02 10:58:12 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2005-04-13 19:34:24 | 000,010,240 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmpu401.sys -- (nvmpu401) Service for NVIDIA® nForce™
DRV - [2005-01-26 02:03:00 | 000,020,576 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004-08-13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 C7 54 D3 46 80 CA 01 [binary data]
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com.au"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.4.11
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010-01-23 14:39:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-23 17:02:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010-01-23 17:02:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010-02-27 12:56:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009-12-18 18:36:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Extensions
[2009-12-18 18:36:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010-02-26 20:38:11 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions
[2010-01-23 11:49:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009-12-31 21:44:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010-01-30 12:17:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\foxmarks@kei.com
[2010-01-23 17:07:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\personas@christopher.beard
[2009-12-19 09:44:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009-06-10 13:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - Startup: C:\Users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1741167404-2738046154-2765825734-1002_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009-07-13 18:37:08 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - File not found
SafeBootNet: MsMpSvc - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010-02-27 18:04:45 | 000,549,888 | ---- | C] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2010-02-27 17:11:16 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Threat Expert
[2010-02-27 16:41:46 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010-02-27 16:41:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010-02-27 16:41:41 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\temp
[2010-02-27 16:23:08 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-02-27 16:23:08 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-02-27 16:23:08 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-02-27 16:22:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-02-27 16:20:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-02-27 16:20:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010-02-25 18:34:15 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\gmer
[2010-02-25 17:33:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010-02-25 17:33:31 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010-02-25 17:33:30 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010-02-25 17:33:30 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010-02-25 17:33:29 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010-02-25 17:33:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010-02-24 22:34:07 | 004,492,328 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\james\Desktop\mbam-rules.exe
[2010-02-24 17:07:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010-02-23 17:31:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010-02-23 17:31:19 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010-02-23 17:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010-02-23 17:29:38 | 005,115,824 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\james\Desktop\mbam-setup.exe
[2010-02-22 20:29:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010-02-22 20:26:40 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Users\james\Desktop\ccsetup228.exe
[2010-02-22 20:03:08 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010-02-22 20:03:07 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010-02-22 20:03:07 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll.old
[2010-02-22 20:03:07 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010-02-22 19:57:06 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010-02-22 19:57:06 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010-02-22 19:56:45 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010-02-22 19:56:45 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010-02-22 19:56:27 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010-02-22 19:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010-02-22 19:55:48 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\PC Tools
[2010-02-22 19:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010-02-22 19:55:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-02-22 19:55:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010-02-22 19:48:58 | 000,000,000 | ---D | C] -- C:\Program Files\Everything
[2010-02-22 19:48:27 | 034,355,328 | ---- | C] (PC Tools ) -- C:\Users\james\Desktop\spdoc.exe
[2010-02-22 18:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010-02-22 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
[2010-02-22 18:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-02-22 18:46:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-02-22 18:14:51 | 000,000,000 | ---D | C] -- C:\Users\james\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2010-02-22 17:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010-02-22 17:25:08 | 004,493,736 | ---- | C] (Microsoft Corporation) -- C:\Users\james\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010-02-21 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010-02-21 18:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010-02-21 18:16:04 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010-02-21 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010-02-21 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010-02-21 18:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010-02-21 18:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010-02-21 18:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010-02-21 18:14:03 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Microsoft Help
[2010-02-21 18:13:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010-02-21 18:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010-02-21 18:13:41 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010-02-21 16:51:37 | 717,774,312 | ---- | C] (Microsoft Corporation) -- C:\Users\james\Desktop\ProfessionalPlus.exe
[2010-02-19 18:39:07 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\btqash
[2010-02-19 17:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010-02-18 20:26:05 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Diagnostics
[2010-02-18 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Opera
[2010-02-18 18:47:32 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Opera
[2010-02-18 18:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010-02-18 18:33:04 | 009,306,504 | ---- | C] (Opera Software ASA ) -- C:\Users\james\Desktop\Opera_1010_en_Setup.exe
[2010-02-17 18:58:49 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\ElevatedDiagnostics
[2010-02-17 18:17:46 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\HandBrake
[2010-02-17 18:17:40 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\HandBrake
[2010-02-17 18:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010-02-17 17:13:03 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\photoOptimizeHistoryDataBase
[2010-02-17 17:12:45 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Local\Ashampoo Photo Optimizer 2
[2010-02-17 17:11:38 | 003,847,608 | ---- | C] (ashampoo GmbH & Co. KG ) -- C:\Users\james\Desktop\ashampoo_photo_optimizer_2_2.02_6272.exe
[2010-02-14 21:44:29 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010-02-14 21:44:29 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010-02-11 12:49:49 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010-02-11 12:49:49 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010-02-11 12:49:48 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010-02-11 12:49:46 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010-02-11 12:49:46 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010-02-11 12:49:45 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010-02-11 12:49:45 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010-02-11 12:49:45 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010-02-11 12:49:45 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010-02-11 12:49:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010-02-11 12:49:45 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010-02-08 18:03:52 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Sonic
[2010-02-08 18:03:45 | 000,000,000 | ---D | C] -- C:\Users\james\AppData\Roaming\Leadertech
[2010-02-07 11:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Smith Micro
[2010-02-07 11:09:24 | 014,354,936 | ---- | C] (Smith Micro ) -- C:\Users\james\Desktop\StuffItExpander2010.exe
[2010-02-02 19:21:54 | 000,000,000 | ---D | C] -- C:\Users\james\Documents\phone stuff

========== Files - Modified Within 30 Days ==========

[2010-02-27 18:09:49 | 001,835,008 | -HS- | M] () -- C:\Users\james\ntuser.dat
[2010-02-27 18:04:53 | 000,549,888 | ---- | M] (OldTimer Tools) -- C:\Users\james\Desktop\OTL.exe
[2010-02-27 17:16:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010-02-27 17:16:03 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010-02-27 16:36:59 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010-02-27 16:21:39 | 003,874,379 | R--- | M] () -- C:\Users\james\Desktop\thcbytes.exe
[2010-02-27 14:02:35 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010-02-27 14:02:35 | 000,014,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010-02-27 13:59:24 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010-02-27 13:59:24 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-02-27 13:59:24 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-02-27 13:54:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010-02-27 13:54:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-02-27 13:54:30 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010-02-27 13:38:16 | 002,329,184 | -H-- | M] () -- C:\Users\james\AppData\Local\IconCache.db
[2010-02-27 13:04:34 | 000,001,816 | ---- | M] () -- C:\Users\james\Desktop\Microsoft Office - Shortcut.lnk
[2010-02-27 10:27:26 | 000,012,739 | ---- | M] () -- C:\Users\james\Documents\error.odt
[2010-02-27 10:03:28 | 056,305,693 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010-02-27 09:56:56 | 216,731,095 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-02-26 17:13:59 | 000,000,981 | ---- | M] () -- C:\Users\james\Desktop\Handbrake.lnk
[2010-02-25 18:32:08 | 000,284,915 | ---- | M] () -- C:\Users\james\Desktop\gmer.zip
[2010-02-25 17:51:33 | 000,524,288 | ---- | M] () -- C:\Users\james\Desktop\dds.scr
[2010-02-25 17:49:04 | 000,000,000 | ---- | M] () -- C:\Users\james\defogger_reenable
[2010-02-25 17:48:04 | 000,050,477 | ---- | M] () -- C:\Users\james\Desktop\Defogger.exe
[2010-02-24 22:34:37 | 004,492,328 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\james\Desktop\mbam-rules.exe
[2010-02-24 17:06:23 | 002,672,312 | ---- | M] () -- C:\Users\james\Desktop\esetsmartinstaller_enu.exe
[2010-02-24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010-02-23 17:30:13 | 005,115,824 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\james\Desktop\mbam-setup.exe
[2010-02-23 17:24:55 | 000,059,664 | ---- | M] () -- C:\Users\james\Desktop\mbam-clean.exe
[2010-02-22 20:47:10 | 000,001,314 | ---- | M] () -- C:\Users\james\Documents\cc_20100222_204703.reg
[2010-02-22 20:46:39 | 000,026,818 | ---- | M] () -- C:\Users\james\Documents\cc_20100222_204628.reg
[2010-02-22 20:29:31 | 000,001,835 | ---- | M] () -- C:\Users\james\Desktop\CCleaner.lnk
[2010-02-22 20:27:49 | 003,370,400 | ---- | M] (Piriform Ltd) -- C:\Users\james\Desktop\ccsetup228.exe
[2010-02-22 19:56:34 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-02-22 19:54:56 | 034,355,328 | ---- | M] (PC Tools ) -- C:\Users\james\Desktop\spdoc.exe
[2010-02-22 19:14:09 | 000,341,811 | ---- | M] () -- C:\Users\james\Desktop\Everything-1.2.1.371.exe
[2010-02-22 18:47:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010-02-22 18:46:31 | 007,757,856 | ---- | M] () -- C:\Users\james\Desktop\SUPERAntiSpywarePro.exe
[2010-02-22 17:26:18 | 000,113,000 | ---- | M] () -- C:\Users\james\AppData\Local\GDIPFONTCACHEV1.DAT
[2010-02-22 17:26:03 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010-02-22 17:25:04 | 004,493,736 | ---- | M] (Microsoft Corporation) -- C:\Users\james\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010-02-22 13:21:36 | 024,403,616 | ---- | M] () -- C:\Users\james\Desktop\NokiaSoftwareUpdaterSetup_en.exe
[2010-02-22 13:13:07 | 000,424,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-02-21 18:14:55 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010-02-21 16:53:58 | 717,774,312 | ---- | M] (Microsoft Corporation) -- C:\Users\james\Desktop\ProfessionalPlus.exe
[2010-02-20 21:28:18 | 000,264,432 | ---- | M] () -- C:\Users\james\Documents\007.jpg
[2010-02-20 21:28:12 | 000,282,670 | ---- | M] () -- C:\Users\james\Documents\006.jpg
[2010-02-20 21:28:08 | 000,299,416 | ---- | M] () -- C:\Users\james\Documents\005.jpg
[2010-02-19 18:48:29 | 000,524,288 | -HS- | M] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000002.regtrans-ms
[2010-02-19 18:48:29 | 000,524,288 | -HS- | M] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000001.regtrans-ms
[2010-02-19 18:48:29 | 000,065,536 | -HS- | M] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TM.blf
[2010-02-18 18:34:19 | 009,306,504 | ---- | M] (Opera Software ASA ) -- C:\Users\james\Desktop\Opera_1010_en_Setup.exe
[2010-02-17 18:17:05 | 004,886,870 | ---- | M] () -- C:\Users\james\Desktop\HandBrake-0.9.4-Win_GUI.exe
[2010-02-17 17:11:36 | 003,847,608 | ---- | M] (ashampoo GmbH & Co. KG ) -- C:\Users\james\Desktop\ashampoo_photo_optimizer_2_2.02_6272.exe
[2010-02-15 16:57:44 | 000,001,298 | ---- | M] () -- C:\Users\james\Desktop\Event Viewer.lnk
[2010-02-13 10:13:49 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010-02-11 21:35:48 | 000,094,612 | ---- | M] () -- C:\Users\james\Documents\004.JPG
[2010-02-11 21:35:16 | 002,494,962 | ---- | M] () -- C:\Users\james\Documents\003.JPG
[2010-02-11 21:34:34 | 000,024,513 | ---- | M] () -- C:\Users\james\Documents\002.gif
[2010-02-11 21:34:24 | 000,033,548 | ---- | M] () -- C:\Users\james\Documents\001.jpg
[2010-02-07 11:11:37 | 014,354,936 | ---- | M] (Smith Micro ) -- C:\Users\james\Desktop\StuffItExpander2010.exe
[2010-02-01 23:45:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010-01-30 10:32:26 | 000,070,492 | ---- | M] () -- C:\Users\james\Documents\Diploma,com,welf.odt

========== Files Created - No Company Name ==========

[2010-02-27 16:23:08 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010-02-27 16:23:08 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-02-27 16:23:08 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-02-27 16:23:08 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-02-27 16:23:08 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-02-27 16:00:26 | 003,874,379 | R--- | C] () -- C:\Users\james\Desktop\thcbytes.exe
[2010-02-27 13:04:34 | 000,001,816 | ---- | C] () -- C:\Users\james\Desktop\Microsoft Office - Shortcut.lnk
[2010-02-27 10:27:26 | 000,012,739 | ---- | C] () -- C:\Users\james\Documents\error.odt
[2010-02-26 17:13:59 | 000,000,981 | ---- | C] () -- C:\Users\james\Desktop\Handbrake.lnk
[2010-02-25 18:32:05 | 000,284,915 | ---- | C] () -- C:\Users\james\Desktop\gmer.zip
[2010-02-25 17:51:16 | 000,524,288 | ---- | C] () -- C:\Users\james\Desktop\dds.scr
[2010-02-25 17:49:04 | 000,000,000 | ---- | C] () -- C:\Users\james\defogger_reenable
[2010-02-25 17:47:55 | 000,050,477 | ---- | C] () -- C:\Users\james\Desktop\Defogger.exe
[2010-02-24 17:06:19 | 002,672,312 | ---- | C] () -- C:\Users\james\Desktop\esetsmartinstaller_enu.exe
[2010-02-24 17:02:01 | 216,731,095 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010-02-23 17:24:53 | 000,059,664 | ---- | C] () -- C:\Users\james\Desktop\mbam-clean.exe
[2010-02-22 20:47:06 | 000,001,314 | ---- | C] () -- C:\Users\james\Documents\cc_20100222_204703.reg
[2010-02-22 20:46:33 | 000,026,818 | ---- | C] () -- C:\Users\james\Documents\cc_20100222_204628.reg
[2010-02-22 20:29:31 | 000,001,835 | ---- | C] () -- C:\Users\james\Desktop\CCleaner.lnk
[2010-02-22 20:03:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll.old
[2010-02-22 20:03:09 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010-02-22 20:03:08 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010-02-22 20:03:08 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010-02-22 20:03:08 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010-02-22 20:03:08 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010-02-22 19:57:06 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010-02-22 19:56:45 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010-02-22 19:56:45 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010-02-22 19:56:34 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010-02-22 19:56:27 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010-02-22 19:13:57 | 000,341,811 | ---- | C] () -- C:\Users\james\Desktop\Everything-1.2.1.371.exe
[2010-02-22 18:47:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2010-02-22 18:45:25 | 007,757,856 | ---- | C] () -- C:\Users\james\Desktop\SUPERAntiSpywarePro.exe
[2010-02-22 17:26:03 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010-02-22 13:18:47 | 024,403,616 | ---- | C] () -- C:\Users\james\Desktop\NokiaSoftwareUpdaterSetup_en.exe
[2010-02-21 16:14:41 | 002,494,962 | ---- | C] () -- C:\Users\james\Documents\003.JPG
[2010-02-21 16:14:41 | 000,299,416 | ---- | C] () -- C:\Users\james\Documents\005.jpg
[2010-02-21 16:14:41 | 000,282,670 | ---- | C] () -- C:\Users\james\Documents\006.jpg
[2010-02-21 16:14:41 | 000,264,432 | ---- | C] () -- C:\Users\james\Documents\007.jpg
[2010-02-21 16:14:41 | 000,094,612 | ---- | C] () -- C:\Users\james\Documents\004.JPG
[2010-02-21 16:14:41 | 000,033,548 | ---- | C] () -- C:\Users\james\Documents\001.jpg
[2010-02-21 16:14:41 | 000,024,513 | ---- | C] () -- C:\Users\james\Documents\002.gif
[2010-02-19 18:08:48 | 000,524,288 | -HS- | C] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000002.regtrans-ms
[2010-02-19 18:08:48 | 000,524,288 | -HS- | C] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TMContainer00000000000000000001.regtrans-ms
[2010-02-19 18:08:48 | 000,065,536 | -HS- | C] () -- C:\Users\james\ntuser.dat{d38c1df8-1dc4-11df-af14-001a9261dc28}.TM.blf
[2010-02-17 18:16:37 | 004,886,870 | ---- | C] () -- C:\Users\james\Desktop\HandBrake-0.9.4-Win_GUI.exe
[2010-02-15 16:57:44 | 000,001,298 | ---- | C] () -- C:\Users\james\Desktop\Event Viewer.lnk
[2010-02-13 10:13:49 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010-01-30 09:54:57 | 000,070,492 | ---- | C] () -- C:\Users\james\Documents\Diploma,com,welf.odt
[2010-01-19 20:46:42 | 000,001,889 | ---- | C] () -- C:\Users\james\AppData\Roaming\NMM-MetaData.db
[2009-12-30 09:54:17 | 000,000,017 | ---- | C] () -- C:\Users\james\AppData\Local\resmon.resmoncfg
[2009-09-28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009-07-13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-04-14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2005-12-07 12:31:00 | 000,202,752 | R--- | C] () -- C:\Windows\System32\CddbCdda.dll
[2005-11-18 10:49:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2004-08-13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010-01-23 14:04:06 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Applied Recognition Inc
[2010-01-14 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Ashampoo
[2010-01-23 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Downloaded Installations
[2010-01-23 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Fotobounce.5A4B2D7CDB401C978E159E6BB968B150A9B58BC9.1
[2010-02-17 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\HandBrake
[2010-02-08 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Leadertech
[2010-01-19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Nokia
[2010-02-22 13:16:14 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Nokia Multimedia Player
[2009-12-18 20:51:22 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OpenOffice.org
[2010-02-18 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Opera
[2009-12-19 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\PC Suite
[2010-01-16 15:27:07 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Stellarium
[2009-12-18 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Thunderbird
[2009-12-25 09:57:36 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Ubisoft
[2009-07-13 20:53:46 | 000,032,406 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009-12-31 16:59:56 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Adobe
[2010-01-23 14:04:06 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Applied Recognition Inc
[2010-01-14 19:18:47 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Ashampoo
[2010-01-23 14:01:24 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Downloaded Installations
[2010-01-23 14:05:20 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Fotobounce.5A4B2D7CDB401C978E159E6BB968B150A9B58BC9.1
[2010-02-17 18:17:43 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\HandBrake
[2009-12-18 16:45:01 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Identities
[2009-12-25 09:22:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\InstallShield
[2010-02-08 18:03:45 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Leadertech
[2009-12-18 20:03:46 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Macromedia
[2010-02-23 17:31:28 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Malwarebytes
[2009-07-13 23:49:10 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Media Center Programs
[2010-02-22 13:14:55 | 000,000,000 | --SD | M] -- C:\Users\james\AppData\Roaming\Microsoft
[2009-12-18 17:04:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Mozilla
[2010-01-19 20:46:42 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Nokia
[2010-02-22 13:16:14 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Nokia Multimedia Player
[2009-12-18 20:51:22 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\OpenOffice.org
[2010-02-18 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Opera
[2009-12-19 11:11:16 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\PC Suite
[2010-02-22 19:55:48 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\PC Tools
[2010-02-08 18:03:52 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Sonic
[2010-01-16 15:27:07 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Stellarium
[2010-02-22 18:47:32 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\SUPERAntiSpyware.com
[2009-12-18 18:36:47 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Thunderbird
[2009-12-25 09:57:36 | 000,000,000 | ---D | M] -- C:\Users\james\AppData\Roaming\Ubisoft

< %APPDATA%\*.exe /s >
[2009-11-20 03:08:20 | 000,038,784 | ---- | M] () -- C:\Users\james\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009-12-17 16:37:52 | 000,029,344 | ---- | M] (NOS Microsystems Ltd.) -- C:\Users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009-07-13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009-07-13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009-07-13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009-07-13 17:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009-07-13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009-07-13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009-07-13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009-07-13 17:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009-07-13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009-07-13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009-07-13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009-07-13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009-07-13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009-07-13 17:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009-07-13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009-07-13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009-07-13 17:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009-07-13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009-07-13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009-07-13 17:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009-07-13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009-07-13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009-07-13 17:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009-07-13 17:15:07 | 001,242,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\comsvcs.dll
[2009-07-13 17:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009-07-13 17:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009-07-13 17:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009-07-13 17:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\LocationApi.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 877 bytes -> C:\Users\james\Documents\Emailing addys.ldif, My Addys.ldif.eml:OECustomProperty
@Alternate Data Stream - 877 bytes -> C:\Users\james\Documents\Emailing addys.ldif, My Addys.ldif (2).eml:OECustomProperty
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1333 bytes -> C:\Users\james\Documents\FW OIL - you better sit down.eml:OECustomProperty
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

None
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#4 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 27 February 2010 - 05:11 AM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 20:07:46
Windows 6.1.7600
Running: 51b2dzic.exe; Driver: C:\Users\james\AppData\Local\Temp\pwldapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x88C13CDE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x88C13ED0]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x88C140D8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x88C13984]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A343F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A1CFB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A341DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A346F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A34F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82A351A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82A945C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AB9052 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 35C 82AC095C 8 Bytes [DE, 3C, C1, 88, D0, 3E, C1, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 394 82AC0994 4 Bytes [D8, 40, C1, 88]
.text ntkrnlpa.exe!RtlSidHashLookup + 7E8 82AC0DE8 4 Bytes [84, 39, C1, 88]
.text peauth.sys 9AB41C9D 28 Bytes [44, EC, F5, E3, 86, 19, DC, ...]
.text peauth.sys 9AB41CC1 28 Bytes [44, EC, F5, E3, 86, 19, DC, ...]
? C:\Users\james\AppData\Local\Temp\catchme.sys The system cannot find the file specified. !
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5896] ntdll.dll!LdrLoadDll 77AAF585 5 Bytes JMP 010913F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe[404] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[1016] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[1016] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[1016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[1016] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2256] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2256] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2256] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2256] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2256] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [68B09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [68B0A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [68B094D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [68B094E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [68B094B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [68B094A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [68B0AA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [68B0A27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [68B09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [68B09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\IPHLPAPI.DLL [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [68B09832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75B15E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [68B09E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[2360] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [68B092CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2732] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2732] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[2732] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 27 February 2010 - 03:51 PM

Hi,
Were you able able to run Combofix? Please post the log.
Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 27 February 2010 - 05:27 PM

ComboFix 10-02-26.02 - james 27-Feb-10 16:24:32.1.1 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2046.1125 [GMT -8:00]
Running from: c:\users\james\Desktop\thcbytes.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk

.
((((((((((((((((((((((((( Files Created from 2010-01-28 to 2010-02-28 )))))))))))))))))))))))))))))))
.

2010-02-28 00:36 . 2010-02-28 00:36 -------- d-----w- c:\users\james\AppData\Local\temp
2010-02-28 00:36 . 2010-02-28 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-26 01:33 . 2010-02-02 07:45 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-26 01:33 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-02-26 01:33 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
2010-02-26 01:33 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-02-25 01:07 . 2010-02-25 01:07 -------- d-----w- c:\program files\ESET
2010-02-24 01:31 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-24 01:31 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-24 01:31 . 2010-02-24 01:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-23 04:29 . 2010-02-23 04:29 -------- d-----w- c:\program files\CCleaner
2010-02-23 03:55 . 2010-02-23 03:55 -------- d-----w- c:\users\james\AppData\Roaming\PC Tools
2010-02-23 03:55 . 2010-02-23 03:55 -------- d-----w- c:\programdata\PC Tools
2010-02-23 03:48 . 2010-02-24 03:00 -------- d-----w- c:\program files\Everything
2010-02-23 02:47 . 2010-02-23 02:47 52224 ----a-w- c:\users\james\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-23 02:47 . 2010-02-28 00:14 117760 ----a-w- c:\users\james\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-23 02:47 . 2010-02-23 02:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-02-23 02:47 . 2010-02-23 02:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-23 02:47 . 2010-02-23 02:47 -------- d-----w- c:\users\james\AppData\Roaming\SUPERAntiSpyware.com
2010-02-23 02:46 . 2010-02-23 02:46 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-23 01:26 . 2010-02-23 01:26 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-02-22 02:16 . 2010-02-22 02:16 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-02-22 02:16 . 2010-02-22 02:16 -------- d-----w- c:\windows\PCHEALTH
2010-02-22 02:16 . 2010-02-22 02:16 -------- d-----w- c:\program files\Microsoft.NET
2010-02-22 02:16 . 2010-02-22 02:16 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-02-22 02:16 . 2010-02-22 02:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-02-22 02:15 . 2010-02-22 02:15 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-02-22 02:14 . 2010-02-22 02:14 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-02-22 02:14 . 2010-02-22 02:14 -------- d-----w- c:\users\james\AppData\Local\Microsoft Help
2010-02-22 02:13 . 2010-02-22 02:20 -------- d-----w- c:\programdata\Microsoft Help
2010-02-22 02:13 . 2010-02-22 02:13 -------- d-----r- C:\MSOCache
2010-02-20 02:39 . 2010-02-20 06:01 -------- d-----w- c:\users\james\AppData\Local\btqash
2010-02-20 01:54 . 2010-02-20 02:07 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-19 04:26 . 2010-02-23 03:33 -------- d-----w- c:\users\james\AppData\Local\Diagnostics
2010-02-19 02:47 . 2010-02-19 02:47 -------- d-----w- c:\users\james\AppData\Local\Opera
2010-02-19 02:46 . 2010-02-20 02:07 -------- d-----w- c:\program files\Opera
2010-02-18 02:58 . 2010-02-18 02:58 -------- d-----w- c:\users\james\AppData\Local\ElevatedDiagnostics
2010-02-18 02:17 . 2010-02-18 02:17 -------- d-----w- c:\users\james\AppData\Local\HandBrake
2010-02-18 02:17 . 2010-02-18 02:17 -------- d-----w- c:\users\james\AppData\Roaming\HandBrake
2010-02-18 02:17 . 2010-02-18 02:17 -------- d-----w- c:\program files\Handbrake
2010-02-18 01:13 . 2010-02-18 01:13 -------- d-----w- c:\users\james\AppData\Local\photoOptimizeHistoryDataBase
2010-02-18 01:12 . 2010-02-18 01:12 -------- d-----w- c:\users\james\AppData\Local\Ashampoo Photo Optimizer 2
2010-02-15 05:44 . 2009-12-08 11:40 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 05:44 . 2009-12-08 11:40 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-15 05:44 . 2009-12-08 11:32 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-02-09 02:03 . 2010-02-09 02:03 -------- d-----w- c:\users\james\AppData\Roaming\Sonic
2010-02-09 02:03 . 2010-02-09 02:03 -------- d-----w- c:\users\james\AppData\Roaming\Leadertech
2010-02-07 19:12 . 2010-02-07 19:14 -------- d-----w- c:\program files\Smith Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 00:24 . 2010-02-23 03:55 -------- d-----w- c:\program files\Spyware Doctor
2010-02-27 20:56 . 2009-12-19 02:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-27 18:03 . 2009-12-19 04:52 1 ----a-w- c:\users\james\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-24 17:16 . 2009-12-19 01:01 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 01:31 . 2010-01-24 01:21 -------- d-----w- c:\users\james\AppData\Roaming\Malwarebytes
2010-02-24 01:31 . 2010-01-24 01:21 -------- d-----w- c:\programdata\Malwarebytes
2010-02-23 04:03 . 2010-02-23 03:55 -------- d-----w- c:\program files\Common Files\PC Tools
2010-02-23 01:26 . 2009-12-19 02:16 113000 ----a-w- c:\users\james\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-22 21:21 . 2009-12-19 19:04 -------- d-----w- c:\programdata\Installations
2010-02-22 21:16 . 2009-12-19 19:22 -------- d-----w- c:\users\james\AppData\Roaming\Nokia Multimedia Player
2010-02-22 02:17 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-02-20 01:55 . 2009-12-29 02:34 -------- d-----w- c:\programdata\NVIDIA
2010-02-18 01:12 . 2010-01-15 02:40 -------- d-----w- c:\program files\Ashampoo
2010-02-13 18:13 . 2009-12-19 01:55 -------- d-----w- c:\program files\Google
2010-01-28 23:38 . 2010-01-28 23:37 -------- d-----w- c:\programdata\DVD Shrink
2010-01-28 23:37 . 2010-01-28 23:37 -------- d-----w- c:\program files\DVD Shrink
2010-01-24 00:57 . 2010-01-24 00:57 -------- d-----w- c:\program files\1-abc
2010-01-23 22:40 . 2009-12-19 03:51 -------- d-----w- c:\programdata\avg9
2010-01-23 22:40 . 2010-01-23 22:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-23 22:40 . 2010-01-23 22:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-23 22:39 . 2010-01-23 22:39 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-23 22:39 . 2010-01-23 22:39 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-23 22:05 . 2010-01-23 22:05 -------- d-----w- c:\users\james\AppData\Roaming\Fotobounce.5A4B2D7CDB401C978E159E6BB968B150A9B58BC9.1
2010-01-23 22:04 . 2010-01-23 22:04 -------- d-----w- c:\users\james\AppData\Roaming\Applied Recognition Inc
2010-01-23 22:02 . 2010-01-23 22:02 -------- d-----w- c:\program files\fotobounce
2010-01-23 22:01 . 2010-01-23 22:01 -------- d-----w- c:\users\james\AppData\Roaming\Downloaded Installations
2010-01-23 04:02 . 2010-01-22 05:05 -------- d-----w- c:\programdata\Lavasoft
2010-01-22 05:05 . 2010-01-22 05:05 -------- d-----w- c:\program files\Lavasoft
2010-01-22 01:53 . 2010-01-01 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-21 23:21 . 2010-02-23 04:03 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-21 23:21 . 2010-02-23 04:03 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-21 23:21 . 2010-02-23 04:03 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-01-21 23:21 . 2010-02-23 04:03 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-20 04:46 . 2009-12-19 19:05 -------- d-----w- c:\users\james\AppData\Roaming\Nokia
2010-01-18 23:29 . 2010-02-11 20:49 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-11 20:49 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-11 20:49 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-11 20:49 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-11 20:49 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-11 20:49 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-11 20:49 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-11 20:49 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-18 04:33 . 2010-01-18 04:33 -------- d-----w- c:\program files\Roxio
2010-01-18 04:33 . 2010-01-18 04:33 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-16 23:27 . 2010-01-16 23:18 -------- d-----w- c:\users\james\AppData\Roaming\Stellarium
2010-01-16 23:16 . 2010-01-16 23:16 -------- d-----w- c:\program files\Stellarium
2010-01-15 03:18 . 2010-01-15 02:51 -------- d-----w- c:\users\james\AppData\Roaming\Ashampoo
2010-01-15 02:41 . 2010-01-15 02:41 -------- d-----w- c:\programdata\ashampoo
2010-01-08 03:18 . 2010-02-11 20:49 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-11 20:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-03 01:32 . 2010-01-01 00:08 -------- d-----w- c:\programdata\NOS
2010-01-01 00:11 . 2010-01-01 00:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-01 00:08 . 2010-01-01 00:08 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-12-31 23:25 . 2009-12-31 23:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2009-12-19 19:04 . 2009-12-19 19:04 9728 ----a-w- c:\programdata\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
2009-12-19 19:04 . 2009-12-19 19:04 8192 ----a-w- c:\programdata\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
2009-12-19 19:04 . 2009-12-19 19:04 15360 ----a-w- c:\programdata\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-19 09:02 . 2010-01-23 03:41 977920 ----a-w- c:\windows\system32\wininet.dll
2009-12-19 09:02 . 2010-02-11 20:49 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02 . 2010-02-11 20:49 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02 . 2010-02-11 20:49 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02 . 2010-02-11 20:49 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02 . 2010-02-11 20:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02 . 2010-02-11 20:49 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02 . 2010-02-11 20:49 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02 . 2010-02-11 20:49 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-18 00:37 . 2010-01-01 00:08 29344 ----a-w- c:\users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-14 15:57 . 2010-01-23 21:06 213504 ----a-w- c:\users\james\AppData\Roaming\Thunderbird\Profiles\5txmh5n8.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2009-12-08 08:05 . 2010-02-11 20:49 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-08 08:05 . 2010-02-11 20:49 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2009-09-26 15:42 556416 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-04-14 604704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-08 1394000]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-09-27 83312]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-14 1048392]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

c:\users\james\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [22-Feb-10 7:56 PM 207792]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [23-Jan-10 2:39 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [23-Jan-10 2:40 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17-Feb-10 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [17-Feb-10 10:15 AM 66632]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [23-Jan-10 2:39 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23-Jan-10 2:39 PM 285392]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [22-Feb-10 8:03 PM 112592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [22-Feb-10 7:56 PM 359624]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\System32\drivers\MpNWMon.sys [18-Jun-09 6:48 PM 42480]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [17-Feb-10 10:15 AM 12872]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\System32\drivers\yk62x86.sys [28-Sep-09 9:22 AM 315392]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27-Dec-09 2:05 PM 135664]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [03-Oct-09 8:51 PM 30604144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [26-Sep-09 5:28 AM 4639136]
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 22:05]

2010-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-27 22:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\james\AppData\Roaming\Mozilla\Firefox\Profiles\4bxqqf4c.default\
FF - prefs.js: browser.startup.homepage - www.google.com.au
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-02-27 16:41:39
ComboFix-quarantined-files.txt 2010-02-28 00:41

Pre-Run: 82,532,286,464 bytes free
Post-Run: 82,526,109,696 bytes free

- - End Of File - - D247C30E6602C704DD85743C73DA79FD
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 27 February 2010 - 11:01 PM

Well done. thumbup2.gif

QUOTE
I received a P.M. from a site that I haven't visited for some time telling me that they had detected that I was infected and that if I were to return still infected I would be delisted and barred from the site. There was a link to a scanner and offer to fix the computer. I clicked the link and AVG blocked it.

Which site?
Can you provide me a link?
Can I see the pm they sent you?
How about the link to the scanner?
Do you purposely use a proxy for your internet connection?

==========

Please rerun MBAM.

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
    • Update Malwarebytes' Anti-Malware <--- Important!!
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

Please run the F-Secure Online Scanner
Note: This Scanner is for Internet Explorer Only!
Follow the Instruction here for installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes, the scan will begin automatically.
The scan will take some time to finish, so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

==========

With your next post please provide:

* Answer to questions
* MBAM log
* F-Secure log
* How is your computer running?

Kind regards,
~t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 28 February 2010 - 12:10 AM

I used IE toggled to proxy to update mbam earlier on. Below is the message I received. The machine seemed to be going OK but right now I am running mbam updated and it behaving erratically. I will post that log as soon as I have it. Many thanks for your help and I am already an organ donor so right on side with you on that one too. Mbam is still running 45 mins later. It appears to be going very slowly. I have watched it in the past and the bottom line showing what it is scanning will be flicking over and over. The way it is running now is that it looks like it is stopped and then every now and then it will flick over the bottom line and the time running will adjust. Also, regarding the message below. It is no longer in my in-box at the site. Mbam finished after 2 hrs and 22 mins. Posted results below. Also spyware doctor says there are 3 threats and 179 infections on my computer. I did not run it and thought I had it turned off.



Dear wavemaker,

You have received a new private message at ozgolf.net forums from BoardSupport, entitled "Warning! Next time we will have to complaint to your ISP.".

To read the original version, respond to, or delete this message, you must log in here:
http://www.ozgolf.net/forums/private.php

This is the message that was sent:
***************
Dear, prmeier;Choppa;Ona;wavemaker;andylo!A virus alert was noticed on your computer. We highly recommend you to check your computer and perform online virus check at our site immediately: xxxxx you do not pass this test* we will have to delete your account and forward a complaint to your ISP with attached log file (your IP address, etc.).----------------------------------------------------Forum Administration www.ozgolf.net.
***************

Again, please do not reply to this email. You must go to the following page to reply to this private message:
http://www.ozgolf.net/forums/private.php

All the best,
ozgolf.net forums


Malwarebytes' Anti-Malware 1.44
Database version: 3805
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28-Feb-10 5:54:25 PM
mbam-log-2010-02-28 (17-54-25).txt

Scan type: Quick Scan
Objects scanned: 108389
Time elapsed: 2 hour(s), 22 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by thcbytes - rogue link

Edited by thcbytes, 28 February 2010 - 10:01 AM.

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 28 February 2010 - 10:05 AM

Hi,

Guess what?? I am fairly certain the golf site was hacked. The link you provided was a rogue link to a malicious site. Glad you had your AV running when you clicked the link. It could have been much worse!!!

QUOTE
Also spyware doctor says there are 3 threats and 179 infections

Can you post the log?

Did you run F-Secure yet?

Thanks,
~ t


Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 28 February 2010 - 04:51 PM

Good morning. I contacted the golf site and they were aware of the sitch and have closed the loophole that allowed that bloke to hack the site. Below is spyware doctor log. Dont think I ran F-Secure yet. I will give it a go.



PC Tools Spyware Doctor

Date

Status
2/22/2010 8:03:24 PM:490
Service Started
Spyware Doctor Service Application started
2/22/2010 8:03:24 PM:490
Anti-Malware Engine
Anti-Malware engine configuration failure: #-1
2/22/2010 8:12:02 PM:358
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/22/2010 8:12:09 PM:974
Scan Started
Scan Type - Intelli-Scan
2/22/2010 8:12:40 PM:366
Immunizer Results
ActiveX section has been immunized, Processed 5127 items.
2/22/2010 8:13:55 PM:387
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 204963
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/22/2010 8:22:57 PM:484
IntelliGuards status
All IntelliGuards were Enabled
2/22/2010 8:22:59 PM:44
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/22/2010 8:23:04 PM:2
Scan Started
Scan Type - Intelli-Scan
2/22/2010 8:23:14 PM:604
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - is_unique statcounter.com
2/22/2010 8:23:18 PM:263
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - JEB2 adserver.adtechus.com
2/22/2010 8:23:22 PM:328
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - GUID iacas.adbureau.net
2/22/2010 8:23:23 PM:673
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ruid rubiconproject.com
2/22/2010 8:23:24 PM:260
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ruid rambler.ru
2/22/2010 8:23:25 PM:908
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - S apmebf.com
2/22/2010 8:23:26 PM:55
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - s_vi microsoftwindows.112.2o7.net
2/22/2010 8:23:28 PM:786
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ut_cookie pricegrabber.com
2/22/2010 8:23:28 PM:786
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ut_timestamp pricegrabber.com
2/22/2010 8:23:28 PM:804
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utma techspot.pricegrabber.com
2/22/2010 8:23:28 PM:805
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmz techspot.pricegrabber.com
2/22/2010 8:23:28 PM:805
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __qca pricegrabber.com
2/22/2010 8:23:28 PM:806
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - wooTracker techspot.pricegrabber.com
2/22/2010 8:23:31 PM:274
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - idrxvr xiti.com
2/22/2010 8:23:32 PM:764
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - KONA_USER_GUID kontera.com
2/22/2010 8:23:32 PM:765
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cluid kontera.com
2/22/2010 8:23:32 PM:765
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - imprs kontera.com
2/22/2010 8:23:33 PM:175
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DM56061662RDV6 ehg-aami.hitbox.com
2/22/2010 8:23:33 PM:225
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - kasapimage myap.liveperson.com
2/22/2010 8:23:33 PM:694
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - limps kontera.com
2/22/2010 8:23:33 PM:695
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - clcks kontera.com
2/22/2010 8:23:35 PM:272
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - cd rubiconproject.com
2/22/2010 8:23:35 PM:273
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - au rubiconproject.com
2/22/2010 8:23:35 PM:317
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - dq tap.rubiconproject.com
2/22/2010 8:23:37 PM:527
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ATTACID at.atwola.com
2/22/2010 8:23:37 PM:528
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ATTAC at.atwola.com
2/22/2010 8:23:39 PM:413
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - ffadult_who adultfriendfinder.com
2/22/2010 8:23:39 PM:414
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - IP_COUNTRY adultfriendfinder.com
2/22/2010 8:23:39 PM:414
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - ffadult_tr adultfriendfinder.com
2/22/2010 8:23:39 PM:415
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - LOCATION_FROM_IP adultfriendfinder.com
2/22/2010 8:23:39 PM:416
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - HISTORY adultfriendfinder.com
2/22/2010 8:23:39 PM:416
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - __utma adultfriendfinder.com
2/22/2010 8:23:39 PM:416
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - __utmz adultfriendfinder.com
2/22/2010 8:23:39 PM:679
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - PPID partypoker.com
2/22/2010 8:23:39 PM:680
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - PPWMID partypoker.com
2/22/2010 8:23:39 PM:680
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - WT_FPC partypoker.com
2/22/2010 8:23:39 PM:715
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - WT_DC www.partypoker.com
2/22/2010 8:23:39 PM:848
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRID ads.pointroll.com
2/22/2010 8:23:39 PM:849
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRvt ads.pointroll.com
2/22/2010 8:23:39 PM:850
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRimp ads.pointroll.com
2/22/2010 8:23:39 PM:850
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRca ads.pointroll.com
2/22/2010 8:23:39 PM:851
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRcp ads.pointroll.com
2/22/2010 8:23:39 PM:852
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRpl ads.pointroll.com
2/22/2010 8:23:39 PM:852
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRcr ads.pointroll.com
2/22/2010 8:23:39 PM:853
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - PRpc ads.pointroll.com
2/22/2010 8:23:39 PM:947
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - 56Q8 www.burstnet.com
2/22/2010 8:23:40 PM:155
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - /BC www.burstbeacon.com
2/22/2010 8:23:40 PM:802
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utma younggirlsxxx.com
2/22/2010 8:23:40 PM:802
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmz younggirlsxxx.com
2/22/2010 8:23:41 PM:681
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - VISID counter.hitslink.com
2/22/2010 8:23:47 PM:469
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - OAID ads.crakmedia.com
2/22/2010 8:23:49 PM:731
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utma medleyads.com
2/22/2010 8:23:49 PM:732
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmb medleyads.com
2/22/2010 8:23:49 PM:732
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmc medleyads.com
2/22/2010 8:23:49 PM:733
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - __utmz medleyads.com
2/22/2010 8:23:49 PM:733
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - group_history medleyads.com
2/22/2010 8:23:50 PM:102
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - rvd nextag.com.au
2/22/2010 8:23:50 PM:103
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - visitorId nextag.com.au
2/22/2010 8:23:50 PM:103
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - intKeys nextag.com.au
2/22/2010 8:23:50 PM:104
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - intTime nextag.com.au
2/22/2010 8:23:50 PM:105
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - prf nextag.com.au
2/22/2010 8:23:50 PM:105
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - k nextag.com.au
2/22/2010 8:23:50 PM:106
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - _jsen1 nextag.com.au
2/22/2010 8:23:50 PM:572
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - CTG hitbox.com
2/22/2010 8:23:50 PM:613
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DM521004BGZNV6 ehg-nokiafin.hitbox.com
2/22/2010 8:23:50 PM:614
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - WSS_GW hitbox.com
2/22/2010 8:23:50 PM:654
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DM550514HPNZV6 ehg-nokiafin.hitbox.com
2/22/2010 8:23:50 PM:692
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - DM5307028KBBV6 ehg-nokiafin.hitbox.com
2/22/2010 8:23:51 PM:142
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - ANON_ID tribalfusion.com
2/22/2010 8:23:52 PM:468
Infection was detected on this computer
Threat Name - Application.TrackingCookies
Type - Cookie
Risk Level - Low
Infection - www.superantispyware.com
2/22/2010 8:25:15 PM:500
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 208269
Threats Detected - 2
Infections Detected - 70
Infections Ignored - 0
2/22/2010 8:31:35 PM:64
Smart Update
Smart Update has successfully installed new updates.
2/23/2010 5:23:29 PM:427
Service Started
Spyware Doctor Service Application started
2/23/2010 5:23:29 PM:427
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/23/2010 5:23:29 PM:498
IntelliGuards status
All IntelliGuards were Enabled
2/23/2010 5:23:33 PM:435
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/23/2010 5:25:24 PM:441
Service Stopped
Spyware Doctor Service Application Stopped
2/23/2010 5:27:44 PM:594
Service Started
Spyware Doctor Service Application started
2/23/2010 5:27:44 PM:594
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/23/2010 5:27:44 PM:680
IntelliGuards status
All IntelliGuards were Enabled
2/23/2010 5:27:50 PM:836
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/23/2010 5:55:34 PM:607
Smart Update
Smart Update has successfully installed new updates.
2/23/2010 5:55:40 PM:530
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/23/2010 5:56:08 PM:4
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/23/2010 6:00:05 PM:353
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
2/23/2010 6:00:13 PM:853
Scan Started
Scan Type - Intelli-Scan
2/23/2010 6:06:34 PM:149
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 207406
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/24/2010 5:03:12 PM:640
Service Started
Spyware Doctor Service Application started
2/24/2010 5:03:12 PM:640
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/24/2010 5:03:12 PM:695
IntelliGuards status
All IntelliGuards were Enabled
2/24/2010 5:03:26 PM:41
Immunizer Results
ActiveX section has been immunized, Processed 3 items.
2/24/2010 5:36:13 PM:276
Smart Update
Smart Update has successfully installed new updates.
2/24/2010 5:36:45 PM:73
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/24/2010 5:37:48 PM:559
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/24/2010 6:00:03 PM:430
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
2/24/2010 6:02:07 PM:251
Scan Started
Scan Type - Intelli-Scan
2/24/2010 6:03:28 PM:122
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
2/24/2010 6:19:38 PM:458
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 207128
Threats Detected - 1
Infections Detected - 1
Infections Ignored - 0
2/24/2010 10:06:48 PM:879
Service Started
Spyware Doctor Service Application started
2/24/2010 10:06:48 PM:879
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/24/2010 10:06:49 PM:20
IntelliGuards status
All IntelliGuards were Enabled
2/24/2010 10:06:58 PM:4
Immunizer Results
ActiveX section has been immunized, Processed 4 items.
2/24/2010 10:39:04 PM:586
Smart Update
Smart Update has determined that Spyware Doctor is up to date
2/24/2010 10:52:15 PM:756
Service Stopped
Spyware Doctor Service Application Stopped
2/25/2010 7:54:16 AM:164
Service Started
Spyware Doctor Service Application started
2/25/2010 7:54:16 AM:164
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/25/2010 7:54:16 AM:328
IntelliGuards status
All IntelliGuards were Enabled
2/25/2010 7:54:19 AM:296
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/25/2010 7:58:46 AM:265
Service Stopped
Spyware Doctor Service Application Stopped
2/27/2010 1:55:33 PM:797
Service Started
Spyware Doctor Service Application started
2/27/2010 1:55:33 PM:797
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/27/2010 1:55:33 PM:868
IntelliGuards status
All IntelliGuards were Enabled
2/27/2010 1:55:42 PM:985
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/27/2010 2:08:49 PM:368
Smart Update
Smart Update has determined that Spyware Doctor is up to date
2/27/2010 3:25:02 PM:634
Scan Started
Scan Type - Idle Scan
2/27/2010 3:33:13 PM:666
Scan Finished
Scan Type - Idle Scan
Items Processed - 4370
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/27/2010 6:00:04 PM:748
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
2/27/2010 6:00:06 PM:764
Scan Started
Scan Type - Intelli-Scan
2/27/2010 6:00:10 PM:202
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
2/27/2010 6:00:32 PM:310
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, combofix_wow
2/27/2010 6:00:32 PM:310
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, LastDir
2/27/2010 6:00:32 PM:326
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, Runs
2/27/2010 6:00:32 PM:326
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, SnapShot
2/27/2010 6:00:32 PM:326
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, NameSpace_Callout
2/27/2010 6:00:32 PM:341
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, WinSock_Registry_Version
2/27/2010 6:00:32 PM:341
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, AutodialDLL
2/27/2010 6:00:32 PM:341
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, Current_NameSpace_Catalog
2/27/2010 6:00:32 PM:341
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, Current_Protocol_Catalog
2/27/2010 6:00:32 PM:357
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1, AppFullPath
2/27/2010 6:00:32 PM:357
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1, PermittedLspCategories
2/27/2010 6:00:32 PM:373
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1
2/27/2010 6:00:32 PM:388
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, AppFullPath
2/27/2010 6:00:32 PM:388
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, AppArgs
2/27/2010 6:00:32 PM:388
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, PermittedLspCategories
2/27/2010 6:00:32 PM:388
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651
2/27/2010 6:00:32 PM:388
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, AppFullPath
2/27/2010 6:00:32 PM:404
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, AppArgs
2/27/2010 6:00:32 PM:404
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, PermittedLspCategories
2/27/2010 6:00:32 PM:404
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0
2/27/2010 6:00:32 PM:404
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, AppFullPath
2/27/2010 6:00:32 PM:404
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, AppArgs
2/27/2010 6:00:32 PM:419
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, PermittedLspCategories
2/27/2010 6:00:32 PM:419
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA
2/27/2010 6:00:32 PM:419
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, AppFullPath
2/27/2010 6:00:32 PM:419
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, AppArgs
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, PermittedLspCategories
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9, AppFullPath
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9, PermittedLspCategories
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9
2/27/2010 6:00:32 PM:435
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog
2/27/2010 6:00:32 PM:482
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5, Num_Catalog_Entries
2/27/2010 6:00:32 PM:482
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5, Serial_Access_Num
2/27/2010 6:00:32 PM:482
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, LibraryPath
2/27/2010 6:00:32 PM:498
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, DisplayString
2/27/2010 6:00:32 PM:498
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, ProviderId
2/27/2010 6:00:32 PM:498
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, SupportedNameSpace
2/27/2010 6:00:32 PM:498
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, Enabled
2/27/2010 6:00:32 PM:498
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, Version
2/27/2010 6:00:32 PM:544
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, StoresServiceClassInfo
2/27/2010 6:00:32 PM:560
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, ProviderInfo
2/27/2010 6:00:32 PM:560
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2/27/2010 6:00:32 PM:560
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, LibraryPath
2/27/2010 6:00:32 PM:560
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, DisplayString
2/27/2010 6:00:32 PM:560
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, ProviderId
2/27/2010 6:00:32 PM:576
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, SupportedNameSpace
2/27/2010 6:00:32 PM:576
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, Enabled
2/27/2010 6:00:32 PM:576
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, Version
2/27/2010 6:00:32 PM:576
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, StoresServiceClassInfo
2/27/2010 6:00:32 PM:576
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, ProviderInfo
2/27/2010 6:00:32 PM:591
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2/27/2010 6:00:32 PM:591
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, LibraryPath
2/27/2010 6:00:32 PM:591
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, DisplayString
2/27/2010 6:00:32 PM:591
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, ProviderId
2/27/2010 6:00:32 PM:607
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, SupportedNameSpace
2/27/2010 6:00:32 PM:607
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, Enabled
2/27/2010 6:00:32 PM:607
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, Version
2/27/2010 6:00:32 PM:607
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, StoresServiceClassInfo
2/27/2010 6:00:32 PM:607
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, ProviderInfo
2/27/2010 6:00:32 PM:623
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2/27/2010 6:00:32 PM:623
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, LibraryPath
2/27/2010 6:00:32 PM:623
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, DisplayString
2/27/2010 6:00:32 PM:623
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, ProviderId
2/27/2010 6:00:32 PM:623
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, SupportedNameSpace
2/27/2010 6:00:32 PM:638
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, Enabled
2/27/2010 6:00:32 PM:638
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, Version
2/27/2010 6:00:32 PM:638
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, StoresServiceClassInfo
2/27/2010 6:00:32 PM:638
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, ProviderInfo
2/27/2010 6:00:32 PM:638
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
2/27/2010 6:00:32 PM:654
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, LibraryPath
2/27/2010 6:00:32 PM:654
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, DisplayString
2/27/2010 6:00:32 PM:654
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, ProviderId
2/27/2010 6:00:32 PM:654
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, SupportedNameSpace
2/27/2010 6:00:32 PM:669
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, Enabled
2/27/2010 6:00:32 PM:669
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, Version
2/27/2010 6:00:32 PM:669
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, StoresServiceClassInfo
2/27/2010 6:00:32 PM:669
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, ProviderInfo
2/27/2010 6:00:32 PM:669
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005
2/27/2010 6:00:32 PM:685
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, LibraryPath
2/27/2010 6:00:32 PM:685
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, DisplayString
2/27/2010 6:00:32 PM:685
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, ProviderId
2/27/2010 6:00:32 PM:685
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, SupportedNameSpace
2/27/2010 6:00:32 PM:685
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, Enabled
2/27/2010 6:00:32 PM:701
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, Version
2/27/2010 6:00:32 PM:701
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, StoresServiceClassInfo
2/27/2010 6:00:32 PM:701
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, ProviderInfo
2/27/2010 6:00:32 PM:701
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006
2/27/2010 6:00:32 PM:701
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries
2/27/2010 6:00:32 PM:716
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5
2/27/2010 6:00:32 PM:732
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Next_Catalog_Entry_ID
2/27/2010 6:00:32 PM:732
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Num_Catalog_Entries
2/27/2010 6:00:32 PM:732
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Serial_Access_Num
2/27/2010 6:00:32 PM:748
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001, PackedCatalogItem
2/27/2010 6:00:32 PM:748
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001, ProtocolName
2/27/2010 6:00:32 PM:748
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
2/27/2010 6:00:32 PM:748
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002, PackedCatalogItem
2/27/2010 6:00:32 PM:748
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002, ProtocolName
2/27/2010 6:00:32 PM:763
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2/27/2010 6:00:32 PM:763
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003, PackedCatalogItem
2/27/2010 6:00:32 PM:763
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003, ProtocolName
2/27/2010 6:00:32 PM:763
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
2/27/2010 6:00:32 PM:763
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004, PackedCatalogItem
2/27/2010 6:00:32 PM:779
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004, ProtocolName
2/27/2010 6:00:32 PM:779
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
2/27/2010 6:00:32 PM:779
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005, PackedCatalogItem
2/27/2010 6:00:32 PM:779
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005, ProtocolName
2/27/2010 6:00:32 PM:779
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
2/27/2010 6:00:32 PM:794
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006, PackedCatalogItem
2/27/2010 6:00:32 PM:794
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006, ProtocolName
2/27/2010 6:00:32 PM:794
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
2/27/2010 6:00:32 PM:794
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007, PackedCatalogItem
2/27/2010 6:00:32 PM:810
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007, ProtocolName
2/27/2010 6:00:32 PM:810
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
2/27/2010 6:00:32 PM:810
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008, PackedCatalogItem
2/27/2010 6:00:32 PM:810
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008, ProtocolName
2/27/2010 6:00:32 PM:810
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
2/27/2010 6:00:32 PM:841
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009, PackedCatalogItem
2/27/2010 6:00:32 PM:841
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009, ProtocolName
2/27/2010 6:00:32 PM:841
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
2/27/2010 6:00:32 PM:857
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010, PackedCatalogItem
2/27/2010 6:00:32 PM:857
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010, ProtocolName
2/27/2010 6:00:32 PM:857
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
2/27/2010 6:00:32 PM:857
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011, PackedCatalogItem
2/27/2010 6:00:32 PM:857
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011, ProtocolName
2/27/2010 6:00:32 PM:873
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
2/27/2010 6:00:32 PM:873
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012, PackedCatalogItem
2/27/2010 6:00:32 PM:873
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012, ProtocolName
2/27/2010 6:00:32 PM:873
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
2/27/2010 6:00:32 PM:873
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013, PackedCatalogItem
2/27/2010 6:00:32 PM:888
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013, ProtocolName
2/27/2010 6:00:32 PM:888
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
2/27/2010 6:00:32 PM:888
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014, PackedCatalogItem
2/27/2010 6:00:32 PM:888
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014, ProtocolName
2/27/2010 6:00:32 PM:888
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
2/27/2010 6:00:32 PM:904
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015, PackedCatalogItem
2/27/2010 6:00:32 PM:904
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015, ProtocolName
2/27/2010 6:00:32 PM:904
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
2/27/2010 6:00:32 PM:904
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016, PackedCatalogItem
2/27/2010 6:00:32 PM:904
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016, ProtocolName
2/27/2010 6:00:32 PM:935
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
2/27/2010 6:00:32 PM:935
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017, PackedCatalogItem
2/27/2010 6:00:32 PM:951
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017, ProtocolName
2/27/2010 6:00:32 PM:951
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
2/27/2010 6:00:32 PM:951
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018, PackedCatalogItem
2/27/2010 6:00:32 PM:966
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018, ProtocolName
2/27/2010 6:00:32 PM:966
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
2/27/2010 6:00:32 PM:966
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries
2/27/2010 6:00:32 PM:966
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9
2/27/2010 6:00:32 PM:982
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters
2/27/2010 6:00:32 PM:998
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2
2/27/2010 6:00:32 PM:998
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup
2/27/2010 6:00:33 PM:13
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware
2/27/2010 6:00:33 PM:60
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
2/27/2010 6:00:33 PM:76
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
2/27/2010 6:00:33 PM:91
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, *NewlyCreated*
2/27/2010 6:00:33 PM:107
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control, ActiveService
2/27/2010 6:00:33 PM:107
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
2/27/2010 6:00:33 PM:107
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
2/27/2010 6:00:33 PM:107
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
2/27/2010 6:00:33 PM:185
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
2/27/2010 6:00:33 PM:185
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
2/27/2010 6:00:33 PM:185
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
2/27/2010 6:00:33 PM:185
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
2/27/2010 6:00:33 PM:185
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
2/27/2010 6:00:33 PM:201
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0
2/27/2010 6:00:33 PM:201
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count
2/27/2010 6:00:33 PM:201
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance
2/27/2010 6:00:33 PM:201
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
2/27/2010 6:00:33 PM:201
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
2/27/2010 6:00:36 PM:13
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Wget
2/27/2010 6:01:45 PM:154
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt
2/27/2010 6:01:45 PM:263
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 207444
Threats Detected - 3
Infections Detected - 178
Infections Ignored - 0
2/27/2010 11:04:49 PM:747
Service Started
Spyware Doctor Service Application started
2/27/2010 11:04:49 PM:747
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/27/2010 11:04:49 PM:887
IntelliGuards status
All IntelliGuards were Enabled
2/27/2010 11:04:56 PM:43
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/27/2010 11:26:13 PM:609
Smart Update
Smart Update has determined that Spyware Doctor is up to date
2/27/2010 11:30:35 PM:906
Service Stopped
Spyware Doctor Service Application Stopped
2/28/2010 8:20:15 AM:636
Service Started
Spyware Doctor Service Application started
2/28/2010 8:20:15 AM:636
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
2/28/2010 8:20:15 AM:847
IntelliGuards status
All IntelliGuards were Enabled
2/28/2010 8:20:33 AM:566
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/28/2010 8:38:31 AM:148
Scan Started
Scan Type - Idle Scan
2/28/2010 8:39:59 AM:257
Smart Update
Smart Update has determined that Spyware Doctor is up to date
2/28/2010 8:51:01 AM:641
Scan Finished
Scan Type - Idle Scan
Items Processed - 10826
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/28/2010 10:52:47 AM:684
Scan Started
Scan Type - Idle Scan
2/28/2010 10:55:19 AM:997
Scan Finished
Scan Type - Idle Scan
Items Processed - 3336
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/28/2010 11:32:32 AM:43
Scan Started
Scan Type - Idle Scan
2/28/2010 11:36:45 AM:911
Scan Finished
Scan Type - Idle Scan
Items Processed - 5585
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/28/2010 12:54:25 PM:251
Scan Started
Scan Type - Idle Scan
2/28/2010 12:59:00 PM:798
Scan Finished
Scan Type - Idle Scan
Items Processed - 5585
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/28/2010 2:04:48 PM:632
Scan Started
Scan Type - Idle Scan
2/28/2010 2:09:29 PM:109
Scan Finished
Scan Type - Idle Scan
Items Processed - 5585
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
2/28/2010 2:47:02 PM:45
Smart Update
Smart Update has determined that Spyware Doctor is up to date
2/28/2010 2:47:03 PM:698
Immunizer Results
ActiveX section has been immunized. No items were processed.
2/28/2010 6:00:08 PM:604
Scheduled task started
Initializing Scheduled task: Intelli-Scan of this computer
2/28/2010 6:00:10 PM:682
Scan Started
Scan Type - Intelli-Scan
2/28/2010 6:00:15 PM:229
Infection was detected on this computer
Threat Name - Adware.Advertising
Type - Cookie
Risk Level - Low
Infection - statcounter.com/ statcounter.com
2/28/2010 6:00:26 PM:854
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, combofix_wow
2/28/2010 6:00:26 PM:854
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, LastDir
2/28/2010 6:00:26 PM:854
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, Runs
2/28/2010 6:00:26 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware, SnapShot
2/28/2010 6:00:26 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, NameSpace_Callout
2/28/2010 6:00:26 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, WinSock_Registry_Version
2/28/2010 6:00:26 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, AutodialDLL
2/28/2010 6:00:26 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, Current_NameSpace_Catalog
2/28/2010 6:00:26 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters, Current_Protocol_Catalog
2/28/2010 6:00:26 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1, AppFullPath
2/28/2010 6:00:26 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1, PermittedLspCategories
2/28/2010 6:00:26 PM:948
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\06EBDCB1
2/28/2010 6:00:26 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, AppFullPath
2/28/2010 6:00:26 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, AppArgs
2/28/2010 6:00:26 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651, PermittedLspCategories
2/28/2010 6:00:26 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-0F0A6651
2/28/2010 6:00:27 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, AppFullPath
2/28/2010 6:00:27 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, AppArgs
2/28/2010 6:00:27 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0, PermittedLspCategories
2/28/2010 6:00:27 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-1F4968A0
2/28/2010 6:00:27 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, AppFullPath
2/28/2010 6:00:27 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, AppArgs
2/28/2010 6:00:27 PM:73
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA, PermittedLspCategories
2/28/2010 6:00:27 PM:73
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-215FDCCA
2/28/2010 6:00:27 PM:104
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, AppFullPath
2/28/2010 6:00:27 PM:104
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, AppArgs
2/28/2010 6:00:27 PM:120
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0, PermittedLspCategories
2/28/2010 6:00:27 PM:135
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\2C69D9F1-34FFF7C0
2/28/2010 6:00:27 PM:151
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9, AppFullPath
2/28/2010 6:00:27 PM:151
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9, PermittedLspCategories
2/28/2010 6:00:27 PM:370
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog\343305C9
2/28/2010 6:00:27 PM:370
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\AppId_Catalog
2/28/2010 6:00:27 PM:416
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5, Num_Catalog_Entries
2/28/2010 6:00:27 PM:416
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5, Serial_Access_Num
2/28/2010 6:00:27 PM:416
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, LibraryPath
2/28/2010 6:00:27 PM:416
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, DisplayString
2/28/2010 6:00:27 PM:416
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, ProviderId
2/28/2010 6:00:27 PM:432
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, SupportedNameSpace
2/28/2010 6:00:27 PM:432
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, Enabled
2/28/2010 6:00:27 PM:432
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, Version
2/28/2010 6:00:27 PM:432
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, StoresServiceClassInfo
2/28/2010 6:00:27 PM:432
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001, ProviderInfo
2/28/2010 6:00:27 PM:448
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
2/28/2010 6:00:27 PM:448
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, LibraryPath
2/28/2010 6:00:27 PM:448
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, DisplayString
2/28/2010 6:00:27 PM:448
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, ProviderId
2/28/2010 6:00:27 PM:448
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, SupportedNameSpace
2/28/2010 6:00:27 PM:463
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, Enabled
2/28/2010 6:00:27 PM:463
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, Version
2/28/2010 6:00:27 PM:463
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, StoresServiceClassInfo
2/28/2010 6:00:27 PM:463
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002, ProviderInfo
2/28/2010 6:00:27 PM:463
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
2/28/2010 6:00:27 PM:479
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, LibraryPath
2/28/2010 6:00:27 PM:479
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, DisplayString
2/28/2010 6:00:27 PM:479
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, ProviderId
2/28/2010 6:00:27 PM:479
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, SupportedNameSpace
2/28/2010 6:00:27 PM:495
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, Enabled
2/28/2010 6:00:27 PM:510
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, Version
2/28/2010 6:00:27 PM:510
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, StoresServiceClassInfo
2/28/2010 6:00:27 PM:510
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003, ProviderInfo
2/28/2010 6:00:27 PM:510
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
2/28/2010 6:00:27 PM:510
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, LibraryPath
2/28/2010 6:00:27 PM:526
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, DisplayString
2/28/2010 6:00:27 PM:526
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, ProviderId
2/28/2010 6:00:27 PM:526
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, SupportedNameSpace
2/28/2010 6:00:27 PM:526
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, Enabled
2/28/2010 6:00:27 PM:557
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, Version
2/28/2010 6:00:27 PM:557
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, StoresServiceClassInfo
2/28/2010 6:00:27 PM:557
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004, ProviderInfo
2/28/2010 6:00:27 PM:557
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
2/28/2010 6:00:27 PM:620
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, LibraryPath
2/28/2010 6:00:27 PM:635
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, DisplayString
2/28/2010 6:00:27 PM:635
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, ProviderId
2/28/2010 6:00:27 PM:635
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, SupportedNameSpace
2/28/2010 6:00:27 PM:635
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, Enabled
2/28/2010 6:00:27 PM:635
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, Version
2/28/2010 6:00:27 PM:651
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, StoresServiceClassInfo
2/28/2010 6:00:27 PM:651
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005, ProviderInfo
2/28/2010 6:00:27 PM:651
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000005
2/28/2010 6:00:27 PM:651
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, LibraryPath
2/28/2010 6:00:27 PM:666
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, DisplayString
2/28/2010 6:00:27 PM:666
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, ProviderId
2/28/2010 6:00:27 PM:682
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, SupportedNameSpace
2/28/2010 6:00:27 PM:682
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, Enabled
2/28/2010 6:00:27 PM:682
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, Version
2/28/2010 6:00:27 PM:682
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, StoresServiceClassInfo
2/28/2010 6:00:27 PM:682
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006, ProviderInfo
2/28/2010 6:00:27 PM:698
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000006
2/28/2010 6:00:27 PM:698
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries
2/28/2010 6:00:27 PM:698
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\NameSpace_Catalog5
2/28/2010 6:00:27 PM:713
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Next_Catalog_Entry_ID
2/28/2010 6:00:27 PM:713
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Num_Catalog_Entries
2/28/2010 6:00:27 PM:713
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9, Serial_Access_Num
2/28/2010 6:00:27 PM:729
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001, PackedCatalogItem
2/28/2010 6:00:27 PM:729
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001, ProtocolName
2/28/2010 6:00:27 PM:745
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
2/28/2010 6:00:27 PM:745
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002, PackedCatalogItem
2/28/2010 6:00:27 PM:745
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002, ProtocolName
2/28/2010 6:00:27 PM:745
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003, PackedCatalogItem
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003, ProtocolName
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004, PackedCatalogItem
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004, ProtocolName
2/28/2010 6:00:27 PM:760
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
2/28/2010 6:00:27 PM:776
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005, PackedCatalogItem
2/28/2010 6:00:27 PM:776
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005, ProtocolName
2/28/2010 6:00:27 PM:776
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
2/28/2010 6:00:27 PM:776
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006, PackedCatalogItem
2/28/2010 6:00:27 PM:791
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006, ProtocolName
2/28/2010 6:00:27 PM:791
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
2/28/2010 6:00:27 PM:791
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007, PackedCatalogItem
2/28/2010 6:00:27 PM:791
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007, ProtocolName
2/28/2010 6:00:27 PM:791
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
2/28/2010 6:00:27 PM:807
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008, PackedCatalogItem
2/28/2010 6:00:27 PM:807
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008, ProtocolName
2/28/2010 6:00:27 PM:807
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
2/28/2010 6:00:27 PM:807
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009, PackedCatalogItem
2/28/2010 6:00:27 PM:807
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009, ProtocolName
2/28/2010 6:00:27 PM:823
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
2/28/2010 6:00:27 PM:823
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010, PackedCatalogItem
2/28/2010 6:00:27 PM:823
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010, ProtocolName
2/28/2010 6:00:27 PM:823
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011, PackedCatalogItem
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011, ProtocolName
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012, PackedCatalogItem
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012, ProtocolName
2/28/2010 6:00:27 PM:838
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
2/28/2010 6:00:27 PM:854
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013, PackedCatalogItem
2/28/2010 6:00:27 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013, ProtocolName
2/28/2010 6:00:27 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
2/28/2010 6:00:27 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014, PackedCatalogItem
2/28/2010 6:00:27 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014, ProtocolName
2/28/2010 6:00:27 PM:870
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
2/28/2010 6:00:27 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015, PackedCatalogItem
2/28/2010 6:00:27 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015, ProtocolName
2/28/2010 6:00:27 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015
2/28/2010 6:00:27 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016, PackedCatalogItem
2/28/2010 6:00:27 PM:885
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016, ProtocolName
2/28/2010 6:00:27 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016
2/28/2010 6:00:27 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017, PackedCatalogItem
2/28/2010 6:00:27 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017, ProtocolName
2/28/2010 6:00:27 PM:901
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017
2/28/2010 6:00:27 PM:916
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018, PackedCatalogItem
2/28/2010 6:00:27 PM:916
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018, ProtocolName
2/28/2010 6:00:27 PM:916
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018
2/28/2010 6:00:27 PM:916
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries
2/28/2010 6:00:27 PM:916
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters\Protocol_Catalog9
2/28/2010 6:00:27 PM:932
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2\Parameters
2/28/2010 6:00:27 PM:948
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup\winsock2
2/28/2010 6:00:27 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware\backup
2/28/2010 6:00:27 PM:963
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SOFTWARE\swearware
2/28/2010 6:00:28 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME, NextInstance
2/28/2010 6:00:28 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Service
2/28/2010 6:00:28 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Legacy
2/28/2010 6:00:28 PM:26
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ConfigFlags
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Class
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, ClassGUID
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, DeviceDesc
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000, Capabilities
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000\Control
2/28/2010 6:00:28 PM:41
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME\0000
2/28/2010 6:00:28 PM:57
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Type
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ErrorControl
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Start
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, ImagePath
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme, Group
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, 0
2/28/2010 6:00:28 PM:88
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, Count
2/28/2010 6:00:28 PM:104
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Value
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum, NextInstance
2/28/2010 6:00:28 PM:104
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme\Enum
2/28/2010 6:00:28 PM:104
Infection was detected on this computer
Threat Name - Application.NirCmd
Type - Registry Key
Risk Level - Info & PUAs
Infection - HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\catchme
2/28/2010 6:00:31 PM:291
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Registry Key
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Wget
2/28/2010 6:01:38 PM:838
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Hidden
2/28/2010 6:01:38 PM:838
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, ShowSuperHidden
2/28/2010 6:01:38 PM:854
Infection was detected on this computer
Threat Name - Trojan.Generic
Type - Modified Registry Value
Risk Level - Medium
Infection - HKEY_USERS\S-1-5-21-1741167404-2738046154-2765825734-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, HideFileExt
2/28/2010 6:01:38 PM:932
Scan Finished
Scan Type - Intelli-Scan
Items Processed - 207170
Threats Detected - 3
Infections Detected - 179
Infections Ignored - 0
2/28/2010 7:52:05 PM:15
Scan Started
Scan Type - Idle Scan
2/28/2010 7:55:17 PM:977
Scan Finished
Scan Type - Idle Scan
Items Processed - 3563
Threats Detected - 0
Infections Detected - 0
Infections Ignored - 0
3/1/2010 7:39:10 AM:973
Service Started
Spyware Doctor Service Application started
3/1/2010 7:39:10 AM:973
Anti-Malware Engine
Anti-Malware engine configuration loaded successfully.
3/1/2010 7:39:11 AM:145
IntelliGuards status
All IntelliGuards were Enabled
3/1/2010 7:39:18 AM:833
Immunizer Results
ActiveX section has been immunized. No items were processed.

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 28 February 2010 - 09:27 PM

Those detections are false alarms. The Spyware Doc is detecting and removing my tools!! Please post the F-Secure log when ready.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 28 February 2010 - 10:38 PM

Gooday and thanks again for your help. I have got F Secure running now. I downloaded it this morning and set it to work. I came home for lunch and it was still spinning around. Closed it and a box came up with something like windows noticed this program did not run correctly. I restarted the puter and restarted the scan. This time just after starting I was asked if I wanted to allow this to run. I clicked yes and will now see what happens. The most noticable thing about the way the machine is running is that at start up a lot the desktop icons are represented by an icon like a piece of paper with a folded corner. Takes quite a while for them to assume their normal selves. I am having a lot of internet dropouts also. Scan completed and no results found.
When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 28 February 2010 - 10:59 PM

Alright. Let's continue...

  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :Commands
    [emptytemp]
    [Reboot]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

==========

You may have corrupt critical system files. Let's see if we can fix that.
  1. Select
  2. Select All Programs
  3. Select Accessories
  4. Right click Command Prompt and choose Run as administrator
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Copy & paste sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
    • Be patient because the scan may take some time.
    • When that has completed then we need to create a logfile.

  • Repeat the process but this time copy & paste findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt in the command window and press Enter.

    Note: This will place a sfcdetails.txt file on your desktop with the SFC scan details from the CBS.LOG. Please copy and paste that log into your next reply.

==========

Please also do this...
http://www.w7forums.com/use-chkdsk-check-disk-t448.html

Thanks,
~ t

Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 wavemaker

wavemaker
  • Topic Starter

  • Members
  • 283 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Maryborough Queensland Australia
  • Local time:06:11 AM

Posted 01 March 2010 - 03:22 AM

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: james
->Temp folder emptied: 16608480 bytes
->Temporary Internet Files folder emptied: 10813738 bytes
->Java cache emptied: 25822969 bytes
->FireFox cache emptied: 79697980 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16368 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 127.00 mb


OTL by OldTimer - Version 3.1.30.3 log created on 03012010_173105

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
2010-03-01 17:38:39, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:38:39, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2010-03-01 17:38:45, Info CSI 0000000c [SR] Verify complete
2010-03-01 17:38:46, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2010-03-01 17:38:46, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2010-03-01 17:38:51, Info CSI 00000010 [SR] Verify complete
2010-03-01 17:38:52, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:38:52, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2010-03-01 17:38:58, Info CSI 00000014 [SR] Verify complete
2010-03-01 17:38:59, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:38:59, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:03, Info CSI 00000018 [SR] Verify complete
2010-03-01 17:39:04, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:04, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:10, Info CSI 0000001c [SR] Verify complete
2010-03-01 17:39:10, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:10, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:15, Info CSI 00000020 [SR] Verify complete
2010-03-01 17:39:15, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:15, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:19, Info CSI 00000024 [SR] Verify complete
2010-03-01 17:39:20, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:20, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:24, Info CSI 00000028 [SR] Verify complete
2010-03-01 17:39:25, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:25, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:28, Info CSI 0000002c [SR] Verify complete
2010-03-01 17:39:29, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:29, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:34, Info CSI 00000030 [SR] Verify complete
2010-03-01 17:39:35, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:35, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:42, Info CSI 00000034 [SR] Verify complete
2010-03-01 17:39:43, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:43, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:48, Info CSI 0000003b [SR] Verify complete
2010-03-01 17:39:49, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:49, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:53, Info CSI 00000040 [SR] Verify complete
2010-03-01 17:39:54, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:54, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2010-03-01 17:39:58, Info CSI 00000046 [SR] Verify complete
2010-03-01 17:39:59, Info CSI 00000047 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:39:59, Info CSI 00000048 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:07, Info CSI 00000050 [SR] Verify complete
2010-03-01 17:40:08, Info CSI 00000051 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:08, Info CSI 00000052 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:14, Info CSI 00000056 [SR] Verify complete
2010-03-01 17:40:15, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:15, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:21, Info CSI 0000005a [SR] Verify complete
2010-03-01 17:40:21, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:21, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:26, Info CSI 0000005e [SR] Verify complete
2010-03-01 17:40:26, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:26, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:33, Info CSI 00000062 [SR] Verify complete
2010-03-01 17:40:34, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:34, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:40, Info CSI 00000066 [SR] Verify complete
2010-03-01 17:40:40, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:40, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2010-03-01 17:40:50, Info CSI 0000006a [SR] Verify complete
2010-03-01 17:40:51, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:40:51, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:06, Info CSI 00000070 [SR] Verify complete
2010-03-01 17:41:06, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:06, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:14, Info CSI 00000074 [SR] Verify complete
2010-03-01 17:41:14, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:14, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:30, Info CSI 00000078 [SR] Verify complete
2010-03-01 17:41:30, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:30, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:38, Info CSI 0000007c [SR] Verify complete
2010-03-01 17:41:39, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:39, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:42, Info CSI 00000080 [SR] Verify complete
2010-03-01 17:41:42, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:42, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:44, Info CSI 00000084 [SR] Verify complete
2010-03-01 17:41:44, Info CSI 00000085 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:44, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2010-03-01 17:41:47, Info CSI 00000088 [SR] Verify complete
2010-03-01 17:41:48, Info CSI 00000089 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:41:48, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:04, Info CSI 000000a8 [SR] Verify complete
2010-03-01 17:42:04, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:04, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:07, Info CSI 000000ac [SR] Verify complete
2010-03-01 17:42:07, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:07, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:11, Info CSI 000000b0 [SR] Verify complete
2010-03-01 17:42:12, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:12, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:16, Info CSI 000000b4 [SR] Verify complete
2010-03-01 17:42:16, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:16, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:25, Info CSI 000000b8 [SR] Verify complete
2010-03-01 17:42:25, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:25, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:36, Info CSI 000000bc [SR] Verify complete
2010-03-01 17:42:36, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:36, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:39, Info CSI 000000c0 [SR] Verify complete
2010-03-01 17:42:39, Info CSI 000000c1 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:39, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:42, Info CSI 000000c4 [SR] Verify complete
2010-03-01 17:42:43, Info CSI 000000c5 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:43, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:49, Info CSI 000000c8 [SR] Verify complete
2010-03-01 17:42:50, Info CSI 000000c9 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:50, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2010-03-01 17:42:55, Info CSI 000000cc [SR] Verify complete
2010-03-01 17:42:55, Info CSI 000000cd [SR] Verifying 100 (0x00000064) components
2010-03-01 17:42:55, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2010-03-01 17:43:01, Info CSI 000000d0 [SR] Verify complete
2010-03-01 17:43:01, Info CSI 000000d1 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:43:01, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2010-03-01 17:43:12, Info CSI 000000d5 [SR] Verify complete
2010-03-01 17:43:13, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:43:13, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2010-03-01 17:43:24, Info CSI 000000fc [SR] Verify complete
2010-03-01 17:43:25, Info CSI 000000fd [SR] Verifying 100 (0x00000064) components
2010-03-01 17:43:25, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2010-03-01 17:43:34, Info CSI 00000100 [SR] Verify complete
2010-03-01 17:43:35, Info CSI 00000101 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:43:35, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:02, Info CSI 00000104 [SR] Verify complete
2010-03-01 17:44:02, Info CSI 00000105 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:02, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:17, Info CSI 00000109 [SR] Verify complete
2010-03-01 17:44:18, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:18, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:28, Info CSI 0000010d [SR] Verify complete
2010-03-01 17:44:29, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:29, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:34, Info CSI 00000111 [SR] Verify complete
2010-03-01 17:44:35, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:35, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:41, Info CSI 00000115 [SR] Verify complete
2010-03-01 17:44:41, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:41, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:46, Info CSI 00000119 [SR] Verify complete
2010-03-01 17:44:46, Info CSI 0000011a [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:46, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2010-03-01 17:44:51, Info CSI 0000011e [SR] Verify complete
2010-03-01 17:44:52, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:44:52, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2010-03-01 17:45:14, Info CSI 00000122 [SR] Verify complete
2010-03-01 17:45:14, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:45:14, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2010-03-01 17:45:27, Info CSI 00000127 [SR] Verify complete
2010-03-01 17:45:27, Info CSI 00000128 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:45:27, Info CSI 00000129 [SR] Beginning Verify and Repair transaction
2010-03-01 17:45:35, Info CSI 0000012b [SR] Verify complete
2010-03-01 17:45:36, Info CSI 0000012c [SR] Verifying 100 (0x00000064) components
2010-03-01 17:45:36, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2010-03-01 17:45:41, Info CSI 0000012f [SR] Verify complete
2010-03-01 17:45:41, Info CSI 00000130 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:45:41, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2010-03-01 17:45:55, Info CSI 00000134 [SR] Verify complete
2010-03-01 17:45:56, Info CSI 00000135 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:45:56, Info CSI 00000136 [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:05, Info CSI 00000138 [SR] Verify complete
2010-03-01 17:46:06, Info CSI 00000139 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:06, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:11, Info CSI 0000013c [SR] Verify complete
2010-03-01 17:46:12, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:12, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:18, Info CSI 00000140 [SR] Verify complete
2010-03-01 17:46:18, Info CSI 00000141 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:18, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:24, Info CSI 00000145 [SR] Verify complete
2010-03-01 17:46:25, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:25, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:32, Info CSI 00000149 [SR] Verify complete
2010-03-01 17:46:32, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:32, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:37, Info CSI 0000014d [SR] Verify complete
2010-03-01 17:46:37, Info CSI 0000014e [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:37, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:43, Info CSI 00000151 [SR] Verify complete
2010-03-01 17:46:44, Info CSI 00000152 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:44, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:52, Info CSI 00000156 [SR] Verify complete
2010-03-01 17:46:52, Info CSI 00000157 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:52, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2010-03-01 17:46:57, Info CSI 0000015a [SR] Verify complete
2010-03-01 17:46:58, Info CSI 0000015b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:46:58, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:06, Info CSI 0000015e [SR] Verify complete
2010-03-01 17:47:06, Info CSI 0000015f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:06, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:18, Info CSI 00000162 [SR] Verify complete
2010-03-01 17:47:19, Info CSI 00000163 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:19, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:34, Info CSI 00000166 [SR] Verify complete
2010-03-01 17:47:35, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:35, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:37, Info CSI 0000016a [SR] Verify complete
2010-03-01 17:47:38, Info CSI 0000016b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:38, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:43, Info CSI 0000016e [SR] Verify complete
2010-03-01 17:47:44, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:44, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:49, Info CSI 00000172 [SR] Verify complete
2010-03-01 17:47:50, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:50, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2010-03-01 17:47:56, Info CSI 00000176 [SR] Verify complete
2010-03-01 17:47:57, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:47:57, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2010-03-01 17:48:00, Info CSI 0000017a [SR] Verify complete
2010-03-01 17:48:00, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:48:00, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2010-03-01 17:48:05, Info CSI 0000017e [SR] Verify complete
2010-03-01 17:48:06, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:48:06, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2010-03-01 17:48:23, Info CSI 00000182 [SR] Verify complete
2010-03-01 17:48:24, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:48:24, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2010-03-01 17:48:58, Info CSI 00000186 [SR] Verify complete
2010-03-01 17:48:59, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:48:59, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:07, Info CSI 0000018a [SR] Verify complete
2010-03-01 17:49:08, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2010-03-01 17:49:08, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:15, Info CSI 0000018e [SR] Verify complete
2010-03-01 17:49:15, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2010-03-01 17:49:15, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:19, Info CSI 00000192 [SR] Verify complete
2010-03-01 17:49:19, Info CSI 00000193 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:49:19, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:22, Info CSI 00000196 [SR] Verify complete
2010-03-01 17:49:23, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2010-03-01 17:49:23, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:30, Info CSI 0000019a [SR] Verify complete
2010-03-01 17:49:31, Info CSI 0000019b [SR] Verifying 86 (0x00000056) components
2010-03-01 17:49:31, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:34, Info CSI 0000019e [SR] Verify complete
2010-03-01 17:49:34, Info CSI 0000019f [SR] Repairing 0 components
2010-03-01 17:49:34, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2010-03-01 17:49:34, Info CSI 000001a2 [SR] Repair complete


Did chkdisc also. Is there a log for that to post?

Edited by wavemaker, 01 March 2010 - 04:51 AM.

When The Going Gets Weird, The Weird Turn Pro. (H.S.T.)

#15 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:11 PM

Posted 01 March 2010 - 10:10 AM

Hi,

QUOTE
Did chkdisc also. Is there a log for that to post?
Nope.

Please do this...

Please download Autoruns
  • Save it to your desktop
  • Double click the application to unzip
  • Double click Autorun.exe contained within
  • In the upper left corner choose..
  • Options
  • And then check..
  • Hide Microsoft and Windows Entries
  • Now choose..
  • File
  • Save
  • Save In - Desktop
  • File Name - Autoruns
  • Save As Type - Text
  • Now select Save
Copy and paste the log in your next reply

==========

How is your computer running now?

Thanks,
~ t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users