Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop running really slow


  • This topic is locked This topic is locked
24 replies to this topic

#1 kevb8ll

kevb8ll

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 26 March 2010 - 07:39 PM

I have a laptop running XP pro SP3. This last few weeks has got slower and slower.

I have pasted dds and gmer logs. Although gmer kept crashing so I pasted what I got.

I have also attached "attach.txt" in a zip folder.

Kev

DDS:


DDS (Ver_10-03-17.01) - NTFSx86
Run by kevin at 23:44:37.76 on 26/03/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.64 [GMT 0:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\windows\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\windows\system32\spoolsv.exe
svchost.exe
C:\windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\windows\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\windows\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\Program Files\SAMSUNG\MagicKBD\PerformanceManager.exe
C:\windows\RTHDCPL.EXE
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\windows\system32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\InstantEyedropper\InstantEyedropper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\FRONTPG.EXE
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\kevin\Desktop\bleep\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Microsoft Internet Explorer provided by Adam Jenner
uStart Page = hxxp://www.google.co.uk/
uDefault_Page_URL = hxxp://link1
uSearch Bar = hxxp://www.google.co.uk
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\5.0.350.1\npchrome_frame.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\kevin\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [instanteyedropper] "c:\program files\instanteyedropper\InstantEyedropper.exe"
uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [AVStation Premium 3.75 DriveMapper] c:\program files\samsung\avstation premium 3.75\DriveMapper.exe
mRun: [AVStation Premium 3.75] "c:\program files\samsung\avstation premium 3.75\AVSAgent.exe" /start
mRun: [BatteryManager] c:\program files\samsung\samsung battery manager\BatteryManager.exe
mRun: [MagicKeyboard] c:\program files\samsung\magickbd\PreMKBD.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [<NO NAME>]
mRun: [EDS] c:\program files\samsung\samsung eds\EDSAgent.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [DMHotKey] c:\program files\samsung\easy display manager\DMLoader.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\logitech webcam software\eReg.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1237982474063
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\5.0.350.1\npchrome_frame.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 91.204.209.3 www.joysandsorrows.co.uk
Hosts: 91.204.209.3 joysandsorrows.co.uk
Hosts: 75.126.153.50 www.devonlinksdevelopment.co.uk
Hosts: 75.126.153.50 devonlinksdevelopment.co.uk

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\kevin\applic~1\mozilla\firefox\profiles\vw5xb5kv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\vw5xb5kv.default\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\vw5xb5kv.default\extensions\twitternotifier@naan.net\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\kevin\application data\mozilla\firefox\profiles\vw5xb5kv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\kevin\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-15 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2007-9-14 4300]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2006-10-12 28160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100325.002\naveng.sys [2010-3-26 84912]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100325.002\navex15.sys [2010-3-26 1324720]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\kevin\locals~1\temp\__samsung_update\addmem.sys --> c:\docume~1\kevin\locals~1\temp\__samsung_update\ADDMEM.SYS [?]

=============== Created Last 30 ================

2010-03-23 09:49:25 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-23 09:46:50 539160 ----a-r- c:\windows\system32\LVUI2RC.dll
2010-03-23 09:46:48 34068 ----a-r- c:\windows\system32\Repository.reg
2010-03-23 09:46:44 82289 ----a-r- c:\windows\system32\lvcoinst.ini
2010-03-23 09:46:40 539160 ----a-r- c:\windows\system32\LVUI2.dll
2010-03-23 09:46:39 199192 ----a-r- c:\windows\system32\lvci1201278.dll
2010-03-23 09:46:37 416280 ----a-r- c:\windows\system32\lvcodec2.dll
2010-03-23 09:46:18 265496 ----a-r- c:\windows\system32\drivers\lvrs.sys
2010-03-23 09:46:15 266828 ----a-r- c:\windows\system32\drivers\LVAFT.cfg
2010-03-23 09:45:47 6754712 ----a-r- c:\windows\system32\drivers\lvuvc.sys
2010-03-23 09:40:41 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-23 09:39:04 23832 ----a-r- c:\windows\system32\drivers\lvuvcflt.sys
2010-03-23 09:28:56 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-23 09:28:56 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-23 09:28:08 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-03-23 09:28:08 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-23 09:28:07 20992 -c--a-w- c:\windows\system32\dllcache\dshowext.ax
2010-03-23 09:28:07 20992 ----a-w- c:\windows\system32\dshowext.ax
2010-03-17 10:45:26 0 d-----w- c:\docume~1\kevin\applic~1\Trusteer
2010-03-17 10:45:03 0 d-----w- c:\program files\Trusteer
2010-03-17 10:43:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Trusteer
2010-03-15 12:09:49 0 d-----w- c:\program files\common files\xing shared
2010-03-13 14:05:01 0 d-----w- c:\program files\common files\NSV
2010-03-13 14:01:48 579602 ----a-w- c:\windows\system32\x264vfw.dll
2010-03-13 14:01:48 0 d-----w- c:\program files\x264
2010-03-13 14:01:25 0 d-----w- c:\program files\ffdshow
2010-03-11 07:52:22 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-10 09:59:12 0 d-----w- c:\documents and settings\kevin\TOSHIBA
2010-03-10 09:58:07 286720 ----a-w- c:\windows\system32\eSTsnmp.dll
2010-03-09 21:14:41 115880 ------w- c:\windows\system32\pxinsi64.exe
2010-03-05 17:06:20 0 d-----w- C:\Output Files
2010-03-05 17:02:15 0 d-----w- c:\windows\system32\tempdir
2010-03-05 17:02:14 1503232 ----a-w- c:\windows\system32\ptj.exe
2010-03-05 17:02:12 4369408 ----a-w- c:\windows\system32\pdftk.exe
2010-03-05 17:02:12 235008 ----a-w- c:\windows\system32\office.exe
2010-03-05 17:02:10 0 d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2010-03-05 16:49:23 0 d-----w- C:\omniformat
2010-03-02 19:29:02 293376 ------w- c:\windows\system32\browserchoice.exe

==================== Find3M ====================

2010-02-12 14:27:33 63984 ------w- c:\windows\system32\pxwma.dll
2010-01-15 18:30:26 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-03-25 12:36:29 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009032520090326\index.dat

============= FINISH: 23:47:35.07 ===============


GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-27 00:21:38
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\kevin\LOCALS~1\Temp\pxtdqpob.sys


---- System - GMER 1.0.15 ----

SSDT 83912700 ZwAlertResumeThread
SSDT 83AAE6B0 ZwAlertThread
SSDT 839A55F0 ZwAllocateVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xA9D56D82]
SSDT 83AAA160 ZwConnectPort
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xA9D5748E]
SSDT 83AAEC70 ZwCreateMutant
SSDT 839ADB30 ZwCreateThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xA9D575DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xA9D5AD54]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xA9D5AD86]
SSDT 83924498 ZwFreeVirtualMemory
SSDT 839235A8 ZwImpersonateAnonymousToken
SSDT 83926260 ZwImpersonateThread
SSDT 839FE4C8 ZwMapViewOfSection
SSDT 83AF4EF8 ZwOpenEvent
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xA9D5753E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xA9D56EC6]
SSDT 839660C8 ZwOpenProcessToken
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xA9D570B8]
SSDT 8396EC90 ZwOpenThreadToken
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xA9D571EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xA9D5AE5E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xA9D5ADC8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xA9D5ADFA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xA9D5AE2C]
SSDT 8394EE90 ZwResumeThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xA9D56D30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xA9D5763A]
SSDT 8396ED48 ZwSetInformationProcess
SSDT 83996AD0 ZwSetInformationThread
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xA9D5ACEC]
SSDT 83953110 ZwSuspendProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xA9D56CD4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateProcess [0xA9D56C30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xA9D56C78]
SSDT 8395A6B0 ZwUnmapViewOfSection
SSDT 839A4860 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Attached Files


I don't do silly signature things - not since my Karma ran over my Dogma!

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 30 March 2010 - 02:57 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 03 April 2010 - 02:43 PM

Sorry I didn't get an email notification so have only just got this. I am just about to have a meal will try and do the first part later otherwise it will be monday as I will be out all day tomorrow.

Thank you, I'm looking forward to getting things sorted. thumbup2.gif

Kev
I don't do silly signature things - not since my Karma ran over my Dogma!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 03 April 2010 - 02:51 PM

Okay, no problem smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 03 April 2010 - 06:05 PM

OTL:

OTL logfile created on: 03/04/2010 23:50:45 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\kevin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

766.00 Mb Total Physical Memory | 80.00 Mb Available Physical Memory | 10.00% Memory free
2.00 Gb Paging File | 0.00 Gb Available in Paging File | 20.00% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 9.83 Gb Free Space | 8.79% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BU24
Current User Name: kevin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/03 23:33:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kevin\Desktop\OTL.exe
PRC - [2010/04/03 15:40:27 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/03/18 10:26:17 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/03/15 13:07:50 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/18 17:53:42 | 000,095,232 | ---- | M] () -- C:\Program Files\TweetDeck\TweetDeck.exe
PRC - [2010/02/12 19:07:32 | 005,933,912 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2010/01/15 01:57:10 | 018,343,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\EXCEL.EXE
PRC - [2009/11/11 11:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009/10/29 14:03:34 | 000,159,744 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
PRC - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009/10/27 10:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009/10/27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009/10/11 05:17:45 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/17 17:22:56 | 000,352,256 | ---- | M] () -- C:\Program Files\InstantEyedropper\InstantEyedropper.exe
PRC - [2007/09/04 16:13:22 | 000,692,224 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2007/09/04 00:24:58 | 002,764,800 | ---- | M] () -- C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
PRC - [2007/08/29 20:08:44 | 000,372,736 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Program Files\Samsung\MagicKBD\MagicKBD.exe
PRC - [2007/08/29 17:44:44 | 000,299,008 | ---- | M] (Samsung Electronics Co. Ltd.) -- C:\Program Files\Samsung\MagicKBD\PerformanceManager.exe
PRC - [2007/07/19 01:30:52 | 000,163,840 | ---- | M] () -- C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe
PRC - [2007/04/01 10:02:38 | 001,416,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/04/01 10:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/02/22 19:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
PRC - [2007/01/11 18:08:50 | 000,634,880 | ---- | M] () -- C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
PRC - [2006/11/21 18:38:22 | 000,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2006/06/15 02:40:34 | 000,124,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/03/24 18:14:48 | 000,053,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2005/05/28 16:35:56 | 000,036,864 | R--- | M] () -- C:\Program Files\Samsung\Samsung Network Manager\SNMWLANService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/03 23:33:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kevin\Desktop\OTL.exe
MOD - [2010/03/15 13:11:13 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/03/04 14:56:04 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2007/04/02 06:00:48 | 000,086,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2003/03/19 06:14:52 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 12:42:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/10/27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/09/24 03:59:24 | 001,695,368 | ---- | M] (NanJing Nagasoft Co, LTD.) [Auto | Stopped] -- C:\WINDOWS\system32\Nagasoft\vjocx.dll -- (vvdsvc)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/10/05 17:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006/06/15 02:40:28 | 000,115,952 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/06/15 02:40:24 | 001,805,552 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/06/15 02:40:16 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/04/11 18:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/03/24 18:14:58 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/03/24 18:14:52 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/02/23 12:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/01/24 21:06:58 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2005/05/28 16:35:56 | 000,036,864 | R--- | M] () [Auto | Running] -- C:\Program Files\samsung\Samsung Network Manager\SNMWLANService.exe -- (SNM WLAN Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/03/15 14:47:30 | 000,058,984 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/02/04 10:00:00 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100402.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 10:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100402.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/06 12:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009/10/06 12:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009/10/06 12:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/10/06 12:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009/08/30 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/30 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/05/01 00:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/05/01 00:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/05/01 00:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/08/26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/06 09:51:00 | 000,285,952 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/27 16:58:30 | 002,372,096 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/07/10 01:56:00 | 004,449,280 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/05/03 03:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007/03/31 21:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/03/23 18:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/03/23 18:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/23 18:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/03/23 18:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/28 20:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/10/12 20:12:48 | 000,028,160 | ---- | M] (Samsung Electronics,.LTD) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SamsungEDS.SYS -- (DNSeFilter)
DRV - [2006/05/05 17:19:50 | 000,107,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/04/11 18:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/01/24 21:06:36 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/01/24 21:06:32 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2005/12/19 21:41:58 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2005/12/19 21:41:56 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2005/12/07 22:30:52 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/10/27 05:18:05 | 000,004,300 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\MEMIO.SYS -- (DOSMEMIO)
DRV - [2005/08/02 11:16:32 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005/05/03 16:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/21 12:40:36 | 000,010,624 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2005/04/12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://link1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.3
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.9.6.2
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e}:0.6.4.1
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: kgen@elitwork.com:0.7
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: GradientBrushedMetalFF3@pumpel.com:3.5.2
FF - prefs.js..keyword.URL: ""
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/15 13:11:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/11/16 11:12:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/03 15:41:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 15:41:15 | 000,000,000 | ---D | M]

[2009/03/25 22:19:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Extensions
[2010/04/03 16:15:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions
[2010/03/23 15:36:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2009/12/19 11:11:18 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/10/15 20:44:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/15 20:45:43 | 000,000,000 | ---D | M] (Gmail Notifier) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
[2010/02/24 17:06:37 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/11/18 11:15:11 | 000,000,000 | ---D | M] (BBCode) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2009/07/03 20:27:32 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/08 23:44:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/12/11 20:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/11/18 11:15:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\FasterFox_Lite@BigRedBrent
[2009/11/09 21:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\firefox@tvunetworks.com
[2010/04/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\GradientBrushedMetalFF3@pumpel.com
[2010/03/04 18:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\kgen@elitwork.com
[2009/11/18 11:15:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\morningCoffee@shaneliesegang
[2010/04/03 16:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\twitternotifier@naan.net
[2010/04/03 16:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\GradientBrushedMetalFF3@pumpel.com\mozapps\extensions
[2010/04/03 16:01:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/12 16:57:50 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 16:57:50 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 16:57:50 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 16:57:50 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/10/11 19:08:10 | 000,000,900 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 91.204.209.3 www.joysandsorrows.co.uk
O1 - Hosts: 91.204.209.3 joysandsorrows.co.uk
O1 - Hosts: 75.126.153.50 www.devonlinksdevelopment.co.uk
O1 - Hosts: 75.126.153.50 devonlinksdevelopment.co.uk
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.350.1\npchrome_frame.dll (@COMPANY_FULLNAME@)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\windows\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVStation Premium 3.75] C:\Program Files\Samsung\AVStation Premium 3.75\AVSAgent.exe ()
O4 - HKLM..\Run: [AVStation Premium 3.75 DriveMapper] C:\Program Files\Samsung\AVStation Premium 3.75\DriveMapper.exe (Samsung Electronics)
O4 - HKLM..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\windows\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DMHotKey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe (SAMSUNG Electronics)
O4 - HKLM..\Run: [EDS] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MagicKeyboard] C:\Program Files\Samsung\MagicKBD\PreMKbd.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKCU..\Run: [instanteyedropper] C:\Program Files\InstantEyedropper\InstantEyedropper.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe File not found
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\kevin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Logitech\Logitech WebCam Software\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1237982474063 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = HEADOFFICE.local
O18 - Protocol\Handler\cf - No CLSID value found
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.350.1\npchrome_frame.dll (@COMPANY_FULLNAME@)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\windows\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/09/14 02:11:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1174e67b-cf75-11de-b96d-001dd9f9f1f9}\Shell\AutoRun\command - "" = E:\umenu.exe -- File not found
O33 - MountPoints2\{4a3e78c2-c478-11dc-b1e5-00137764236c}\Shell\AutoRun\command - "" = 1.exe 0o
O33 - MountPoints2\{4a3e78c2-c478-11dc-b1e5-00137764236c}\Shell\explore\Command - "" = 1.exe 0e
O33 - MountPoints2\{4a3e78c2-c478-11dc-b1e5-00137764236c}\Shell\open\Command - "" = 1.exe 0o
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/03 23:46:45 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\kevin\Desktop\OTL.exe
[2010/04/01 08:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2010/03/30 23:09:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\phpBB-3.0.6_to_3.0.7-PL1
[2010/03/29 21:51:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Application Data\avidemux
[2010/03/29 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\Avidemux 2.5
[2010/03/29 11:46:12 | 000,000,000 | ---D | C] -- C:\Program Files\Free RAR Extract Frog
[2010/03/29 11:44:01 | 003,426,443 | ---- | C] (Philipp Winterberg) -- C:\Documents and Settings\kevin\Desktop\InstallFreeRARExtractFrog.exe
[2010/03/29 07:40:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\MOTD
[2010/03/27 00:37:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\bleep
[2010/03/23 11:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\My Documents\SightSpeed Recordings
[2010/03/23 11:30:55 | 016,808,680 | ---- | C] (Logitech, Inc.) -- C:\Documents and Settings\kevin\Desktop\LogitechVidSetup.exe
[2010/03/23 11:08:24 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/03/23 10:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Local Settings\Application Data\LogiShrd
[2010/03/23 10:46:50 | 000,539,160 | R--- | C] (Logitech Inc.) -- C:\windows\System32\LVUI2RC.dll
[2010/03/23 10:46:40 | 000,539,160 | R--- | C] (Logitech Inc.) -- C:\windows\System32\LVUI2.dll
[2010/03/23 10:46:39 | 000,199,192 | R--- | C] (Logitech Inc.) -- C:\windows\System32\lvci1201278.dll
[2010/03/23 10:46:37 | 000,416,280 | R--- | C] (Logitech Inc.) -- C:\windows\System32\lvcodec2.dll
[2010/03/23 10:46:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Application Data\Leadertech
[2010/03/23 10:46:18 | 000,265,496 | R--- | C] (Logitech Inc.) -- C:\windows\System32\drivers\lvrs.sys
[2010/03/23 10:45:47 | 006,754,712 | R--- | C] (Logitech Inc.) -- C:\windows\System32\drivers\lvuvc.sys
[2010/03/23 10:39:04 | 000,023,832 | R--- | C] (Logitech Inc.) -- C:\windows\System32\drivers\lvuvcflt.sys
[2010/03/23 10:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/03/23 10:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/03/23 10:30:38 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/03/23 10:28:56 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\USBAUDIO.sys
[2010/03/23 10:28:56 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\usbaudio.sys
[2010/03/23 10:28:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vfwwdm32.dll
[2010/03/23 10:28:08 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\vfwwdm32.dll
[2010/03/23 10:28:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dshowext.ax
[2010/03/23 10:28:07 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dshowext.ax
[2010/03/21 17:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\Fulham Juve
[2010/03/18 13:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\contact
[2010/03/18 13:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\contact-form
[2010/03/17 13:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2010/03/17 11:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Application Data\Trusteer
[2010/03/17 11:45:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trusteer
[2010/03/17 11:43:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/03/15 13:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2010/03/14 18:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\Dartmoor
[2010/03/13 21:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\Spring
[2010/03/13 21:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\New Folder (2)
[2010/03/13 15:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2010/03/13 15:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\x264
[2010/03/13 15:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/03/13 14:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/03/11 08:52:22 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\moviemk.exe
[2010/03/10 10:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\TOSHIBA
[2010/03/09 22:14:41 | 000,115,880 | ---- | C] (Sonic Solutions) -- C:\windows\System32\pxinsi64.exe
[2010/03/09 22:13:37 | 006,653,000 | ---- | C] (Nullsoft, Inc.) -- C:\Documents and Settings\kevin\Desktop\winamp.exe
[2010/03/09 22:05:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\MPlayer-mingw32-1.0rc2
[2010/03/05 18:06:20 | 000,000,000 | ---D | C] -- C:\Output Files
[2010/03/05 18:02:15 | 000,000,000 | ---D | C] -- C:\windows\System32\tempdir
[2010/03/05 18:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2010/03/05 17:49:23 | 000,000,000 | ---D | C] -- C:\omniformat
[2010/03/05 17:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\style
[2010/03/05 16:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\contactform_menu_v1.7_rc4
[2010/03/05 12:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\kevin\Desktop\function_icon_set
[2010/01/12 10:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\nagasoft
[2009/11/16 21:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/16 14:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/06/21 21:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/06/21 18:51:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/15 17:32:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/03/25 13:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/09/14 02:14:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/09/14 02:14:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/03 23:57:00 | 000,000,422 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{E5138FC4-5EB4-4E30-9893-2854202E22BE}.job
[2010/04/03 23:33:58 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\2hcjrg4r.exe
[2010/04/03 23:33:30 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\kevin\Desktop\OTL.exe
[2010/04/03 23:31:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/03 23:24:47 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\kevin\My Documents\Tithe Sheet.xls
[2010/04/03 23:04:00 | 000,000,976 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1422949630-3180698302-2601023615-1127UA.job
[2010/04/03 20:13:38 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2010/04/03 16:15:38 | 000,000,286 | ---- | M] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
[2010/04/03 16:15:38 | 000,000,278 | ---- | M] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
[2010/04/03 15:17:12 | 000,000,477 | -HS- | M] () -- C:\cj.ini
[2010/04/03 15:15:59 | 000,001,158 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2010/04/03 15:15:41 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/03 15:14:11 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/04/03 15:14:05 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2010/04/03 15:13:56 | 803,385,344 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/02 14:04:00 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1422949630-3180698302-2601023615-1127Core.job
[2010/04/01 19:18:19 | 000,034,710 | ---- | M] () -- C:\Documents and Settings\kevin\My Documents\In_the_early_morning_Light_(Because_He_lives).pdf
[2010/04/01 14:43:29 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\S.doc
[2010/04/01 14:34:30 | 000,010,244 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\S.docx
[2010/04/01 14:11:11 | 000,000,012 | ---- | M] () -- C:\windows\bthservsdp.dat
[2010/04/01 08:10:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\kevin\ntuser.ini
[2010/03/31 17:32:00 | 000,000,284 | ---- | M] () -- C:\windows\tasks\AppleSoftwareUpdate.job
[2010/03/30 18:35:12 | 001,471,892 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\phpBB-3.0.6_to_3.0.7-PL1.zip
[2010/03/29 22:19:17 | 076,545,636 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\motd2.avi
[2010/03/29 22:10:34 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\motd2
[2010/03/29 21:49:48 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avidemux 2.5.lnk
[2010/03/29 21:46:00 | 010,327,518 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\avidemux_2.5.2_win32.exe
[2010/03/29 11:44:39 | 003,426,443 | ---- | M] (Philipp Winterberg) -- C:\Documents and Settings\kevin\Desktop\InstallFreeRARExtractFrog.exe
[2010/03/29 09:43:29 | 000,150,016 | ---- | M] () -- C:\Documents and Settings\kevin\My Documents\rob.pub
[2010/03/29 07:55:53 | 000,039,098 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\saints-logo.jpg
[2010/03/29 07:54:03 | 000,026,633 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\johnstones-paint-trophy-logo.png
[2010/03/29 07:53:30 | 000,038,085 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\paint trophy.jpg
[2010/03/28 08:06:12 | 000,554,494 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/03/28 08:06:12 | 000,465,200 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/03/28 08:06:12 | 000,079,302 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/03/27 00:51:18 | 000,003,750 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\Attach.zip
[2010/03/26 15:57:18 | 000,003,449 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\logo.gif
[2010/03/26 11:29:00 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\kevin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/03/23 23:21:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/23 11:32:53 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2010/03/23 11:30:57 | 016,808,680 | ---- | M] (Logitech, Inc.) -- C:\Documents and Settings\kevin\Desktop\LogitechVidSetup.exe
[2010/03/23 11:19:32 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\lvuvc.hs
[2010/03/23 11:18:58 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\logiflt.iad
[2010/03/23 10:31:21 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/03/18 13:40:45 | 000,000,403 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\contact.zip
[2010/03/18 13:22:50 | 000,020,787 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\contact-form.zip
[2010/03/17 22:15:05 | 000,048,793 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\dld.png
[2010/03/15 13:10:55 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\rmoc3260.dll
[2010/03/15 13:10:25 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5016.dll
[2010/03/15 13:10:25 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\System32\pndx5032.dll
[2010/03/15 13:07:55 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\windows\System32\pncrt.dll
[2010/03/13 15:01:48 | 000,579,602 | ---- | M] () -- C:\windows\System32\x264vfw.dll
[2010/03/13 15:00:02 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/03/13 14:56:55 | 006,653,000 | ---- | M] (Nullsoft, Inc.) -- C:\Documents and Settings\kevin\Desktop\winamp.exe
[2010/03/13 14:56:24 | 003,376,597 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\FFDSHOW.exe
[2010/03/13 14:56:03 | 000,482,304 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\x264-settings.msi
[2010/03/13 14:55:54 | 000,433,024 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\x264.exe
[2010/03/13 11:28:25 | 000,012,600 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\ie8.png
[2010/03/13 11:25:39 | 000,005,806 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\ff.png
[2010/03/12 10:10:22 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2010/03/11 22:29:14 | 000,044,893 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\googlehouse.jpg
[2010/03/09 22:03:09 | 010,773,769 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\MPlayer-mingw32-1.0rc2.zip
[2010/03/09 16:02:22 | 006,593,843 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\localhost_.sql.gz
[2010/03/05 18:02:16 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2010/03/05 17:50:44 | 001,344,920 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\pdfedit.exe
[2010/03/05 16:44:06 | 000,023,927 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\contactform_menu_v1.7_rc4.zip
[2010/03/05 16:04:40 | 006,583,704 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\omniformat.exe
[2010/03/05 12:45:24 | 000,679,145 | ---- | M] () -- C:\Documents and Settings\kevin\Desktop\function_icon_set.zip
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/03 23:46:44 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\2hcjrg4r.exe
[2010/04/01 19:18:19 | 000,034,710 | ---- | C] () -- C:\Documents and Settings\kevin\My Documents\In_the_early_morning_Light_(Because_He_lives).pdf
[2010/04/01 14:43:28 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\S.doc
[2010/04/01 13:42:34 | 000,010,244 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\S.docx
[2010/03/30 18:35:11 | 001,471,892 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\phpBB-3.0.6_to_3.0.7-PL1.zip
[2010/03/29 22:16:10 | 076,545,636 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\motd2.avi
[2010/03/29 22:09:13 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\motd2
[2010/03/29 21:49:48 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avidemux 2.5.lnk
[2010/03/29 21:45:53 | 010,327,518 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\avidemux_2.5.2_win32.exe
[2010/03/29 07:56:52 | 000,150,016 | ---- | C] () -- C:\Documents and Settings\kevin\My Documents\rob.pub
[2010/03/29 07:55:52 | 000,039,098 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\saints-logo.jpg
[2010/03/29 07:54:02 | 000,026,633 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\johnstones-paint-trophy-logo.png
[2010/03/29 07:53:26 | 000,038,085 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\paint trophy.jpg
[2010/03/27 00:51:18 | 000,003,750 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\Attach.zip
[2010/03/26 15:57:14 | 000,003,449 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\logo.gif
[2010/03/26 11:28:59 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\kevin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
[2010/03/23 10:52:39 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Vid.lnk
[2010/03/23 10:49:25 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\lvuvc.hs
[2010/03/23 10:46:48 | 000,034,068 | R--- | C] () -- C:\windows\System32\Repository.reg
[2010/03/23 10:46:44 | 000,082,289 | R--- | C] () -- C:\windows\System32\lvcoinst.ini
[2010/03/23 10:46:15 | 000,266,828 | R--- | C] () -- C:\windows\System32\drivers\LVAFT.cfg
[2010/03/23 10:40:41 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\logiflt.iad
[2010/03/23 10:31:21 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/03/20 12:46:04 | 000,000,278 | ---- | C] () -- C:\windows\tasks\RealUpgradeLogonTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
[2010/03/18 13:40:44 | 000,000,403 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\contact.zip
[2010/03/18 13:22:45 | 000,020,787 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\contact-form.zip
[2010/03/17 22:14:57 | 000,048,793 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\dld.png
[2010/03/15 13:11:16 | 000,000,286 | ---- | C] () -- C:\windows\tasks\RealUpgradeScheduledTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
[2010/03/13 15:01:48 | 000,579,602 | ---- | C] () -- C:\windows\System32\x264vfw.dll
[2010/03/13 15:00:02 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/03/13 14:56:23 | 003,376,597 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\FFDSHOW.exe
[2010/03/13 14:55:53 | 000,482,304 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\x264-settings.msi
[2010/03/13 14:55:48 | 000,433,024 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\x264.exe
[2010/03/13 11:28:23 | 000,012,600 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\ie8.png
[2010/03/13 11:25:29 | 000,005,806 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\ff.png
[2010/03/11 22:29:07 | 000,044,893 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\googlehouse.jpg
[2010/03/10 12:07:36 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/03/10 10:58:07 | 000,286,720 | ---- | C] () -- C:\windows\System32\eSTsnmp.dll
[2010/03/09 22:02:41 | 010,773,769 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\MPlayer-mingw32-1.0rc2.zip
[2010/03/09 16:02:22 | 006,593,843 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\localhost_.sql.gz
[2010/03/05 18:02:16 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\office Convert Pdf to Jpg Jpeg Tiff Free.lnk
[2010/03/05 18:02:14 | 001,503,232 | ---- | C] () -- C:\windows\System32\ptj.exe
[2010/03/05 18:02:12 | 004,369,408 | ---- | C] () -- C:\windows\System32\pdftk.exe
[2010/03/05 18:02:12 | 000,235,008 | ---- | C] () -- C:\windows\System32\office.exe
[2010/03/05 17:50:30 | 001,344,920 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\pdfedit.exe
[2010/03/05 16:44:02 | 000,023,927 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\contactform_menu_v1.7_rc4.zip
[2010/03/05 16:04:40 | 006,583,704 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\omniformat.exe
[2010/03/05 12:44:24 | 000,679,145 | ---- | C] () -- C:\Documents and Settings\kevin\Desktop\function_icon_set.zip
[2010/02/13 09:57:32 | 000,027,648 | ---- | C] () -- C:\windows\System32\AVSredirect.dll
[2009/09/13 22:45:15 | 000,432,256 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2009/07/20 16:40:24 | 000,000,135 | R--- | C] () -- C:\windows\System32\lngEng.ini
[2009/07/20 16:40:24 | 000,000,117 | ---- | C] () -- C:\windows\System32\lngKor.ini
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\windows\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\windows\System32\drivers\LVPr2Mon.sys
[2009/04/22 22:53:22 | 000,354,816 | ---- | C] () -- C:\windows\System32\psisdecd.dll
[2009/04/22 10:37:35 | 000,015,360 | ---- | C] () -- C:\windows\System32\BASSMOD.dll
[2009/04/08 10:16:46 | 000,000,320 | ---- | C] () -- C:\windows\SWWATER.INI
[2009/04/02 21:43:42 | 000,000,508 | ---- | C] () -- C:\Documents and Settings\kevin\Application Data\FDMLOG.TXT
[2009/03/25 22:03:17 | 000,051,200 | ---- | C] () -- C:\Documents and Settings\kevin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 17:04:15 | 000,114,688 | ---- | C] () -- C:\windows\System32\OdiOlDVR.dll
[2009/03/25 17:04:15 | 000,053,248 | ---- | C] () -- C:\windows\System32\OdiAPI.dll
[2009/03/25 11:38:38 | 000,001,520 | ---- | C] () -- C:\windows\System32\kevin_KBD.ini
[2009/03/25 11:38:02 | 000,000,842 | RHS- | C] () -- C:\Documents and Settings\kevin\ntuser.pol
[2009/03/25 11:37:55 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\kevin\NTUSER.DAT
[2009/03/25 11:37:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\kevin\ntuser.dat.LOG
[2009/03/25 11:37:55 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\kevin\ntuser.ini
[2009/03/25 10:25:47 | 000,002,412 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2008/04/02 12:47:29 | 000,003,399 | R--- | C] () -- C:\windows\System32\hptcpmon.ini
[2008/04/02 12:47:29 | 000,000,147 | ---- | C] () -- C:\windows\System32\AddPort.ini
[2008/04/02 12:44:43 | 000,000,813 | ---- | C] () -- C:\windows\hpntwksetup.ini
[2008/03/06 01:02:56 | 000,001,520 | ---- | C] () -- C:\windows\System32\User_KBD.ini
[2008/03/06 01:02:25 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/03/06 01:02:25 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2008/03/05 11:09:55 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
[2008/03/05 10:53:31 | 000,000,000 | ---- | C] () -- C:\windows\vpc32.INI
[2008/01/17 00:22:49 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z444.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z443.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z442.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z440.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z439.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z438.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z437.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z436.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z435.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z434.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z433.dll
[2007/12/23 13:00:00 | 000,147,456 | ---- | C] () -- C:\windows\System32\Merge7z432.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z444U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z443U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z442U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z440U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z439U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z438U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z437U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z436U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z435U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z434U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z433U.dll
[2007/12/23 13:00:00 | 000,143,360 | ---- | C] () -- C:\windows\System32\Merge7z432U.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/09/14 02:30:50 | 000,001,522 | ---- | C] () -- C:\windows\System32\MagicKBD.INI
[2007/09/14 02:30:50 | 000,001,520 | ---- | C] () -- C:\windows\System32\Administrator_KBD.ini
[2007/09/14 02:30:47 | 000,003,425 | ---- | C] () -- C:\windows\System32\KBDR.INI
[2007/09/14 02:30:47 | 000,002,741 | ---- | C] () -- C:\windows\System32\KBDD.INI
[2007/09/14 02:30:47 | 000,002,699 | ---- | C] () -- C:\windows\System32\KBDO.INI
[2007/09/14 02:30:47 | 000,002,699 | ---- | C] () -- C:\windows\System32\KBDC.INI
[2007/09/14 02:30:47 | 000,002,606 | ---- | C] () -- C:\windows\System32\KBDB.INI
[2007/09/14 02:30:47 | 000,002,236 | ---- | C] () -- C:\windows\System32\KBDQ.INI
[2007/09/14 02:30:47 | 000,001,956 | ---- | C] () -- C:\windows\System32\KBDE.INI
[2007/09/14 02:30:47 | 000,001,885 | ---- | C] () -- C:\windows\System32\KBDP.INI
[2007/09/14 02:30:47 | 000,001,857 | ---- | C] () -- C:\windows\System32\KBDUU.INI
[2007/09/14 02:30:47 | 000,001,835 | ---- | C] () -- C:\windows\System32\KBDG.INI
[2007/09/14 02:30:47 | 000,001,835 | ---- | C] () -- C:\windows\System32\KBDA.INI
[2007/09/14 02:30:47 | 000,001,834 | ---- | C] () -- C:\windows\System32\KBDU.INI
[2007/09/14 02:30:47 | 000,001,819 | ---- | C] () -- C:\windows\System32\KBDN.INI
[2007/09/14 02:30:47 | 000,001,699 | ---- | C] () -- C:\windows\System32\KBDT.INI
[2007/09/14 02:30:47 | 000,001,697 | ---- | C] () -- C:\windows\System32\KBDV.INI
[2007/09/14 02:30:47 | 000,001,522 | ---- | C] () -- C:\windows\System32\KBDS.INI
[2007/09/14 02:30:47 | 000,001,476 | ---- | C] () -- C:\windows\System32\KBDF.INI
[2007/09/14 02:16:34 | 000,004,300 | ---- | C] () -- C:\windows\System32\MEMIO.SYS
[2007/09/14 01:41:09 | 000,000,420 | ---- | C] () -- C:\windows\System32\oeminfo.ini
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- C:\windows\System32\drivers\n558.sys
[2007/04/01 10:00:28 | 002,842,624 | ---- | C] () -- C:\windows\System32\btwicons.dll
[2007/04/01 09:41:52 | 000,090,112 | ---- | C] () -- C:\windows\System32\btprn2k.dll
[2006/07/07 05:21:44 | 000,061,440 | ---- | C] () -- C:\windows\System32\AVSAudioWideStereoDMO.dll
[2006/07/07 05:21:42 | 000,081,920 | ---- | C] () -- C:\windows\System32\AVSAudioAmp.dll
[2006/05/22 12:47:24 | 000,008,704 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2006/05/21 22:56:42 | 000,000,547 | ---- | C] () -- C:\windows\System32\ff_vfw.dll.manifest
[2005/02/17 13:41:32 | 000,000,603 | ---- | C] () -- C:\windows\System32\BTNeighborhood.dll.manifest
[2005/02/17 13:41:30 | 000,000,593 | ---- | C] () -- C:\windows\System32\btcss.dll.manifest
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll
< End of report >


I'll post gmer later.

Kev
I don't do silly signature things - not since my Karma ran over my Dogma!

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 04 April 2010 - 02:14 AM

Okay, please post me also extra.txt (created by OTL).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 05 April 2010 - 11:40 AM

Hi there

I have tried all day, but gmer keeps crashing part way into the scan. Also I don't seethe extra file for OTL. Have run that twice more today to try and get it.

Kev
I don't do silly signature things - not since my Karma ran over my Dogma!

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 05 April 2010 - 11:45 AM

Hello kevb8ll,

Is this a business/institution computer?
If it is, are you the domain administrator? If you are not, have you informed your domain administrator, (business manager, Systems Analyst, or Information Technology (IT) Specialist)?

I ask this for several reasons:
  • There may be restrictions and modifications installed on such machines that could be damaged or altered by the actions we take to remove Malware.
  • Any infection could jump terminals in a computer network.
  • There may also be legal issues regarding any loss of business data that I do not wish to deal with.
  • Some people who come here use their computers for work, and the computers may contain the patient records of a physician or the financial records of an accountant's clients or credit card and bank account information of their employer's customers.
  • There may be tremendous risks and legal liability for such users for not fully securing the computer. We will not know this unless we ask. We do not want to be accidentally putting those we help in vulnerable positions for law suits.
  • Business factors outweigh technical factors in making the reformat and reinstall decision. Sometimes friends give missing CDs or lack of expertise as a reason for not doing a reformat and reinstall.
  • The cost of replacing missing Windows XP and MS Office CDs and getting an Microsoft Certified Systems Engineer to come in for 3 hours to do the reinstall and apply all the critical updates, is trivial compared with the potential cost of a multi-million dollar lawsuit for breach of trust if confidential client or patient information is disclosed.
  • In specific situations where highly confidential information about others is on the computer, and a backdoor virus or trojan is found, we are helping people more by identifying that they have a backdoor trojan which puts them in a particularly vulnerable situation and sending them to seek local professional help from a Microsoft Certified Systems Engineer or Certified Information Systems Security Professional or Global Information Assurance Certification Certified Security Expert or Certified Computing Professional or Internet Service Provider than we would be trying to fully resolve their problems long distance.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 05 April 2010 - 02:32 PM

It is a business laptop but there is no problem about me doing this. The only "business" data on the machine is mine and they are training course details which are fully backed up. It isn't a government laptop or anything.

My profile has full administrator permission too.

Can we look at running some other scans?

Just to add, I have full permission to do what I'm doing here.
I don't do silly signature things - not since my Karma ran over my Dogma!

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 05 April 2010 - 02:55 PM

Hello kevb8ll,

OTL FIX
------------
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"
    CODE
    :commands
    [emptytemp]
    [resethosts]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


In your next reply, please include the following:
  • OTL report
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 05 April 2010 - 03:35 PM

Here is the OTL Run Fix report. (I'll do the other one now).

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: administrator.HEADOFFICE
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: kevin
->Temp folder emptied: 768418958 bytes
->Temporary Internet Files folder emptied: 641480692 bytes
->Java cache emptied: 43928231 bytes
->FireFox cache emptied: 96627362 bytes
->Google Chrome cache emptied: 62356200 bytes
->Flash cache emptied: 2236464 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33881 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1227195 bytes

User: User
->Temporary Internet Files folder emptied: 7137873 bytes
->Flash cache emptied: 609 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1481475101 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 6010 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 1913420778 bytes

Total Files Cleaned = 4,786.00 mb

C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.0 log created on 04052010_212209

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF7278.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF7305.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF732A.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF7335.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF7554.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF755F.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF75BA.tmp not found!
File\Folder C:\Documents and Settings\kevin\Local Settings\Temp\~DF75FF.tmp not found!
C:\Documents and Settings\kevin\Local Settings\Temp\~DF891C.tmp moved successfully.
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\RTJJZ2S2\topic305123[1].htm moved successfully.
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\JBF30861\iframe[1].htm moved successfully.
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

I don't do silly signature things - not since my Karma ran over my Dogma!

#12 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 05 April 2010 - 04:20 PM

Here is the combofix report:

ComboFix 10-04-04.01 - kevin 05/04/2010 21:53:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.363 [GMT 1:00]
Running from: c:\documents and settings\kevin\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\documents and settings\kevin\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\recycler\S-1-5-21-220523388-861567501-725345543-500
c:\recycler\S-1-5-21-2707332653-2539788233-2336614907-500
c:\windows\system32\office.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-05 to 2010-04-05 )))))))))))))))))))))))))))))))
.

2010-03-29 20:51 . 2010-03-29 21:01 -------- d-----w- c:\documents and settings\kevin\Application Data\avidemux
2010-03-23 09:46 . 2010-03-23 09:46 -------- d-----w- c:\documents and settings\kevin\Application Data\Leadertech
2010-03-23 09:31 . 2010-03-28 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-03-17 12:14 . 2010-03-17 12:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-03-17 10:45 . 2010-03-17 10:45 -------- d-----w- c:\documents and settings\kevin\Application Data\Trusteer
2010-03-17 10:43 . 2010-03-17 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Trusteer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-05 21:15 . 2008-03-06 00:32 -------- d-----w- c:\program files\Symantec AntiVirus
2010-04-05 21:04 . 2009-06-21 17:44 12 ----a-w- c:\windows\bthservsdp.dat
2010-04-03 17:07 . 2010-01-09 17:59 -------- d-----w- c:\program files\LiveOnlineFooty.com
2010-04-01 11:46 . 2009-04-01 09:21 -------- d-----w- c:\documents and settings\kevin\Application Data\Spotify
2010-03-30 22:20 . 2009-03-25 13:36 -------- d-----w- c:\documents and settings\kevin\Application Data\FileZilla
2010-03-29 21:35 . 2009-04-06 07:53 -------- d-----w- c:\documents and settings\kevin\Application Data\uTorrent
2010-03-29 20:51 . 2010-03-29 20:48 -------- d-----w- c:\program files\Avidemux 2.5
2010-03-29 10:46 . 2010-03-29 10:46 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-03-28 07:37 . 2009-03-25 21:08 -------- d-----w- c:\documents and settings\kevin\Application Data\Skype
2010-03-23 10:19 . 2010-03-23 09:49 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-03-23 10:18 . 2010-03-23 09:40 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-23 09:50 . 2010-03-23 09:30 -------- d-----w- c:\program files\Logitech
2010-03-23 09:46 . 2010-03-23 09:31 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-17 10:45 . 2010-03-17 10:45 -------- d-----w- c:\program files\Trusteer
2010-03-15 12:11 . 2009-05-18 18:20 -------- d-----w- c:\program files\Common Files\Real
2010-03-15 12:10 . 2009-09-30 06:16 -------- d-----w- c:\program files\real
2010-03-15 12:09 . 2010-03-15 12:09 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-13 14:05 . 2010-03-13 14:05 -------- d-----w- c:\program files\Common Files\NSV
2010-03-13 14:01 . 2010-03-13 14:01 -------- d-----w- c:\program files\x264
2010-03-13 14:01 . 2010-03-13 14:01 579602 ----a-w- c:\windows\system32\x264vfw.dll
2010-03-13 14:01 . 2010-03-13 14:01 -------- d-----w- c:\program files\ffdshow
2010-03-13 14:00 . 2010-03-13 13:59 -------- d-----w- c:\program files\Winamp
2010-03-12 11:37 . 2009-11-18 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-12 09:08 . 2007-09-14 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-10 11:07 . 2007-09-14 01:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-05 17:04 . 2010-03-05 17:02 -------- d-----w- c:\program files\office Convert Pdf to Jpg Jpeg Tiff Free
2010-02-25 06:24 . 2007-09-14 00:40 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-18 16:54 . 2010-02-18 16:54 -------- d-----w- c:\program files\TweetDeck
2010-02-15 23:20 . 2010-02-15 23:19 -------- d-----w- c:\program files\Tiberian Sun
2010-02-13 14:33 . 2010-02-13 09:21 -------- d-----w- c:\documents and settings\kevin\Application Data\DVD Flick
2010-02-13 09:20 . 2010-02-13 09:20 -------- d-----w- c:\program files\DVD Flick
2010-02-13 08:57 . 2010-02-13 08:57 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-13 08:56 . 2010-02-13 08:56 -------- d-----w- c:\program files\eRightSoft
2010-02-12 23:02 . 2009-03-26 19:03 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 16:03 . 2010-02-12 15:55 -------- d-----w- c:\documents and settings\kevin\Application Data\FreeFLVConverter
2010-02-12 15:55 . 2010-02-12 15:55 -------- d-----w- c:\program files\Free FLV Converter
2010-02-12 14:27 . 2010-02-12 14:28 63984 ------w- c:\windows\system32\pxwma.dll
2010-02-12 10:03 . 2010-03-02 19:29 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-08 15:28 . 2010-02-08 15:28 -------- d-----w- c:\program files\InstantEyedropper
2010-02-07 12:57 . 2010-02-07 12:55 -------- d-----w- c:\program files\TVAnts
2010-02-06 15:41 . 2010-02-06 15:39 -------- d-----w- c:\program files\iTunes
2010-02-06 15:40 . 2010-02-06 15:40 -------- d-----w- c:\program files\iPod
2010-02-06 15:40 . 2009-03-25 22:32 -------- d-----w- c:\program files\Common Files\Apple
2010-02-06 15:32 . 2010-02-06 15:31 -------- d-----w- c:\program files\QuickTime
2010-01-15 18:30 . 2010-02-12 15:55 315392 ----a-w- c:\windows\system32\TubeFinder.exe
2006-05-03 10:06 . 2010-02-13 08:57 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-02-13 08:57 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-02-13 08:57 216064 --sh--r- c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-31 133104]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"instanteyedropper"="c:\program files\InstantEyedropper\InstantEyedropper.exe" [2007-10-17 352256]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2010-02-12 5933912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-07 761947]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-08-16 45056]
"AVStation Premium 3.75 DriveMapper"="c:\program files\Samsung\AVStation Premium 3.75\DriveMapper.exe" [2007-02-09 36864]
"AVStation Premium 3.75"="c:\program files\Samsung\AVStation Premium 3.75\AVSAgent.exe" [2007-07-19 163840]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2007-09-03 2764800]
"MagicKeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-15 151552]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"EDS"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-01-11 634880]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"DMHotKey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-22 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-15 202256]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\administrator.HEADOFFICE\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2009-3-25 118784]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=

R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [15/03/2010 14:47 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [15/03/2010 14:47 116328]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [14/09/2007 02:16 4300]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [15/03/2010 14:47 779496]
R2 SNM WLAN Service;SNM WLAN Service;c:\program files\Samsung\Samsung Network Manager\SNMWLANService.exe [28/05/2005 16:35 36864]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [12/10/2006 20:12 28160]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [28/09/2009 10:08 102448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/11/2009 14:14 135664]
S3 ADDMEM;ADDMEM;\??\c:\docume~1\kevin\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS --> c:\docume~1\kevin\LOCALS~1\Temp\__Samsung_Update\ADDMEM.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [15/06/2006 02:40 115952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 13:14]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-16 13:14]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422949630-3180698302-2601023615-1127Core.job
- c:\documents and settings\kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-31 09:44]

2010-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1422949630-3180698302-2601023615-1127UA.job
- c:\documents and settings\kevin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-31 09:44]

2010-04-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-04-05 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1422949630-3180698302-2601023615-1127.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 22:09]

2010-04-05 c:\windows\Tasks\User_Feed_Synchronization-{E5138FC4-5EB4-4E30-9893-2854202E22BE}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - prefs.js: keyword.URL -
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\documents and settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\twitternotifier@naan.net\platform\WINNT\components\nsTwitterFoxSign.dll
FF - plugin: c:\documents and settings\kevin\Application Data\Mozilla\Firefox\Profiles\vw5xb5kv.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\kevin\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-05 22:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1422949630-3180698302-2601023615-1127\Software\SecuROM\License information*]
"datasecu"=hex:8e,2f,98,89,ef,7d,b0,d3,7b,3f,80,a2,05,09,bd,0c,aa,9f,80,d9,92,
f2,9c,2f,26,ba,8f,6d,79,a9,2a,02,01,2a,1b,31,eb,28,e0,d6,cb,0e,89,45,a7,9e,\
"rkeysecu"=hex:cb,10,f7,8f,90,21,e1,b7,a2,8c,f9,9f,9a,d8,bf,98
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5128)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\AGRSMMSG.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\program files\SAMSUNG\MagicKBD\MagicKBD.exe
c:\program files\Samsung\Easy Display Manager\dmhkcore.exe
c:\program files\SAMSUNG\MagicKBD\PerformanceManager.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-04-05 22:26:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-05 21:26

Pre-Run: 15,380,115,456 bytes free
Post-Run: 15,350,042,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\windows="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 644E2233CF56EE14885B5B7F9950F02E

I don't do silly signature things - not since my Karma ran over my Dogma!

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 06 April 2010 - 03:16 AM

Please let me know how things are running now.
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please post only attach.txt, no need for dds.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 kevb8ll

kevb8ll
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 PM

Posted 06 April 2010 - 04:28 PM


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06/03/2008 00:02:29
System Uptime: 04/06/2010 11:14:08 (-1409 hours ago)

Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R59P/R60P/R61P
Processor: Intel® Pentium® Dual CPU T2330 @ 1.60GHz | U2E1 | 1596/mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 14.16 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N95 8GB
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N95 8GB
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP286: 12/03/2010 08:32:54 - Software Distribution Service 3.0
RP287: 13/03/2010 11:35:01 - System Checkpoint
RP288: 13/03/2010 14:03:01 - Removed H264 Codecs
RP289: 13/03/2010 14:03:27 - Installed H264 Codecs
RP290: 15/03/2010 11:25:35 - System Checkpoint
RP291: 17/03/2010 10:44:54 - Installed Rapport
RP292: 18/03/2010 19:55:23 - System Checkpoint
RP293: 20/03/2010 09:42:41 - Installed Rapport
RP294: 21/03/2010 17:27:10 - System Checkpoint
RP295: 23/03/2010 09:33:19 - Logitech Webcam Software v12.0.1278
RP296: 24/03/2010 13:29:20 - System Checkpoint
RP297: 25/03/2010 14:44:28 - System Checkpoint
RP298: 27/03/2010 19:25:02 - System Checkpoint
RP299: 30/03/2010 11:11:00 - System Checkpoint
RP300: 31/03/2010 19:36:59 - System Checkpoint
RP301: 01/04/2010 07:33:24 - Software Distribution Service 3.0
RP302: 01/04/2010 14:14:31 - Restore Operation
RP303: 02/04/2010 14:57:06 - System Checkpoint
RP304: 05/04/2010 16:00:19 - System Checkpoint
RP305: 06/04/2010 18:20:43 - System Checkpoint

==== Installed Programs ======================

µTorrent
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 9.3.1
Adobe Stock Photos 1.0
Agere Systems HDA Modem
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros WLAN Client
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
Avidemux 2.5
AVStation Premium 3.75
Bonjour
Canon MP800
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Championship Manager 2010
Championship Manager 2010 (September Data Patch)
CloneCD
CloneDVD2
Critical Update for Windows Media Player 11 (KB959772)
DVD Flick 1.3.0.7
Easy Display Manager
ffdshow
FileZilla Client 3.3.1
Free FLV Converter V 6.7.4
Free RAR Extract Frog
Google Chrome
Google Chrome Frame
Google Update Helper
H264 Codecs
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
imagine digital freedom - Samsung
Instant Eyedropper 1.75
International Cricket Captain 2005
iTunes
J2SE Runtime Environment 5.0
Java DB 10.4.1.3
Java™ 6 Update 17
Java™ SE Development Kit 6 Update 13
JavaFX™ 1.1 SDK
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LightScribe 1.4.105.1
LiveOnlineFooty.com
LiveUpdate 3.0 (Symantec Corporation)
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Macromedia Shockwave Player
Magic Keyboard
MagicBall3D
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office FrontPage 2003
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.3)
MSN
MSVC80_x86
MSVC80_x86_v2
MSVC90_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Nvu 1.0PR
office Convert Pdf to Jpg Jpeg Tiff Free 4.9
OGA Notifier 2.0.0048.0
Olympus Digital Wave Player
PC Connectivity Solution
PowerDVD
PowerStarter
QuickTime
Rapport
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Samsung Battery Manager
Samsung EDS
Samsung Magic Doctor
Samsung Network Manager 2.0
Samsung Recovery Solution II
Samsung Wallpaper
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skins
Skype™ 4.0
SopCast 3.2.4
Spelling Dictionaries Support For Adobe Reader 9
Spotify
SUPER © Version 2010.bld.37 (Jan 2, 2010)
Symantec AntiVirus
Synaptics Pointing Device Driver
TopStyle Lite (Version 3)
TVAnts 1.0
TVUPlayer 2.4.9.1
TweetDeck
Type2238 TWAIN Driver Ver.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb979895)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Guide
Veetle TV 0.9.16
VexcastPlayer2.0
VLC media player 0.9.9
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
Windows Driver Package - Nokia Modem (10/05/2009 4.2)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WinMerge 2.12.4
x264 Revision 534 x264.nl (remove only)
Zoom Search Engine 6.0

==== Event Viewer Messages From Past Week ========

06/04/2010 17:53:36, error: Dhcp [1002] - The IP address lease 192.168.1.27 for the Network Card with network address 001B9E9AF00D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
06/04/2010 10:47:21, error: Dhcp [1002] - The IP address lease 192.168.0.5 for the Network Card with network address 001B9E9AF00D has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
05/04/2010 21:22:25, error: Service Control Manager [7034] - The ServiceLayer service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:25, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:14, error: Service Control Manager [7034] - The SNM WLAN Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:14, error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:13, error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:13, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:13, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:12, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:12, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/04/2010 21:22:11, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 21:22:11, error: Service Control Manager [7031] - The Bluetooth Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
05/04/2010 14:48:43, error: Service Control Manager [7034] - The LiveUpdate service terminated unexpectedly. It has done this 1 time(s).
05/04/2010 14:48:32, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
05/04/2010 14:48:32, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
05/04/2010 14:48:20, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
04/04/2010 08:59:40, error: NETLOGON [5719] - No Domain Controller is available for domain HEADOFFICE due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
03/04/2010 18:06:12, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the SNM WLAN Service service.
03/04/2010 08:47:09, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
01/04/2010 18:17:01, error: Dhcp [1002] - The IP address lease 192.168.14.103 for the Network Card with network address 001B9E9AF00D has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
01/04/2010 14:14:06, error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error 2147749155 (0x80040D23).

==== End Of File ===========================

I am away for a couple of days so I will check again on friday.

Kev
I don't do silly signature things - not since my Karma ran over my Dogma!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:21 PM

Posted 07 April 2010 - 08:58 AM

Hello kevb8ll,

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


UPDATE JAVA
------------------
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 19.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


In your next reply, please include the following:
  • MBAM log

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users