Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

canot complete gmer scan


  • This topic is locked This topic is locked
8 replies to this topic

#1 beverly911

beverly911

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 02 April 2010 - 01:55 PM

did prep ( as much as i could) ran gmer 5 times...3 times system frooze and 2 times computer shut down and restarted. below is posted what was on the log when each thing occured.

Referred from here: http://www.bleepingcomputer.com/forums/t/306203/poss-infection/ ~ OB

gmer scan

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-02 13:18:04
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\kwlcyfog.sys


---- System - GMER 1.0.15 ----

SSDT 89E94A48 ZwAlertResumeThread
SSDT 89E946C8 ZwAlertThread
SSDT 8A07EDE0 ZwAllocateVirtualMemory
SSDT 89EBD6B8 ZwAssignProcessToJobObject
SSDT 89800498 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xA6434210]
SSDT 89E94FC0 ZwCreateMutant
SSDT 89ED84A0 ZwCreateSymbolicLinkObject
SSDT 89F3EBB8 ZwCreateThread
SSDT 89EBD680 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xA6434490]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xA64349F0]
SSDT 89FA1050 ZwDuplicateObject
SSDT 8A0F8050 ZwFreeVirtualMemory
SSDT 89E960D8 ZwImpersonateAnonymousToken
SSDT 89E959C0 ZwImpersonateThread
SSDT 89B0B700 ZwLoadDriver
SSDT 89F3F008 ZwMapViewOfSection
SSDT 89E96318 ZwOpenEvent
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwOpenKey [0xA64347A0]
SSDT 89F002F0 ZwOpenProcess
SSDT 89E92D50 ZwOpenProcessToken
SSDT 89EA50D0 ZwOpenSection
SSDT 89F52230 ZwOpenThread
SSDT 89F210B0 ZwProtectVirtualMemory
SSDT 89E942A8 ZwResumeThread
SSDT 89E933B0 ZwSetContextThread
SSDT 8A1AE170 ZwSetInformationProcess
SSDT 89EA5108 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xA6434C40]
SSDT 89E96CB0 ZwSuspendProcess
SSDT 89E93DF0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA6291320]
SSDT 89E937C8 ZwTerminateThread
SSDT 89E930B8 ZwUnmapViewOfSection
SSDT 8A0A34E0 ZwWriteVirtualMemory

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2009 3:53:43 PM
System Uptime: 4/1/2010 11:49:01 AM (1 hours ago)

Motherboard: Acer | | RS740DVF
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4400+ | AM2 | 2299/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 210.076 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP83: 1/1/2010 6:04:19 AM - System Checkpoint
RP84: 1/2/2010 7:30:59 AM - System Checkpoint
RP85: 1/3/2010 7:53:28 AM - System Checkpoint
RP86: 1/4/2010 8:13:47 AM - System Checkpoint
RP87: 1/5/2010 12:25:53 PM - System Checkpoint
RP88: 1/6/2010 12:29:01 PM - System Checkpoint
RP89: 1/7/2010 2:30:05 PM - System Checkpoint
RP90: 1/8/2010 5:33:16 PM - System Checkpoint
RP91: 1/9/2010 6:26:07 PM - System Checkpoint
RP92: 1/10/2010 7:11:25 PM - System Checkpoint
RP93: 1/11/2010 2:10:34 AM - Installed Compatibility Pack for the 2007 Office system
RP94: 1/12/2010 2:28:31 AM - System Checkpoint
RP95: 1/13/2010 3:00:17 AM - Software Distribution Service 3.0
RP96: 1/14/2010 3:22:39 AM - System Checkpoint
RP97: 1/15/2010 4:30:50 AM - System Checkpoint
RP98: 1/16/2010 5:22:39 AM - System Checkpoint
RP99: 1/17/2010 6:22:39 AM - System Checkpoint
RP100: 1/18/2010 7:22:39 AM - System Checkpoint
RP101: 1/19/2010 7:35:40 AM - System Checkpoint
RP102: 1/20/2010 3:00:14 AM - Software Distribution Service 3.0
RP103: 1/21/2010 3:23:34 AM - System Checkpoint
RP104: 1/22/2010 5:02:04 AM - System Checkpoint
RP105: 1/23/2010 3:00:14 AM - Software Distribution Service 3.0
RP106: 1/24/2010 3:28:36 AM - System Checkpoint
RP107: 1/25/2010 3:41:39 AM - System Checkpoint
RP108: 1/26/2010 4:41:37 AM - System Checkpoint
RP109: 1/27/2010 5:41:32 AM - System Checkpoint
RP110: 1/28/2010 6:41:33 AM - System Checkpoint
RP111: 1/29/2010 8:45:48 AM - System Checkpoint
RP112: 1/30/2010 9:07:05 AM - System Checkpoint
RP113: 1/30/2010 8:02:51 PM - Installed Photo Story 3 for Windows
RP114: 1/31/2010 11:19:54 PM - System Checkpoint
RP115: 2/2/2010 12:25:24 AM - System Checkpoint
RP116: 2/3/2010 4:36:31 AM - System Checkpoint
RP117: 2/4/2010 5:07:00 AM - System Checkpoint
RP118: 2/5/2010 6:07:01 AM - System Checkpoint
RP119: 2/6/2010 6:51:35 AM - System Checkpoint
RP120: 2/7/2010 6:59:31 AM - System Checkpoint
RP121: 2/8/2010 7:57:52 AM - System Checkpoint
RP122: 2/8/2010 7:19:01 PM - Removed Google Earth.
RP123: 2/10/2010 1:23:13 AM - System Checkpoint
RP124: 2/11/2010 1:56:48 AM - System Checkpoint
RP125: 2/11/2010 3:00:19 AM - Software Distribution Service 3.0
RP126: 2/12/2010 3:12:49 AM - System Checkpoint
RP127: 2/13/2010 5:10:17 AM - System Checkpoint
RP128: 2/14/2010 5:23:56 AM - System Checkpoint
RP129: 2/14/2010 7:29:13 PM - Installed Ventrilo Client
RP130: 2/16/2010 1:00:03 AM - System Checkpoint
RP131: 2/17/2010 2:02:46 AM - System Checkpoint
RP132: 2/18/2010 2:12:31 AM - System Checkpoint
RP133: 2/19/2010 2:54:34 AM - System Checkpoint
RP134: 2/20/2010 3:20:28 AM - System Checkpoint
RP135: 2/21/2010 1:02:43 PM - System Checkpoint
RP136: 2/21/2010 1:35:05 PM - Printer Driver PDF-XChange 3.0 Installed
RP137: 2/22/2010 9:59:52 PM - System Checkpoint
RP138: 2/24/2010 7:47:51 AM - System Checkpoint
RP139: 2/25/2010 3:00:18 AM - Software Distribution Service 3.0
RP140: 2/26/2010 3:01:35 AM - System Checkpoint
RP141: 3/1/2010 2:52:30 AM - System Checkpoint
RP142: 3/2/2010 3:45:15 AM - System Checkpoint
RP143: 3/3/2010 4:56:22 AM - System Checkpoint
RP144: 3/4/2010 5:43:22 AM - System Checkpoint
RP145: 3/5/2010 6:43:22 AM - System Checkpoint
RP146: 3/6/2010 7:43:25 AM - System Checkpoint
RP147: 3/7/2010 8:05:32 AM - System Checkpoint
RP148: 3/8/2010 8:44:31 AM - System Checkpoint
RP149: 3/9/2010 8:47:33 AM - System Checkpoint
RP150: 3/10/2010 9:43:22 AM - System Checkpoint
RP151: 3/11/2010 3:00:28 AM - Software Distribution Service 3.0
RP152: 3/12/2010 3:56:53 AM - System Checkpoint
RP153: 3/13/2010 4:01:42 AM - System Checkpoint
RP154: 3/13/2010 11:08:50 PM - Installed QuickTax 2009.
RP155: 3/15/2010 1:59:01 AM - System Checkpoint
RP156: 3/16/2010 1:05:34 PM - System Checkpoint
RP157: 3/17/2010 2:25:22 PM - System Checkpoint
RP158: 3/19/2010 12:07:36 AM - System Checkpoint
RP159: 3/20/2010 1:47:59 AM - System Checkpoint
RP160: 3/21/2010 9:19:38 AM - System Checkpoint
RP161: 3/22/2010 9:34:11 AM - System Checkpoint
RP162: 3/23/2010 10:27:14 AM - System Checkpoint
RP163: 3/24/2010 10:44:27 AM - System Checkpoint
RP164: 3/25/2010 1:22:16 PM - System Checkpoint
RP165: 3/26/2010 3:08:08 PM - System Checkpoint
RP166: 3/27/2010 4:25:56 PM - System Checkpoint
RP167: 3/28/2010 4:45:25 PM - System Checkpoint
RP168: 3/29/2010 5:53:16 PM - System Checkpoint
RP169: 3/31/2010 2:16:33 AM - System Checkpoint
RP170: 3/31/2010 1:58:21 PM - Installed Java™ 6 Update 19
RP171: 3/31/2010 7:29:34 PM - Installed Windows XP KB898461.
RP172: 4/1/2010 8:59:41 AM - Installed Windows Internet Explorer 8.
RP173: 4/1/2010 9:16:44 AM - Installed SUPERAntiSpyware Free Edition

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Bonjour
BufferChm
CameraDrivers
CameraUserGuides
Capture NX 2
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco Media Center
Compatibility Pack for the 2007 Office system
Corel WordPerfect Office - iFilter
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
Creative Live! Cam Center
Creative Live! Cam Vista IM Driver (1.00.03.0000)
CueTour
Curse Client
Destinations
DeviceManagementQFolder
Epson Event Manager
EPSON NX100 Series Printer Uninstall
EPSON Scan
eSupportQFolder
File Uploader
FullDPAppQFolder
Google Chrome
Google Earth
Google Gears
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Imaging Device Functions 7.0
HP Photo and Imaging 2.0 - All-in-One
HP Photosmart Cameras 7.0
HP Photosmart Premier Software 6.5
HP Solution Center 7.0
HP Update
hpicamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 3
LimeWire 5.4.6
Linksys EasyLink Advisor
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nikon Message Center
Nikon Transfer
Norton AntiVirus
Norton Security Scan
NTI Backup NOW! 4
NTI CD & DVD-Maker
PanoStandAlone
PDF-XChange 3.5
Photo Story 3 for Windows
PhotoGallery
Picture Control Utility
PowerDVD
Pure Networks Platform
QuickTax 2009
QuickTime
RandMap
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
Skins
SkinsHP1
Skype Toolbars
Skypeâ„¢ 4.2
SlideShow
SolutionCenter
Sonic_PrimoSDK
Status
SUPERAntiSpyware Free Edition
Tik's Texas Hold 'em
TrayApp
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
ViewNX
Web Games Player Plugin
WebEx Support Manager for Internet Explorer
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
WordPerfect Lightning
WordPerfect Lightning - EN
WordPerfect Lightning - IPM
WordPerfect Lightning - Messages
WordPerfect Lightning - MSOM
WordPerfect Office X4
WordPerfect Office X4 - Common
WordPerfect Office X4 - Content
WordPerfect Office X4 - EN
WordPerfect Office X4 - Filters
WordPerfect Office X4 - Graphics
WordPerfect Office X4 - ICA
WordPerfect Office X4 - IPM
WordPerfect Office X4 - IPM EN
WordPerfect Office X4 - Migration Manager
WordPerfect Office X4 - PerfectExperts
WordPerfect Office X4 - PR
WordPerfect Office X4 - QP
WordPerfect Office X4 - Skins
WordPerfect Office X4 - System
WordPerfect Office X4 - WP
World of Warcraft

==== Event Viewer Messages From Past Week ========

4/1/2010 9:26:36 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/1/2010 9:25:47 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AmdPPM BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL SRTSPX SymIRON SYMTDI Tcpip
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/1/2010 9:25:47 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
4/1/2010 9:25:26 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/1/2010 9:25:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
3/31/2010 5:38:28 PM, error: Service Control Manager [7034] - The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).
3/31/2010 5:35:31 PM, error: WMPNetworkSvc [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2711'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
3/31/2010 5:34:56 PM, error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
3/31/2010 11:37:45 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
3/25/2010 12:55:14 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/25/2010 12:31:46 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
3/25/2010 11:59:26 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00226805B087 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/25/2010 11:20:32 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00226805B087 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================


DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by User at 12:59:12.57 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.833 [GMT -3:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Media Center\AVMediaServer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\system32\java.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\V0420Mon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\User\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theguardian.pe.ca/
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.6.0.32\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\progra~1\wi1f86~1\messen~1\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ntiMUI] c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office x4\programs\QFSCHD140.EXE"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [V0420Mon.exe] c:\windows\V0420Mon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscom~1.lnk - c:\program files\cisco media center\CESAvegaMediaServer.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partygaming\partypoker\RunApp.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1106000.020\symds.sys [2010-3-31 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1106000.020\symefa.sys [2010-3-31 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\bashdefs\20100324.001\BHDrvx86.sys [2010-3-24 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1106000.020\cchpx86.sys [2010-3-31 501888]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1106000.020\ironx86.sys [2010-3-31 116784]
R2 Cisco Media Server;Cisco Media Server;c:\program files\cisco media center\AVMediaServer.exe [2009-6-15 3350144]
R2 LinksysUpdater;Linksys Updater;c:\program files\linksys\linksys updater\bin\LinksysUpdater.exe [2008-11-13 204800]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.6.0.32\ccsvchst.exe [2010-3-31 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-11-9 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\ipsdefs\20100326.001\IDSXpx86.sys [2010-3-26 329592]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100401.002\NAVENG.SYS [2010-4-1 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.0.0.136\definitions\virusdefs\20100401.002\NAVEX15.SYS [2010-4-1 1324720]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\drivers\V0420Vid.sys [2009-12-27 99648]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-11-10 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-5 1684736]

=============== Created Last 30 ================

2010-04-01 15:55:51 0 ----a-w- c:\documents and settings\user\defogger_reenable
2010-04-01 12:16:54 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-04-01 12:16:46 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-01 12:16:46 0 d-----w- c:\docume~1\user\applic~1\SUPERAntiSpyware.com
2010-04-01 11:58:34 0 dc-h--w- c:\windows\ie8
2010-04-01 11:42:02 281 ----a-w- C:\old boot load boot.ini
2010-03-31 20:52:22 0 d-----w- c:\program files\Trend Micro
2010-03-31 20:35:24 0 d-sha-r- C:\cmdcons
2010-03-31 20:34:36 98816 ----a-w- c:\windows\sed.exe
2010-03-31 20:34:36 77312 ----a-w- c:\windows\MBR.exe
2010-03-31 20:34:36 261632 ----a-w- c:\windows\PEV.exe
2010-03-31 20:34:36 161792 ----a-w- c:\windows\SWREG.exe
2010-03-31 16:58:40 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 10:23:42 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes
2010-03-31 10:23:34 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-31 10:23:32 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-31 10:23:32 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-31 10:23:32 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-30 03:20:19 0 d-----w- c:\program files\PartyGaming
2010-03-14 02:09:13 0 d-----w- c:\docume~1\user\applic~1\Intuit Canada
2010-03-14 02:08:59 0 d-----w- c:\program files\common files\AnswerWorks 4.0
2010-03-14 02:08:57 0 d-----w- c:\program files\common files\Intuit
2010-03-14 02:08:52 0 d-----w- c:\program files\QuickTax 2009
2010-03-14 02:08:37 0 d-----w- c:\docume~1\alluse~1\applic~1\Intuit Canada
2010-03-12 02:31:26 0 d-----w- c:\program files\iPod
2010-03-12 02:31:22 0 d-----w- c:\program files\iTunes
2010-03-11 08:05:52 3251 ----a-w- c:\windows\system32\wbem\Outlook_01cac0f1aae1c6d8.mof
2010-03-10 21:41:48 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-09 04:59:43 44 ----a-w- c:\windows\cdplayer.ini
2010-03-06 02:27:00 7680 --sha-w- c:\windows\Thumbs.db

==================== Find3M ====================

2010-03-31 11:57:19 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-03-26 14:22:41 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2010-02-21 17:39:56 88 --sh--r- c:\docume~1\alluse~1\applic~1\CDDA537F10.sys
2010-02-03 22:30:45 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2010-02-03 22:24:32 20 ---h--w- c:\docume~1\alluse~1\applic~1\PKP_DLdu.DAT

============= FINISH: 12:59:49.45 ===============

What do I do next. Thanks
awaiting your reply,

Beverly

Edited by Orange Blossom, 02 April 2010 - 08:54 PM.


BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:33 AM

Posted 06 April 2010 - 01:11 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.



We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %appdata%\*.exe
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    /md5start
    proquota.exe
    sfcfiles.dll
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    beep.sys
    iaStor.sys
    nvstor.sys
    atapi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    iastorv.sys
    /md5stop
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 beverly911

beverly911
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 April 2010 - 02:47 PM

OTL logfile created on: 4/6/2010 4:31:14 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 209.90 Gb Free Space | 70.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASPIRE-4400
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/18 05:43:04 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/21 18:34:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/15 12:29:06 | 001,453,696 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe
PRC - [2009/06/15 12:28:34 | 003,350,144 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Media Center\AVMediaServer.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/08 16:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2008/11/13 16:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/07/23 13:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 21:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 02:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0420Mon.exe
PRC - [2006/02/19 05:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/01/21 18:34:51 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 10:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2003/03/18 21:14:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 06:42:20 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2009/06/15 12:28:34 | 003,350,144 | ---- | M] (Cisco Systems, Inc) [Auto | Running] -- C:\Program Files\Cisco Media Center\AVMediaServer.exe -- (Cisco Media Server)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 16:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/07/23 13:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 17:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/26 23:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 23:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 23:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/03 22:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/03 22:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 21:45:22 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100406.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 21:45:22 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100406.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/09 16:55:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/09 16:31:55 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/11/05 19:06:13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 19:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/21 06:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/10/06 19:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/29 06:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 06:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/21 13:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/30 22:32:34 | 000,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/17 18:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theguardian.pe.ca/
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E CD 9C C5 48 D1 CA 01 [binary data]
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/11/09 16:48:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2009/11/09 16:55:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:44:18 | 000,000,000 | ---D | M]

[2009/12/08 21:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/12/08 21:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/03/31 17:13:54 | 000,000,598 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-790525478-1547161642-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Media Server.lnk = C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe (Cisco Systems, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/09 16:32:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009/11/05 11:35:47 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 16:29:33 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/02 13:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/01 16:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer3
[2010/04/01 13:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2010/04/01 12:00:39 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.45.exe
[2010/04/01 11:55:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/01 09:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/01 09:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/04/01 09:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/01 09:14:43 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\User\Desktop\ATF-Cleaner.exe
[2010/04/01 09:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/01 08:58:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/31 23:20:18 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\windows-kb890830-v3.5.exe
[2010/03/31 22:34:15 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\User\Desktop\fsbl.exe
[2010/03/31 17:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/31 17:52:12 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTsetup.exe
[2010/03/31 17:35:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/31 17:34:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/31 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/31 17:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/31 17:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/31 17:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/31 13:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 13:58:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/31 07:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/03/31 07:23:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 07:23:32 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 07:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 07:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/30 00:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\PartyGaming
[2010/03/26 11:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Scans
[2010/03/18 05:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/13 23:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Intuit Canada
[2010/03/13 23:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/03/13 23:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/03/13 23:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTax 2009
[2010/03/13 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
[2010/03/11 23:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/11 23:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/10 18:41:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/28 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/20 04:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/07 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/10 22:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/10 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/10 13:48:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 17:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/05 15:51:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/19 04:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/06 16:08:08 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/04/06 15:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/06 14:37:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2010/04/06 13:58:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/06 10:05:55 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Job Board – Dive into a new job.url
[2010/04/06 09:54:07 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Let me google that for you.url
[2010/04/06 07:11:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 07:10:39 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/06 07:10:24 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 07:10:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 01:18:47 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/04/06 01:18:47 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/04/05 22:24:30 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/05 18:53:50 | 000,000,556 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for User.job
[2010/04/05 18:16:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/04 08:34:45 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Login Facebook.url
[2010/04/03 15:23:34 | 000,069,434 | ---- | M] () -- C:\Documents and Settings\User\Desktop\system.zip
[2010/04/02 18:15:11 | 001,318,084 | ---- | M] () -- C:\Documents and Settings\User\Desktop\system.nfo
[2010/04/02 17:57:06 | 000,000,589 | ---- | M] () -- C:\register.bat
[2010/04/02 17:54:44 | 000,000,089 | ---- | M] () -- C:\remove.bat
[2010/04/01 22:03:45 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/01 16:09:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer3.zip
[2010/04/01 16:07:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer2.zip
[2010/04/01 13:02:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/01 12:59:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/01 12:55:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/01 12:01:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 12:00:53 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.45.exe
[2010/04/01 09:16:49 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/01 09:15:35 | 007,976,992 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/04/01 09:14:49 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\User\Desktop\ATF-Cleaner.exe
[2010/04/01 09:00:44 | 003,224,042 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/04/01 09:00:34 | 000,665,310 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010/04/01 08:46:02 | 000,000,265 | -HS- | M] () -- C:\boot.ini
[2010/04/01 08:42:02 | 000,000,281 | ---- | M] () -- C:\old boot load boot.ini
[2010/04/01 00:00:22 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/03/31 23:20:23 | 009,823,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\windows-kb890830-v3.5.exe
[2010/03/31 22:48:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/31 22:34:28 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\User\Desktop\fsbl.exe
[2010/03/31 19:29:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/31 17:52:23 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/31 17:52:18 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTsetup.exe
[2010/03/31 17:43:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 17:34:09 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/03/31 15:26:50 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\My Documents\abcbeverly.xls
[2010/03/31 14:20:17 | 000,672,236 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2010 windows scan result.cab
[2010/03/31 13:58:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/31 13:58:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/31 13:58:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 22:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/26 19:38:56 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Job Bank - Results.url
[2010/03/26 19:28:29 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Josh MacEachern intro .doc
[2010/03/26 19:26:46 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\User\My Documents\resumejoshemt.doc
[2010/03/26 12:07:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Thane income 2009 confirmation.doc
[2010/03/26 11:22:41 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/03/25 14:22:50 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal budget1.xls
[2010/03/24 21:14:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\User\My Documents\moccasins project (Jennifer&Layne).doc
[2010/03/24 21:13:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\User\My Documents\mocassins FRENCH.doc
[2010/03/21 19:09:14 | 000,002,685 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Home Page - North River Minor Hockey Association.url
[2010/03/21 08:29:04 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 08:29:04 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 08:29:03 | 000,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 13:23:40 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TACMBC26.pdf
[2010/03/15 19:43:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/15 18:21:38 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/15 14:44:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Moccasins facts project (Jennifer&Layne).doc
[2010/03/14 22:00:53 | 000,063,776 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/13 23:09:02 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTax 2009.lnk
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 04:04:07 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 02:25:49 | 000,000,044 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/06 10:05:55 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Job Board – Dive into a new job.url
[2010/04/05 18:16:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/02 18:20:04 | 000,069,434 | ---- | C] () -- C:\Documents and Settings\User\Desktop\system.zip
[2010/04/02 18:11:47 | 001,318,084 | ---- | C] () -- C:\Documents and Settings\User\Desktop\system.nfo
[2010/04/02 17:56:10 | 000,000,589 | ---- | C] () -- C:\register.bat
[2010/04/02 17:54:29 | 000,000,089 | ---- | C] () -- C:\remove.bat
[2010/04/01 16:09:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer3.zip
[2010/04/01 16:07:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer2.zip
[2010/04/01 13:01:39 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/01 12:58:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/01 12:55:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/01 09:16:49 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/01 09:15:24 | 007,976,992 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/04/01 08:42:02 | 000,000,281 | ---- | C] () -- C:\old boot load boot.ini
[2010/03/31 17:52:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/31 17:35:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/31 17:35:28 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/31 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/31 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/31 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/31 17:34:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/31 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/31 17:34:04 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/03/31 15:26:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\My Documents\abcbeverly.xls
[2010/03/31 14:21:07 | 000,672,236 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2010 windows scan result.cab
[2010/03/31 07:23:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 00:26:50 | 001,808,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/26 19:38:56 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Job Bank - Results.url
[2010/03/26 17:56:52 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\User\My Documents\resumejoshemt.doc
[2010/03/26 16:53:36 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Josh MacEachern intro .doc
[2010/03/26 12:04:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Thane income 2009 confirmation.doc
[2010/03/18 13:23:40 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TACMBC26.pdf
[2010/03/16 21:49:07 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\User\My Documents\mocassins FRENCH.doc
[2010/03/15 14:44:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Moccasins facts project (Jennifer&Layne).doc
[2010/03/15 14:44:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\User\My Documents\moccasins project (Jennifer&Layne).doc
[2010/03/13 23:09:01 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTax 2009.lnk
[2010/03/11 23:32:08 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/09 01:59:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/21 14:34:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CDDA537F10.sys
[2010/02/14 20:29:08 | 000,000,285 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/31 18:03:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2009/12/27 20:04:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/25 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ
[2009/12/25 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Piano Hard
[2009/12/25 21:45:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/12/25 21:45:32 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
[2009/12/25 21:45:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Planets
[2009/12/25 21:45:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Piano Med
[2009/12/25 21:45:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\WebServer
[2009/12/25 21:41:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/12/25 21:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/12/25 21:24:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2009/12/25 21:24:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Generic
[2009/12/25 21:24:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/12/25 21:24:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2009/12/25 21:17:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2009/12/25 21:17:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Galaxy Swirl
[2009/12/25 21:17:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/25 21:17:08 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Halftone
[2009/11/12 04:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/11/10 22:50:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/10 17:03:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/11/10 16:50:43 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/10 16:50:11 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 14:06:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/09 16:50:28 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/11/09 16:32:55 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2009/11/06 09:02:03 | 000,076,277 | ---- | C] () -- C:\Documents and Settings\User\CCCInstall_200911060802032187.log
[2009/11/05 15:56:30 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\User\ntuser.dat.LOG
[2009/11/05 15:56:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\User\ntuser.ini
[2009/11/05 15:56:29 | 007,602,176 | -H-- | C] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/10/21 06:22:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/12/17 18:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Custom Scans ==========


< %appdata%\*.exe >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/21 12:55:26 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGX.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >
[2009/11/10 17:32:27 | 000,563,872 | ---- | M] (Google Inc.) -- C:\GoogleEarthSetup.exe
[2009/11/10 16:45:22 | 172,376,520 | ---- | M] (Hewlett-Packard Company ) -- C:\hp photosmart m537.exe
[2009/11/10 14:09:41 | 004,841,536 | ---- | M] (Microsoft Corporation) -- C:\officexp-KB953405-FullFile-ENU.exe
[2009/11/10 14:10:56 | 004,822,928 | ---- | M] (Microsoft Corporation) -- C:\officexp-KB974811-FullFile-ENU.exe


< MD5 for: ATAPI.SYS >
[2004/08/04 09:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/05 17:28:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/05 17:28:37 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 15:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 09:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: BEEP.SYS >
[2004/08/04 09:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\ERDNT\cache\beep.sys
[2004/08/04 09:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys
[2004/08/04 09:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 21:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 21:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: PROQUOTA.EXE >
[2004/08/04 09:00:00 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=4D9D45A4370E0C2AD00C362B7118E2A4 -- C:\WINDOWS\$NtServicePackUninstall$\proquota.exe
[2008/04/13 21:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\ServicePackFiles\i386\proquota.exe
[2008/04/13 21:12:32 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=F6465A2EEF75468988A4FCF124148FA8 -- C:\WINDOWS\system32\proquota.exe

< MD5 for: SCECLI.DLL >
[2004/08/04 09:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 21:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SFCFILES.DLL >
[2004/08/04 09:00:00 | 001,580,544 | ---- | M] (Microsoft Corporation) MD5=30A609E00BD1D4FFC49D6B5A432BE7F2 -- C:\WINDOWS\$NtServicePackUninstall$\sfcfiles.dll
[2008/04/13 21:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ERDNT\cache\sfcfiles.dll
[2008/04/13 21:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\ServicePackFiles\i386\sfcfiles.dll
[2008/04/13 21:12:05 | 001,614,848 | ---- | M] (Microsoft Corporation) MD5=9DD07AF82244867CA36681EA2D29CE79 -- C:\WINDOWS\system32\sfcfiles.dll

< >

========== Alternate Data Streams ==========


extra


OTL Extras logfile created on: 4/6/2010 4:40:20 PM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 209.87 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASPIRE-4400
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"1119:TCP" = 1119:TCP:*:Enabled:blizz

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe" = C:\Program Files\Common Files\NewTech Infosystems\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate -- (Newtech Infosystems, Inc.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Documents and Settings\User\My Documents\Josh\World of Warcraft\WoW-3.2.0-enUS-downloader.exe" = C:\Documents and Settings\User\My Documents\Josh\World of Warcraft\WoW-3.2.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Documents and Settings\User\My Documents\Josh\World of Warcraft\Launcher.exe" = C:\Documents and Settings\User\My Documents\Josh\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Documents and Settings\User\My Documents\Josh\Ventrilo.exe" = C:\Documents and Settings\User\My Documents\Josh\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\User\Local Settings\Apps\2.0\V89KPY71.073\P8CHPWCN.WMA\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe" = C:\Documents and Settings\User\Local Settings\Apps\2.0\V89KPY71.073\P8CHPWCN.WMA\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0A65A3BD-54B5-4d0d-B084-7688507813F5}" = SlideShow
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15C0AF59-4877-49B6-B8C6-A61CE54515F5}" = cp_OnlineProjectsConfig
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DF03ECE-6AF4-414E-B118-C316F151A9A2}" = Corel WordPerfect Office - iFilter
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F58D60D-2BFD-4467-9B4D-64E7355C329D}" = Sonic_PrimoSDK
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{33BF0960-DBA3-4187-B6CC-C969FCFA2D25}" = SkinsHP1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41E776A5-9B12-416D-9A12-B4F7B044EBED}" = CP_Package_Basic1
"{452622B2-CFF1-4373-B773-141FC10A2AB6}" = hpicamDrvQFolder
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4596FA5B-2966-44E6-9DA3-998001CA71DC}" = Unload
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4873CC58-69D8-490D-9E5C-001DC2EE2000}" = WordPerfect Lightning
"{4873CC58-69D8-490D-9E5C-001DC2EE2010}" = WordPerfect Lightning - Messages
"{4873CC58-69D8-490D-9E5C-001DC2EE2020}" = WordPerfect Lightning - IPM
"{4873CC58-69D8-490D-9E5C-001DC2EE2100}" = WordPerfect Lightning - EN
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6696D9A4-28A8-4F5A-8E9A-2E8974C8C39C}" = RandMap
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85F0360D-5B3B-4371-9517-62A5A47F4A5E}" = CameraDrivers
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A29800BA-0BF1-4E63-9F31-DF05A87F4104}" = InstantShareDevices
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B2040694-0DCA-4E8F-A0C8-D4F617320CC0}" = Cisco Media Center
"{B2157760-AA3C-4E2E-BFE6-D20BC52495D9}" = cp_PosterPrintConfig
"{B6286A44-7505-471A-A72B-04EC2DB2F442}" = CueTour
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B69CFE29-FD03-4E0A-87A7-6ED97F98E5B3}" = CP_Panorama1Config
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C023CABF-1FDF-4d84-8E0F-11F30417923E}" = CameraUserGuides
"{C02E97A7-9C07-4d47-8ED3-E6828FAB1408}" = HP Photosmart Cameras 7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1C6767D-B395-43CB-BF99-051B58B86DA6}" = PhotoGallery
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529000}" = WordPerfect Office X4
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529001}" = WordPerfect Office X4 - ICA
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529010}" = WordPerfect Office X4 - Common
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529011}" = WordPerfect Office X4 - WP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529012}" = WordPerfect Office X4 - QP
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529013}" = WordPerfect Office X4 - PR
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529014}" = WordPerfect Office X4 - Content
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529016}" = WordPerfect Office X4 - Skins
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529017}" = WordPerfect Office X4 - Filters
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529018}" = WordPerfect Office X4 - Graphics
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529023}" = WordPerfect Office X4 - System
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529030}" = WordPerfect Office X4 - Migration Manager
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529040}" = WordPerfect Office X4 - IPM
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529041}" = WordPerfect Office X4 - IPM EN
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529050}" = WordPerfect Office X4 - PerfectExperts
"{DCDAB2ED-5741-4C30-A1A4-0FCB8A529100}" = WordPerfect Office X4 - EN
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{ECB9C58E-C565-4683-9599-B72290BD3B25}" = QuickTax 2009
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED2C557E-9C18-41FF-B58E-A05EEF0B3B5F}" = CP_CalendarTemplates1
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"am-tikstexasholdem" = Tik's Texas Hold 'em
"ATI Display Driver" = ATI Display Driver
"Capture NX 2" = Capture NX 2
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative VF0420" = Creative Live! Cam Vista IM Driver (1.00.03.0000)
"EPSON NX100 Series" = EPSON NX100 Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"LimeWire" = LimeWire 5.4.6
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NAV" = Norton AntiVirus
"NSS" = Norton Security Scan
"PDF-XChange 3_is1" = PDF-XChange 3.5
"RealPlayer 12.0" = RealPlayer
"Web Games Player Plugin" = Web Games Player Plugin
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/5/2010 12:13:32 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:13:53 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:23:16 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:23:20 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1001
Description = Fault bucket 115810024.

Error - 2/5/2010 12:23:24 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:23:27 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1001
Description = Fault bucket 115810024.

Error - 2/5/2010 12:24:51 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application moviemk.exe, version 2.1.4026.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 12:24:55 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1001
Description = Fault bucket 115810024.

Error - 2/5/2010 9:51:54 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1002
Description = Hanging application mcui32.exe, version 17.5.0.127, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/5/2010 9:52:10 PM | Computer Name = ASPIRE-4400 | Source = Application Hang | ID = 1001
Description = Fault bucket 1655457744.

[ System Events ]
Error - 4/1/2010 8:37:46 AM | Computer Name = ASPIRE-4400 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/1/2010 8:37:46 AM | Computer Name = ASPIRE-4400 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdPPM BHDrvx86 ccHP eeCtrl Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL
SRTSPX
SymIRON
SYMTDI
Tcpip

Error - 4/1/2010 10:48:06 AM | Computer Name = ASPIRE-4400 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/1/2010 10:46:11 PM | Computer Name = ASPIRE-4400 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/1/2010 11:21:14 PM | Computer Name = ASPIRE-4400 | Source = DCOM | ID = 10010
Description = The server {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} did not register
with DCOM within the required timeout.

Error - 4/2/2010 2:32:54 PM | Computer Name = ASPIRE-4400 | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 c05d4000, parameter2 00000002, parameter3
00000001, parameter4 805462e0.

Error - 4/2/2010 2:36:38 PM | Computer Name = ASPIRE-4400 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 a2a8db30, parameter2 00000001, parameter3
a2124fa6, parameter4 00000000.

Error - 4/3/2010 10:35:52 AM | Computer Name = ASPIRE-4400 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 00226805B087 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 4/4/2010 7:28:45 AM | Computer Name = ASPIRE-4400 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/6/2010 7:28:46 AM | Computer Name = ASPIRE-4400 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\User\Desktop\Guardian:SummaryInformation
< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:33 AM

Posted 06 April 2010 - 03:40 PM

Hi,

Can you tell me what problems you are currently having?

  • Go to Start >> Run
  • Copy and paste the following command line into the Run box, then click OK.
cmd /c mbr -t& start mbr.log
  • A file called mbr.log will pop up please post the contents in your reply.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusOverride"=dword:00000000
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.

unite.jpg


#5 beverly911

beverly911
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 06 April 2010 - 04:14 PM

Hi Syler, Thank you so much for assisting me. My problem began when I tried to log into Facebook and it just refreshed after I logged in..I tried logging into hotmail and the same thing occured. Each webpage that I go to, has an yellow error icon in the bottom left hand of the page. ( including this one) I have attached the requested logs, and await your reply.

Member Log
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


OTL Log (Fix)
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\Program Files\WebEx\ieatgpc.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ deleted successfully.
File {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:00000000 /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes


New OTL scan

OTL logfile created on: 4/6/2010 6:11:17 PM - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 58.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 210.36 Gb Free Space | 70.57% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASPIRE-4400
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
PRC - [2010/04/05 18:16:00 | 001,682,944 | ---- | M] (Curse) -- C:\Documents and Settings\User\Local Settings\Apps\2.0\V89KPY71.073\P8CHPWCN.WMA\curs..tion_eee711038731a406_0004.0000_152ef8e82e8f5a48\CurseClient.exe
PRC - [2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/03/29 08:29:04 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/03/18 05:43:04 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/21 18:34:14 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/15 12:29:06 | 001,453,696 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe
PRC - [2009/06/15 12:28:34 | 003,350,144 | ---- | M] (Cisco Systems, Inc) -- C:\Program Files\Cisco Media Center\AVMediaServer.exe
PRC - [2009/04/07 10:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/08 16:50:04 | 000,054,576 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe
PRC - [2008/11/13 16:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/09/30 15:06:50 | 000,485,208 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/07/23 13:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2008/04/13 21:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 02:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0420Mon.exe
PRC - [2006/02/19 05:21:22 | 000,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/02/10 08:56:12 | 000,479,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe


========== Modules (SafeList) ==========

MOD - [2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
MOD - [2010/01/21 18:34:51 | 000,102,400 | ---- | M] (RealPlayer) -- C:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/08/13 10:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2003/03/18 21:14:50 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2003/02/21 06:42:20 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ccSvcHst.exe -- (NAV)
SRV - [2009/06/15 12:28:34 | 003,350,144 | ---- | M] (Cisco Systems, Inc) [Auto | Running] -- C:\Program Files\Cisco Media Center\AVMediaServer.exe -- (Cisco Media Server)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 16:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/07/23 13:54:10 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 17:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/02/26 23:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/26 23:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\NAV\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/26 23:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 20:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/17 11:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 11:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/03 22:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NAV\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/03 22:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2010/02/03 21:45:22 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100406.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/03 21:45:22 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\VirusDefs\20100406.003\NAVENG.SYS -- (NAVENG)
DRV - [2009/11/09 16:55:04 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/09 16:31:55 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2009/11/05 19:06:13 | 000,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 19:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/21 06:22:00 | 000,298,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/10/06 19:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/29 06:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/29 06:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/21 13:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/12 19:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 19:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 15:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/30 22:32:34 | 000,099,648 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) Live! Cam Vista IM (VF0420)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004/12/17 18:14:44 | 000,013,952 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.theguardian.pe.ca/
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E CD 9C C5 48 D1 CA 01 [binary data]
IE - HKU\S-1-5-21-790525478-1547161642-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\copytolightning@corel.com: c:\Program Files\Corel\WordPerfect Lightning\Programs\FirefoxExtension\ [2009/11/09 16:48:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.0.0.136\IPSFFPlgn\ [2009/11/09 16:55:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 22:44:18 | 000,000,000 | ---D | M]

[2009/12/08 21:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2009/12/08 21:02:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2010/03/31 17:13:54 | 000,000,598 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [QuickFinder Scheduler] c:\Program Files\Corel\WordPerfect Office X4\Programs\QFSCHD140.EXE (Corel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [V0420Mon.exe] C:\WINDOWS\V0420Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-790525478-1547161642-839522115-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Cisco Media Server.lnk = C:\Program Files\Cisco Media Center\CESAvegaMediaServer.exe (Cisco Systems, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1547161642-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Open with WordPerfect - c:\Program Files\Corel\WordPerfect Office X4\Programs\WPLauncher.hta ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.222.0.94 24.222.0.95
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/09 16:32:32 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/06 17:58:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/06 16:29:33 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/02 13:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/01 16:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer3
[2010/04/01 13:50:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\gmer
[2010/04/01 12:00:39 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.45.exe
[2010/04/01 11:55:22 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/01 09:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/04/01 09:16:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\SUPERAntiSpyware.com
[2010/04/01 09:16:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/04/01 09:14:43 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\User\Desktop\ATF-Cleaner.exe
[2010/04/01 09:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/01 08:58:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/03/31 23:20:18 | 009,823,176 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\windows-kb890830-v3.5.exe
[2010/03/31 22:34:15 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Documents and Settings\User\Desktop\fsbl.exe
[2010/03/31 17:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/03/31 17:52:12 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTsetup.exe
[2010/03/31 17:35:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/31 17:34:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/31 17:34:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/31 17:34:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/31 17:34:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/31 17:34:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/31 17:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/31 13:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 13:58:40 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/31 07:23:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2010/03/31 07:23:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/31 07:23:32 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/31 07:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/31 07:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/30 00:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\PartyGaming
[2010/03/26 11:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\My Documents\My Scans
[2010/03/18 05:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/03/13 23:09:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Intuit Canada
[2010/03/13 23:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 4.0
[2010/03/13 23:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/03/13 23:08:52 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTax 2009
[2010/03/13 23:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit Canada
[2010/03/11 23:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/11 23:31:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/10 18:41:48 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/02/28 13:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/01/20 04:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/07 23:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/11/10 22:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/11/10 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/10 13:48:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/11/05 17:44:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/05 15:51:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006/02/19 04:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

========== Files - Modified Within 30 Days ==========

[2010/04/06 18:05:04 | 000,000,259 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Login Facebook.url
[2010/04/06 18:01:31 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/06 18:01:23 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/04/06 18:01:06 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/06 18:00:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 18:00:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 17:59:52 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010/04/06 17:59:52 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010/04/06 17:48:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/06 17:36:25 | 000,000,556 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for User.job
[2010/04/06 16:29:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\OTL.exe
[2010/04/06 16:08:08 | 000,000,796 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/04/06 14:37:55 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Microsoft Office Outlook 2003.lnk
[2010/04/06 10:05:55 | 000,000,300 | ---- | M] () -- C:\Documents and Settings\User\Desktop\The Job Board – Dive into a new job.url
[2010/04/06 09:54:07 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Let me google that for you.url
[2010/04/05 22:24:30 | 000,002,516 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/04/05 18:16:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/03 15:23:34 | 000,069,434 | ---- | M] () -- C:\Documents and Settings\User\Desktop\system.zip
[2010/04/02 18:15:11 | 001,318,084 | ---- | M] () -- C:\Documents and Settings\User\Desktop\system.nfo
[2010/04/02 17:57:06 | 000,000,589 | ---- | M] () -- C:\register.bat
[2010/04/02 17:54:44 | 000,000,089 | ---- | M] () -- C:\remove.bat
[2010/04/01 22:03:45 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/01 16:09:38 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer3.zip
[2010/04/01 16:07:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer2.zip
[2010/04/01 13:02:03 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/01 12:59:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/01 12:55:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/01 12:01:20 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 12:00:53 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.45.exe
[2010/04/01 09:16:49 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/01 09:15:35 | 007,976,992 | ---- | M] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/04/01 09:14:49 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\User\Desktop\ATF-Cleaner.exe
[2010/04/01 09:00:44 | 003,224,042 | -H-- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\IconCache.db
[2010/04/01 09:00:34 | 000,665,310 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\Cat.DB
[2010/04/01 08:46:02 | 000,000,265 | -HS- | M] () -- C:\boot.ini
[2010/04/01 08:42:02 | 000,000,281 | ---- | M] () -- C:\old boot load boot.ini
[2010/04/01 00:00:22 | 000,001,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.LNK
[2010/03/31 23:20:23 | 009,823,176 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\User\Desktop\windows-kb890830-v3.5.exe
[2010/03/31 22:48:42 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/03/31 22:34:28 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Documents and Settings\User\Desktop\fsbl.exe
[2010/03/31 19:29:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/31 17:52:23 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/31 17:52:18 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\User\Desktop\HJTsetup.exe
[2010/03/31 17:43:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/31 17:34:09 | 003,906,159 | R--- | M] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/03/31 15:26:50 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\My Documents\abcbeverly.xls
[2010/03/31 14:20:17 | 000,672,236 | ---- | M] () -- C:\Documents and Settings\User\My Documents\2010 windows scan result.cab
[2010/03/31 13:58:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/03/31 13:58:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/03/31 13:58:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/03/31 13:58:30 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/26 22:15:54 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1106000.020\isolate.ini
[2010/03/26 19:38:56 | 000,000,274 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Job Bank - Results.url
[2010/03/26 19:28:29 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Josh MacEachern intro .doc
[2010/03/26 19:26:46 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\User\My Documents\resumejoshemt.doc
[2010/03/26 12:07:24 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Thane income 2009 confirmation.doc
[2010/03/26 11:22:41 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/03/25 14:22:50 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Personal budget1.xls
[2010/03/24 21:14:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\User\My Documents\moccasins project (Jennifer&Layne).doc
[2010/03/24 21:13:58 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\User\My Documents\mocassins FRENCH.doc
[2010/03/21 19:09:14 | 000,002,685 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Home Page - North River Minor Hockey Association.url
[2010/03/21 08:29:04 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/21 08:29:04 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/21 08:29:03 | 000,555,168 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/18 13:23:40 | 000,153,601 | ---- | M] () -- C:\Documents and Settings\User\Desktop\TACMBC26.pdf
[2010/03/15 19:43:33 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/15 18:21:38 | 000,247,904 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/15 14:44:47 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Moccasins facts project (Jennifer&Layne).doc
[2010/03/14 22:00:53 | 000,063,776 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/13 23:09:02 | 000,001,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTax 2009.lnk
[2010/03/12 18:02:38 | 000,261,632 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/11 04:04:07 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/09 02:25:49 | 000,000,044 | ---- | M] () -- C:\WINDOWS\cdplayer.ini

========== Files Created - No Company Name ==========

[2010/04/06 17:55:39 | 000,000,298 | ---- | C] () -- C:\Documents and Settings\User\mbr.log
[2010/04/06 10:05:55 | 000,000,300 | ---- | C] () -- C:\Documents and Settings\User\Desktop\The Job Board – Dive into a new job.url
[2010/04/05 18:16:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/04/02 18:20:04 | 000,069,434 | ---- | C] () -- C:\Documents and Settings\User\Desktop\system.zip
[2010/04/02 18:11:47 | 001,318,084 | ---- | C] () -- C:\Documents and Settings\User\Desktop\system.nfo
[2010/04/02 17:56:10 | 000,000,589 | ---- | C] () -- C:\register.bat
[2010/04/02 17:54:29 | 000,000,089 | ---- | C] () -- C:\remove.bat
[2010/04/01 16:09:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer3.zip
[2010/04/01 16:07:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer2.zip
[2010/04/01 13:01:39 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\User\Desktop\gmer.zip
[2010/04/01 12:58:42 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\User\Desktop\dds.scr
[2010/04/01 12:55:51 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\defogger_reenable
[2010/04/01 09:16:49 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/04/01 09:15:24 | 007,976,992 | ---- | C] () -- C:\Documents and Settings\User\Desktop\SUPERAntiSpyware.exe
[2010/04/01 08:42:02 | 000,000,281 | ---- | C] () -- C:\old boot load boot.ini
[2010/03/31 17:52:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\User\Desktop\HijackThis.lnk
[2010/03/31 17:35:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/31 17:35:28 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/31 17:34:36 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/31 17:34:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/31 17:34:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/31 17:34:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/31 17:34:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/31 17:34:04 | 003,906,159 | R--- | C] () -- C:\Documents and Settings\User\Desktop\ComboFix.exe
[2010/03/31 15:26:50 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\My Documents\abcbeverly.xls
[2010/03/31 14:21:07 | 000,672,236 | ---- | C] () -- C:\Documents and Settings\User\My Documents\2010 windows scan result.cab
[2010/03/31 07:23:37 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/31 00:26:50 | 001,808,616 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/03/26 19:38:56 | 000,000,274 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Job Bank - Results.url
[2010/03/26 17:56:52 | 000,040,960 | ---- | C] () -- C:\Documents and Settings\User\My Documents\resumejoshemt.doc
[2010/03/26 16:53:36 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Josh MacEachern intro .doc
[2010/03/26 12:04:39 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Thane income 2009 confirmation.doc
[2010/03/18 13:23:40 | 000,153,601 | ---- | C] () -- C:\Documents and Settings\User\Desktop\TACMBC26.pdf
[2010/03/16 21:49:07 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\User\My Documents\mocassins FRENCH.doc
[2010/03/15 14:44:47 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Moccasins facts project (Jennifer&Layne).doc
[2010/03/15 14:44:24 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\User\My Documents\moccasins project (Jennifer&Layne).doc
[2010/03/13 23:09:01 | 000,001,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTax 2009.lnk
[2010/03/11 23:32:08 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/09 01:59:43 | 000,000,044 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/02/21 14:34:59 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\CDDA537F10.sys
[2010/02/14 20:29:08 | 000,000,285 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/31 18:03:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\CDMKR32.INI
[2009/12/27 20:04:59 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/25 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pipe Organ
[2009/12/25 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Piano Hard
[2009/12/25 21:45:32 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
[2009/12/25 21:45:32 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Vocal Transformer
[2009/12/25 21:45:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Planets
[2009/12/25 21:45:30 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Piano Med
[2009/12/25 21:45:30 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\WebServer
[2009/12/25 21:41:12 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2009/12/25 21:27:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/12/25 21:24:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Guides
[2009/12/25 21:24:17 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Generic
[2009/12/25 21:24:17 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/12/25 21:24:17 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Home
[2009/12/25 21:17:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Grapher
[2009/12/25 21:17:08 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\User\Application Data\Galaxy Swirl
[2009/12/25 21:17:08 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/25 21:17:08 | 000,000,012 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Halftone
[2009/11/12 04:21:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2009/11/10 22:50:12 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/11/10 17:03:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\fusioncache.dat
[2009/11/10 16:50:43 | 000,000,543 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/11/10 16:50:11 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/10 14:06:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/11/09 16:50:28 | 000,002,516 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/11/09 16:32:55 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2009/11/09 16:31:59 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2009/11/06 09:02:03 | 000,076,277 | ---- | C] () -- C:\Documents and Settings\User\CCCInstall_200911060802032187.log
[2009/11/05 15:56:30 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\User\ntuser.dat.LOG
[2009/11/05 15:56:30 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\User\ntuser.ini
[2009/11/05 15:56:29 | 007,602,176 | -H-- | C] () -- C:\Documents and Settings\User\NTUSER.DAT
[2009/10/21 06:22:00 | 000,298,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2004/12/17 18:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/26 17:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/04 00:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 17:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 23:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\User\Desktop\Guardian:SummaryInformation
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:33 AM

Posted 07 April 2010 - 09:08 AM

Hello beverly911,

Your logs are looking ok to me, does the yellow error icon say anything if you click it?


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

Thanks

unite.jpg


#7 beverly911

beverly911
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:07:33 PM

Posted 07 April 2010 - 11:37 AM

Good afternoon Syler,
I did the JavaRa.exe scan to completion. I could not download the ESET download I got an error as follows: '_gat' is undefinded
on-line scanner line 91
Code 0 char 1


This is very similiar to the errors I get on every page I try to go to . Facebook was "bootload undefinded" etc
This page is 'object expected'
index php line 53
'ipsmenu is undefinded'
index php line 117
'IPS_editor is undefined'
index php line 552
code 0 char 1
'ipsattach is undefinded'
index php line 580
'object expected'
index php line 747


every webpage has a similiar but different error.

awaiting your reply
Beverly


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:33 AM

Posted 07 April 2010 - 01:00 PM

Hi Beverly,

I have had a look round about your errors and they seem to be fairly common but with no real answer. I think it would
be much better if you posted in this forum about the IE issues as it doesn't appear to be caused by malware.

My advice would be to install Firefox as it is much better and safer, but it would still be nice to see if you can find out
what is causing the IE problem.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall your computer is
susceptible to being hacked and taken over. Windows firewall is good for blocking inbound connections but it does not block
outbound connections. So if Malware manages to get onto your computer it will be able to send data out when it wants.
Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra layer of protection.
You should update and scan with it as you would with your Anti Virus, Most Anti Spyware programs don't have active protection,
unless you have a paid version, so in that case you can have more than one installed for scanning purposes but you also don't
want to bloat your computer with these programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically mean that, what you are doing
will not make a permenant changes to your system, unless you allow it too. So you can be surfing the web inside Sandboxie then if you
happen to stumble upon a bad site and get infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be
considered 100% secure as no program can be, but it can be a great help and is an excellent program. You can find a download link and
more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install Firefox and install
some addons that will make the browser even safer. You can download the latest version of Firefox here, if you already
have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:33 AM

Posted 10 April 2010 - 11:40 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users