Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Antivirus Soft


  • This topic is locked This topic is locked
20 replies to this topic

#1 cherylmcl

cherylmcl

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 04 April 2010 - 06:26 PM

Hi

I am finding it difficult to remove antivirus soft with the uninstall instructions you gave on one of your threads - http://www.bleepingcomputer.com/virus-remo...-antivirus-soft. This virus will not allow me to access any programmes or download any software within normal mode therefore i tried to follow your instructions to remove this via safe mode on networking which i have been unsuccesful.

The reason for this is malware bytes is refusing to open, i double click the icon but nothing happens. I have tried uninstalling this but it will not allow me to do so therefore it still remains on my computer with me not being able to open it. I have tried downloading SUPERAntiSpyware as an alternative however it wont even allow me to download this to my computer.

Due to failure of completing the uninstall instructions i followed your thread - http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/ - which has brought me to where i am. Unfortunately i was unable to open gmer file. It allowed me to save to my desktop and extract files but will not allow me to open this. Thereore i was unable to attach the Ark.txt log that you have asked for when using GMER.

I am looking for some help on this please. If you require any further information please email and i will try my best to explain more. Thanks in advance.


Logfile below:


DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by ManMeat at 0:07:12.93 on 05/04/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.720 [GMT 1:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\ManMeat\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride =
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uURLSearchHooks: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\sdra64.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: DVDVideoSoft Toolbar: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - c:\program files\dvdvideosoft\tbDVDV.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [klhddvqq] c:\documents and settings\manmeat\local settings\application data\ewqnjblgf\tpibwqotssd.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Ifiwojuyiboxav] rundll32.exe "c:\windows\axedebir.dll",Startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [klhddvqq] c:\documents and settings\manmeat\local settings\application data\ewqnjblgf\tpibwqotssd.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223754868301
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli pjlubdhs.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\manmeat\applic~1\mozilla\firefox\profiles\roxn1p9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\manmeat\application data\mozilla\firefox\profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\manmeat\application data\mozilla\firefox\profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {372A1852-A236-4E88-9410-91A03540940A} - c:\documents and settings\manmeat\local settings\application data\{372A1852-A236-4E88-9410-91A03540940A}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2008-10-11 160640]
R4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2008-10-11 5248]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-4-2 11608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-4-2 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-4-2 267432]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-4-2 60936]

=============== Created Last 30 ================

2010-04-04 23:05:34 54 ----a-w- c:\documents and settings\manmeat\defogger_reenable
2010-04-04 22:52:47 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-04-04 20:46:28 0 d-----w- c:\windows\pss
2010-04-04 20:26:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 20:26:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-04 20:26:52 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 20:26:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-02 19:11:46 0 d-----w- c:\docume~1\manmeat\applic~1\Avira
2010-04-02 19:07:49 0 d-----w- c:\program files\Enigma Software Group
2010-04-02 19:02:46 0 d-----w- c:\windows\system32\NtmsData
2010-04-02 19:00:12 0 d-----w- c:\program files\Avira
2010-04-02 19:00:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-04-02 18:25:38 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-11 11:40:19 24929 ----a-w- c:\windows\Sysvxd.exe
2010-03-11 05:03:44 2972 ----a-w- c:\windows\Wzapikufevorid.dat
2010-03-11 05:03:44 0 ----a-w- c:\windows\Inafeq.bin
2010-03-11 05:00:02 0 d-sh--w- c:\windows\system32\lowsec
2010-03-10 21:19:06 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-12 13:07:49 411368 ----a-w- c:\windows\system32\deploytk.dll
2008-12-30 18:19:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2008-12-30 18:19:03 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-12-30 18:19:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 0:08:35.90 ===============


Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 08 April 2010 - 11:39 AM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have since
resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    /md5stop
    CREATERESTOREPOINT

  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 08 April 2010 - 02:55 PM

Thanks very much for your response Syler. I am still experiencing these major issues therefore please find the additional information you requested below:

OTL logfile created on: 08/04/2010 20:49:51 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\ManMeat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 769.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 7.66 Gb Free Space | 6.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP5000
Current User Name: ManMeat
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/11 20:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/01/10 18:54:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 18:07:00 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1801674531-616249376-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1801674531-616249376-682003330-1003\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1801674531-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {372A1852-A236-4E88-9410-91A03540940A}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{372A1852-A236-4E88-9410-91A03540940A}: C:\Documents and Settings\ManMeat\Local Settings\Application Data\{372A1852-A236-4E88-9410-91A03540940A} [2010/03/11 06:03:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/11 05:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/11 05:16:30 | 000,000,000 | ---D | M]

[2008/10/11 19:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Extensions
[2010/03/30 00:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions
[2009/09/14 16:11:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 18:07:14 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/01/14 02:24:39 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\searchplugins\conduit.xml
[2010/04/03 19:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/12 23:52:38 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKU\S-1-5-21-1801674531-616249376-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1801674531-616249376-682003330-1003\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1801674531-616249376-682003330-1003\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Ifiwojuyiboxav] C:\WINDOWS\axedebir.DLL (Padus Incorporated)
O4 - HKLM..\Run: [klhddvqq] C:\Documents and Settings\ManMeat\Local Settings\Application Data\ewqnjblgf\tpibwqotssd.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKU\S-1-5-21-1801674531-616249376-682003330-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1801674531-616249376-682003330-1003..\Run: [lrkrdmxk] C:\Documents and Settings\ManMeat\Local Settings\Application Data\kylqjvsnf\mwgafsotssd.exe ()
O4 - HKU\S-1-5-21-1801674531-616249376-682003330-1003..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1223754868301 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/11 17:36:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\Shell - "" = AutoRun
O33 - MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\Shell - "" = AutoRun
O33 - MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010/04/08 20:48:59 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
[2010/04/05 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\kylqjvsnf
[2010/04/05 00:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\gmer
[2010/04/04 23:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/04 23:38:23 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ManMeat\Desktop\setup.exe
[2010/04/04 22:50:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/04 21:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/04 21:26:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/04 21:26:52 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/04 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/04 21:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 19:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\ewqnjblgf
[2010/04/02 21:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\utorrent downloads
[2010/04/02 20:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Application Data\Avira
[2010/04/02 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/02 20:02:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/02 20:00:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/02 20:00:12 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/02 20:00:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/02 20:00:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/02 20:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/02 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/02 19:25:38 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/12 15:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\Homework 12-03-10
[2010/03/11 06:03:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\{372A1852-A236-4E88-9410-91A03540940A}
[2010/03/11 06:00:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/03/10 22:19:06 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/01/14 00:07:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/30 19:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/22 20:48:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.sys
[2008/10/11 20:07:17 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008/10/11 20:07:17 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\ManMeat\Desktop\*.tmp files -> C:\Documents and Settings\ManMeat\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
[2010/04/08 20:45:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/08 20:44:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/05 14:54:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 14:54:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 01:42:20 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\ManMeat\NTUSER.DAT
[2010/04/05 01:42:20 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ManMeat\ntuser.ini
[2010/04/05 01:42:16 | 001,568,656 | -H-- | M] () -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\IconCache.db
[2010/04/05 00:13:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\gmer.zip
[2010/04/05 00:09:23 | 001,440,054 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Instrictions for DDS.bmp
[2010/04/05 00:06:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\dds.scr
[2010/04/05 00:05:35 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\ManMeat\defogger_reenable
[2010/04/05 00:05:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Defogger.exe
[2010/04/04 23:43:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 23:38:30 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ManMeat\Desktop\setup.exe
[2010/04/04 23:15:10 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-20051102}.CDF
[2010/04/04 23:15:10 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-20051102}.BAK
[2010/04/04 23:13:33 | 000,002,972 | ---- | M] () -- C:\WINDOWS\Wzapikufevorid.dat
[2010/04/04 23:10:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 22:54:01 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\rkill.com
[2010/04/04 22:49:20 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/03 18:48:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 13:00:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Inafeq.bin
[2010/04/02 22:46:36 | 000,110,930 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Laeticia_Tour-De-Prague_WATCH4BEAUTY.jpg
[2010/04/02 22:46:21 | 000,179,363 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\BluEyedCass_amazing-legs.jpg
[2010/04/02 20:00:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/30 09:20:31 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\- Downloads 30-3-10.doc
[2010/03/30 08:35:15 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 08:35:15 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 08:35:15 | 000,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 02:10:23 | 000,024,929 | ---- | M] () -- C:\WINDOWS\Sysvxd.exe
[2010/03/30 00:44:50 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Spike Jonze – Im Here.doc
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 00:18:43 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\films 24-3-10.doc
[2010/03/23 14:23:10 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\James Brown Detailed artist information.doc
[2010/03/23 12:07:10 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\ManMeat\default.pls
[2010/03/12 16:35:16 | 000,283,136 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\law - Download.doc
[2010/03/11 13:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 13:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 13:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 13:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 13:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 13:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 13:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 13:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 13:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 13:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 13:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 13:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 13:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 13:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 13:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 13:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 13:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 13:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 13:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 13:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 13:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 13:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 13:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 13:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 13:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 13:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 13:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 13:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 13:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 13:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 13:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 13:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 13:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 13:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 13:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 13:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 13:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 13:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 13:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 13:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 13:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 13:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 13:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/11 06:03:15 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio virus.doc
[2010/03/11 06:01:46 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio search.doc
[2010/03/11 04:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/03/10 14:18:46 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2010/03/10 14:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2010/03/10 14:18:21 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2010/03/10 14:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2010/03/10 14:18:20 | 000,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[7 C:\Documents and Settings\ManMeat\Desktop\*.tmp files -> C:\Documents and Settings\ManMeat\Desktop\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/05 14:54:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 01:41:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 00:10:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\gmer.zip
[2010/04/05 00:09:22 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Instrictions for DDS.bmp
[2010/04/05 00:06:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\dds.scr
[2010/04/05 00:05:34 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\ManMeat\defogger_reenable
[2010/04/05 00:05:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Defogger.exe
[2010/04/04 22:54:00 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\rkill.com
[2010/04/04 21:26:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 22:46:35 | 000,110,930 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Laeticia_Tour-De-Prague_WATCH4BEAUTY.jpg
[2010/04/02 22:46:21 | 000,179,363 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\BluEyedCass_amazing-legs.jpg
[2010/04/02 20:00:27 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/30 09:20:30 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\- Downloads 30-3-10.doc
[2010/03/30 00:44:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Spike Jonze – Im Here.doc
[2010/03/25 00:18:43 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\films 24-3-10.doc
[2010/03/23 14:23:09 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\James Brown Detailed artist information.doc
[2010/03/12 14:36:36 | 000,283,136 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\law - Download.doc
[2010/03/11 12:40:19 | 000,024,929 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2010/03/11 06:03:44 | 000,002,972 | ---- | C] () -- C:\WINDOWS\Wzapikufevorid.dat
[2010/03/11 06:03:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Inafeq.bin
[2010/03/11 06:02:52 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio virus.doc
[2010/03/11 06:01:46 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio search.doc
[2010/01/18 23:11:00 | 000,007,224 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/13 23:20:21 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/01/13 23:20:21 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/12/27 12:19:43 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2009/09/07 22:12:04 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\ManMeat\default.pls
[2008/11/22 20:48:29 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\vso_ts_preview.xml
[2008/11/22 20:48:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.log
[2008/11/22 20:48:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\inst.exe
[2008/11/22 20:48:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.cat
[2008/11/22 20:48:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.inf
[2008/10/11 21:43:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 21:43:28 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 20:28:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/11 20:21:46 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/11 19:59:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/11 19:35:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/11 18:47:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ManMeat\ntuser.ini
[2008/10/11 18:47:52 | 000,245,760 | -H-- | C] () -- C:\Documents and Settings\ManMeat\ntuser.dat.LOG
[2008/10/11 18:47:51 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\ManMeat\NTUSER.DAT
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/23 15:11:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/10/09 18:42:02 | 000,732,200 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB943232-x86-ENU.exe


< MD5 for: AGP440.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/12 22:58:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/12 22:58:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/12 22:58:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/12 22:58:18 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 00:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 00:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 00:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< End of report >

OTL Extras logfile created on: 08/04/2010 20:49:52 - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\ManMeat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 769.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 7.66 Gb Free Space | 6.69% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP5000
Current User Name: ManMeat
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1801674531-616249376-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [ID3-TagIT] -- "C:\Program Files\ID3-TagIT 3\ID3-TagIT.exe" "/P=%1" ( )
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{43FFE159-3199-4188-A1CD-629166AD1033}" = Nero 7 Ultra Edition
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack for FAT and GetDataBack for NTFS
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67A386CE-825D-40DA-8DC8-2098E33B8FF3}" = ATI Catalyst Control Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.2.4.82
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help
"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = Alcohol 120%
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"dBPowerAMP AIFF codec r4" = dBPowerAMP AIFF codec r4
"dBpowerAMP FLAC Codec" = dBpowerAMP FLAC Codec
"dBpowerAMP Mp3 Blade Codec" = dBpowerAMP Mp3 Blade Codec
"dBpowerAMP Mp4 Codec" = dBpowerAMP Mp4 Codec
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"dBpowerAMP Ogg Vorbis Codec" = dBpowerAMP Ogg Vorbis Codec
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"ExplorerSee_is1" = ExplorerSee 3.2
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"ID3-TagIT 3_is1" = ID3-TagIT 3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MP3MyMP3 2.0_is1" = MP3MyMP3 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"ST6UNST #1" = A+ Exam Prep Demo
"Tag&Rename_is1" = Tag&Rename 3.5.4
"Total Video Converter 3.11_is1" = Total Video Converter 3.11 070908
"UltraISO_is1" = UltraISO 8.0 Premium Edition
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.4
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1801674531-616249376-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/10/2009 10:20:13 | Computer Name = HP5000 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module nemp4splitter.ax, version 4.9.4.1, fault address 0x0002a65b.

Error - 29/10/2009 15:59:43 | Computer Name = HP5000 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3523, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 31/10/2009 09:11:17 | Computer Name = HP5000 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x0607ceb0.

Error - 31/10/2009 09:11:24 | Computer Name = HP5000 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 31/10/2009 09:11:50 | Computer Name = HP5000 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/11/2009 23:18:29 | Computer Name = HP5000 | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 26/11/2009 07:49:30 | Computer Name = HP5000 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x064bceb0.

Error - 04/12/2009 20:19:35 | Computer Name = HP5000 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 04/12/2009 20:45:23 | Computer Name = HP5000 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 21/12/2009 09:47:34 | Computer Name = HP5000 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 04/04/2010 19:09:15 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 19:11:28 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 19:11:59 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 19:12:12 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 19:14:53 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 04/04/2010 20:42:17 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/04/2010 09:47:05 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 05/04/2010 09:48:11 | Computer Name = HP5000 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips Processor ssmdrv

Error - 08/04/2010 15:45:28 | Computer Name = HP5000 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 08/04/2010 15:46:40 | Computer Name = HP5000 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips Processor ssmdrv


< End of report >


Look forward to hearing from you.

Thanks again,

Cheryl smile.gif

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 09 April 2010 - 07:14 AM

Hi Cheryl,

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Ifiwojuyiboxav] C:\WINDOWS\axedebir.DLL (Padus Incorporated)
    O4 - HKLM..\Run: [klhddvqq] C:\Documents and Settings\ManMeat\Local Settings\Application Data\ewqnjblgf\tpibwqotssd.exe ()
    O4 - HKU\S-1-5-21-1801674531-616249376-682003330-1003..\Run: [lrkrdmxk] C:\Documents and Settings\ManMeat\Local Settings\Application Data\kylqjvsnf\mwgafsotssd.exe ()
    O4 - HKU\S-1-5-21-1801674531-616249376-682003330-1003..\Run: [SVCHOST.EXE] C:\WINDOWS\System32\drivers\svchost.exe File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
    O33 - MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\Shell - "" = AutoRun
    O33 - MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\Shell - "" = AutoRun
    O33 - MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\Shell\AutoRun - "" = Auto&Play
    [2010/03/11 06:00:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Please click this link-->Virustotal
When the Virustotal page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\wc98pp.dll

Please post back with the link to the scan results, in your next post.
If Virustotal is busy, try the same at Jotti: http://virusscan.jotti.org/


Then please post back here with the following logs:
  • GooredFix.txt
  • OTL results
  • New OTL log
  • MBAM log
  • Virustotal link

Thanks

unite.jpg


#5 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 09 April 2010 - 12:30 PM

Hi

Here is the information you requested:

Please note i have malware bytes installed on my PC however it will not allow me to open this. I have tried reinstalling this however this program will still not open therefore i am unable to provide you a MBAM report.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 18:07 on 09/04/2010 (ManMeat)
Firefox version 3.5.8 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{372A1852-A236-4E88-9410-91A03540940A} -> Success!
Deleting C:\Documents and Settings\ManMeat\Local Settings\Application Data\{372A1852-A236-4E88-9410-91A03540940A} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:25 11/10/2008]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [23:38 19/10/2008]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [13:08 12/01/2010]

C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [15:11 14/09/2009]
{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [17:07 14/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [20:11 11/10/2008]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [13:07 12/01/2010]

-=E.O.F=-

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ifiwojuyiboxav deleted successfully.
C:\WINDOWS\axedebir.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\klhddvqq deleted successfully.
C:\Documents and Settings\ManMeat\Local Settings\Application Data\ewqnjblgf\tpibwqotssd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\lrkrdmxk deleted successfully.
C:\Documents and Settings\ManMeat\Local Settings\Application Data\kylqjvsnf\mwgafsotssd.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-616249376-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SVCHOST.EXE deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddfacca-133b-11de-b82a-00110914cce0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cddfacca-133b-11de-b82a-00110914cce0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cddfacca-133b-11de-b82a-00110914cce0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eae44f6f-c1c0-11de-b88f-00110914cce0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eae44f6f-c1c0-11de-b88f-00110914cce0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eae44f6f-c1c0-11de-b88f-00110914cce0}\ not found.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Guest
->Temp folder emptied: 105477 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ManMeat
->Temp folder emptied: 1463403716 bytes
->Temporary Internet Files folder emptied: 547640308 bytes
->Java cache emptied: 28055654 bytes
->FireFox cache emptied: 65776999 bytes
->Flash cache emptied: 1891454 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 4486673 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2651837 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23946300 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 47395008 bytes

Total Files Cleaned = 2,086.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Guest

User: LocalService

User: ManMeat
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.1.0 log created on 04092010_180853

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\sdra64.exe scheduled to be moved on reboot.
Folder move failed. C:\WINDOWS\System32\lowsec scheduled to be moved on reboot.
C:\Documents and Settings\ManMeat\Local Settings\Temporary Internet Files\Content.IE5\WR4XNM51\4L2CA58P2MACAUIKSHJCA31E4T9CAI6FQNUCAEWV16ECAPAMY2DCAKS19BNCAULC7KICAVE0IPOCAGHAN8JCAY1YFRYCAOATLQKCAPK0Q8RCABAXZSDCA3OL5Q8CAU73S1MCA235QG7CAVIR819CAIHKHV1.htm moved successfully.
C:\Documents and Settings\ManMeat\Local Settings\Temporary Internet Files\Content.IE5\WR4XNM51\topic307211[1].htm moved successfully.
C:\Documents and Settings\ManMeat\Local Settings\Temporary Internet Files\Content.IE5\QC0N8WOA\ads[11].htm moved successfully.
C:\Documents and Settings\ManMeat\Local Settings\Temporary Internet Files\Content.IE5\QC0N8WOA\search[2].htm moved successfully.
C:\Documents and Settings\ManMeat\Local Settings\Temporary Internet Files\Content.IE5\BKX5FENL\iframe[1].htm moved successfully.

Registry entries deleted on Reboot...

OTL logfile created on: 09/04/2010 18:14:12 - Run 2
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\ManMeat\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1,022.00 Mb Total Physical Memory | 773.00 Mb Available Physical Memory | 76.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 9.71 Gb Free Space | 8.48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP5000
Current User Name: ManMeat
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
MOD - [2008/04/14 01:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/16 15:36:32 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/10/11 20:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/04/13 19:45:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2007/04/18 08:59:40 | 000,098,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2007/04/12 08:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CT20XUT.DLL -- (CT20XUT.DLL)
DRV - [2007/04/12 08:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV - [2007/04/12 08:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV - [2007/04/12 08:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV - [2007/04/12 08:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV - [2007/04/12 08:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV - [2007/04/12 08:10:20 | 000,094,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV - [2007/04/12 08:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,560,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV - [2007/04/12 08:10:16 | 000,546,048 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2007/04/10 06:00:24 | 000,157,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2007/04/10 05:59:04 | 000,126,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2007/04/10 04:32:06 | 000,189,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2007/04/10 04:31:18 | 000,163,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2007/04/10 04:29:10 | 000,797,992 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2007/04/10 04:28:36 | 000,092,968 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2007/04/10 04:25:46 | 000,014,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2007/04/10 04:21:06 | 000,347,128 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2007/04/10 04:20:38 | 000,520,488 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2007/04/10 04:19:30 | 000,511,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/01/10 18:54:00 | 001,421,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/28 18:07:00 | 000,156,800 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/04/30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\a347bus.sys -- (a347bus)
DRV - [2004/04/30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\a347scsi.sys -- (a347scsi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {372A1852-A236-4E88-9410-91A03540940A}:1.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/11 05:16:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/11 05:16:30 | 000,000,000 | ---D | M]

[2008/10/11 19:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Extensions
[2010/03/30 00:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions
[2009/09/14 16:11:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 18:07:14 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010/01/14 02:24:39 | 000,000,881 | ---- | M] () -- C:\Documents and Settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\searchplugins\conduit.xml
[2010/04/03 19:43:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/12 23:52:38 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
[2009/08/24 20:10:36 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Program Files\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing LP)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1223754868301 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/11 17:36:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/09 18:08:53 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/09 18:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\GooredFix Backups
[2010/04/09 18:07:11 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\ManMeat\Desktop\GooredFix.exe
[2010/04/08 20:48:59 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
[2010/04/05 14:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\kylqjvsnf
[2010/04/05 00:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\gmer
[2010/04/04 23:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/04/04 23:38:23 | 005,918,720 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\ManMeat\Desktop\setup.exe
[2010/04/04 22:50:17 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/04/04 21:46:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/04/04 21:26:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/04 21:26:52 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/04 21:26:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/04 21:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/03 19:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\ewqnjblgf
[2010/04/02 21:51:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\utorrent downloads
[2010/04/02 20:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Application Data\Avira
[2010/04/02 20:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2010/04/02 20:02:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/02 20:00:13 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/04/02 20:00:12 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/04/02 20:00:12 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/04/02 20:00:12 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/04/02 20:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/04/02 20:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/04/02 19:25:38 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/03/12 15:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\ManMeat\Desktop\Homework 12-03-10
[2010/03/11 06:00:02 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010/03/10 22:19:06 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/01/14 00:07:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/05/27 23:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/30 19:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/11/22 20:48:05 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.sys
[2008/10/11 20:07:17 | 000,160,640 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347bus.sys
[2008/10/11 20:07:17 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\a347scsi.sys
[2007/04/09 12:32:58 | 000,034,816 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[7 C:\Documents and Settings\ManMeat\Desktop\*.tmp files -> C:\Documents and Settings\ManMeat\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/09 18:11:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 18:11:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/09 18:10:43 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\ManMeat\NTUSER.DAT
[2010/04/09 18:10:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\ManMeat\ntuser.ini
[2010/04/09 18:07:08 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\ManMeat\Desktop\GooredFix.exe
[2010/04/08 20:49:01 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\ManMeat\Desktop\OTL.exe
[2010/04/05 14:54:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 14:54:04 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 01:42:16 | 001,568,656 | -H-- | M] () -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\IconCache.db
[2010/04/05 00:13:56 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\gmer.zip
[2010/04/05 00:09:23 | 001,440,054 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Instrictions for DDS.bmp
[2010/04/05 00:06:39 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\dds.scr
[2010/04/05 00:05:35 | 000,000,054 | ---- | M] () -- C:\Documents and Settings\ManMeat\defogger_reenable
[2010/04/05 00:05:01 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Defogger.exe
[2010/04/04 23:43:55 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/04 23:38:30 | 005,918,720 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\ManMeat\Desktop\setup.exe
[2010/04/04 23:15:10 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-20051102}.CDF
[2010/04/04 23:15:10 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000000-00001102-00000004-20051102}.BAK
[2010/04/04 23:13:33 | 000,002,972 | ---- | M] () -- C:\WINDOWS\Wzapikufevorid.dat
[2010/04/04 23:10:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 22:54:01 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\rkill.com
[2010/04/04 22:49:20 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/04 22:49:20 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000000-00001102-00000004-20051102}.rfx
[2010/04/03 18:48:03 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/03 13:00:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Inafeq.bin
[2010/04/02 22:46:36 | 000,110,930 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Laeticia_Tour-De-Prague_WATCH4BEAUTY.jpg
[2010/04/02 22:46:21 | 000,179,363 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\BluEyedCass_amazing-legs.jpg
[2010/04/02 20:00:27 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/30 09:20:31 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\- Downloads 30-3-10.doc
[2010/03/30 08:35:15 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/30 08:35:15 | 000,433,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/30 08:35:15 | 000,067,768 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/30 02:10:23 | 000,024,929 | ---- | M] () -- C:\WINDOWS\Sysvxd.exe
[2010/03/30 00:44:50 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\Spike Jonze – Im Here.doc
[2010/03/29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 00:18:43 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\films 24-3-10.doc
[2010/03/23 14:23:10 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\James Brown Detailed artist information.doc
[2010/03/23 12:07:10 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\ManMeat\default.pls
[2010/03/12 16:35:16 | 000,283,136 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\law - Download.doc
[2010/03/11 13:38:54 | 001,168,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2010/03/11 13:38:54 | 000,832,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2010/03/11 13:38:54 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2010/03/11 13:38:53 | 003,599,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2010/03/11 13:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2010/03/11 13:38:53 | 000,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2010/03/11 13:38:53 | 000,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2010/03/11 13:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2010/03/11 13:38:53 | 000,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/03/11 13:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2010/03/11 13:38:53 | 000,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2010/03/11 13:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2010/03/11 13:38:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2010/03/11 13:38:53 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2010/03/11 13:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2010/03/11 13:38:53 | 000,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/03/11 13:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2010/03/11 13:38:53 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2010/03/11 13:38:52 | 006,067,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010/03/11 13:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/11 13:38:52 | 001,830,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2010/03/11 13:38:52 | 000,268,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/03/11 13:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2010/03/11 13:38:52 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2010/03/11 13:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/03/11 13:38:52 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2010/03/11 13:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2010/03/11 13:38:52 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2010/03/11 13:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2010/03/11 13:38:52 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2010/03/11 13:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2010/03/11 13:38:51 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2010/03/11 13:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2010/03/11 13:38:51 | 000,380,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2010/03/11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2010/03/11 13:38:51 | 000,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2010/03/11 13:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2010/03/11 13:38:51 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2010/03/11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2010/03/11 13:38:51 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2010/03/11 13:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2010/03/11 13:38:51 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2010/03/11 13:38:51 | 000,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2010/03/11 13:38:51 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2010/03/11 13:38:51 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2010/03/11 13:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2010/03/11 13:38:51 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2010/03/11 06:03:15 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio virus.doc
[2010/03/11 06:01:46 | 000,111,104 | ---- | M] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio search.doc
[2010/03/11 04:02:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[7 C:\Documents and Settings\ManMeat\Desktop\*.tmp files -> C:\Documents and Settings\ManMeat\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/05 14:54:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/05 01:41:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/05 00:10:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\gmer.zip
[2010/04/05 00:09:22 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Instrictions for DDS.bmp
[2010/04/05 00:06:38 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\dds.scr
[2010/04/05 00:05:34 | 000,000,054 | ---- | C] () -- C:\Documents and Settings\ManMeat\defogger_reenable
[2010/04/05 00:05:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Defogger.exe
[2010/04/04 22:54:00 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\rkill.com
[2010/04/04 21:26:56 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/02 22:46:35 | 000,110,930 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Laeticia_Tour-De-Prague_WATCH4BEAUTY.jpg
[2010/04/02 22:46:21 | 000,179,363 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\BluEyedCass_amazing-legs.jpg
[2010/04/02 20:00:27 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2010/03/30 09:20:30 | 000,125,952 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\- Downloads 30-3-10.doc
[2010/03/30 00:44:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\Spike Jonze – Im Here.doc
[2010/03/25 00:18:43 | 000,025,600 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\films 24-3-10.doc
[2010/03/23 14:23:09 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\James Brown Detailed artist information.doc
[2010/03/12 14:36:36 | 000,283,136 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\law - Download.doc
[2010/03/11 12:40:19 | 000,024,929 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2010/03/11 06:03:44 | 000,002,972 | ---- | C] () -- C:\WINDOWS\Wzapikufevorid.dat
[2010/03/11 06:03:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Inafeq.bin
[2010/03/11 06:02:52 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio virus.doc
[2010/03/11 06:01:46 | 000,111,104 | ---- | C] () -- C:\Documents and Settings\ManMeat\Desktop\internet radio search.doc
[2010/01/18 23:11:00 | 000,007,224 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/01/13 23:20:21 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2010/01/13 23:20:21 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2009/12/27 12:19:43 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2009/09/07 22:12:04 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\ManMeat\default.pls
[2008/11/22 20:48:29 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\vso_ts_preview.xml
[2008/11/22 20:48:14 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.log
[2008/11/22 20:48:05 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\inst.exe
[2008/11/22 20:48:05 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.cat
[2008/11/22 20:48:05 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\ManMeat\Application Data\pcouffin.inf
[2008/10/11 21:43:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/10/11 21:43:28 | 000,193,536 | ---- | C] () -- C:\Documents and Settings\ManMeat\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/11 20:28:28 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/10/11 20:21:46 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/10/11 19:59:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/11 19:35:59 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/10/11 18:47:53 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\ManMeat\ntuser.ini
[2008/10/11 18:47:52 | 000,507,904 | -H-- | C] () -- C:\Documents and Settings\ManMeat\ntuser.dat.LOG
[2008/10/11 18:47:51 | 006,553,600 | -H-- | C] () -- C:\Documents and Settings\ManMeat\NTUSER.DAT
[2007/04/12 08:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll
[2007/04/09 12:55:14 | 000,097,785 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2007/04/09 12:55:14 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2007/04/09 12:33:50 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/10/02 09:25:18 | 000,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/06/16 10:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/23 15:11:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll
< End of report >

Permalink: analisis/74bd7a4d90534a25f73b253c4cd21d8886b4c9d83c05a609f2bce91dfc3caf5c-1270696410

Thanks again,

Cheryl


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 09 April 2010 - 01:27 PM

The virustotal link is not valid, can you either do it again and post the new link or just let me know if any scanners
detected it as bad, thanks.


With Malwarebytes try renaming mbam.exe to syler.exe then try and run it and post the log if it runs.


Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe
  • Copy and paste the contents of mbr.log on your next reply.

unite.jpg


#7 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 11 April 2010 - 10:31 AM

Hi

This is the information i got from virustotal

File wc98pp.dll received on 2010.04.11 15:18:04 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/39 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 46 and 66 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.5.0.50 2010.04.11 -
AhnLab-V3 5.0.0.2 2010.04.10 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.11 -
Avast 4.8.1351.0 2010.04.11 -
Avast5 5.0.332.0 2010.04.11 -
AVG 9.0.0.787 2010.04.11 -
BitDefender 7.2 2010.04.11 -
CAT-QuickHeal 10.00 2010.04.10 -
ClamAV 0.96.0.3-git 2010.04.11 -
Comodo 4569 2010.04.11 -
DrWeb 5.0.2.03300 2010.04.11 -
eSafe 7.0.17.0 2010.04.11 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.11 -
F-Secure 9.0.15370.0 2010.04.11 -
Fortinet 4.0.14.0 2010.04.10 -
GData 19 2010.04.11 -
Ikarus T3.1.1.80.0 2010.04.11 -
Jiangmin 13.0.900 2010.04.11 -
Kaspersky 7.0.0.125 2010.04.11 -
McAfee-GW-Edition 6.8.5 2010.04.11 -
Microsoft 1.5605 2010.04.11 -
NOD32 5017 2010.04.11 -
Norman 6.04.11 2010.04.10 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.11 -
PCTools 7.0.3.5 2010.04.11 -
Prevx 3.0 2010.04.11 -
Rising 22.42.06.04 2010.04.11 -
Sophos 4.52.0 2010.04.11 -
Sunbelt 6163 2010.04.11 -
Symantec 20091.2.0.41 2010.04.11 -
TheHacker 6.5.2.0.259 2010.04.11 -
TrendMicro 9.120.0.1004 2010.04.11 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.10.2270 2010.04.10 -
VirusBuster 5.0.27.0 2010.04.11 -
Additional information
File size: 51712 bytes
MD5...: 01ce67a8b8f546986309c28d4594d29c
SHA1..: c375555e487481ba317af381d8f8524ab20defb0
SHA256: 74bd7a4d90534a25f73b253c4cd21d8886b4c9d83c05a609f2bce91dfc3caf5c
ssdeep: 768:nVXqYKk3DTHtNSIwdzav+VFD/m0pXaMeB8HnlCIPiQhrKVKQgJGjWPhQX:VX
qYKiHtAmv+VFJhe8lPPiSrK3jWPCX

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xa874
timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
machinetype.......: 0x14c (I386)

( 7 sections )
name viradd virsiz rawdsiz ntrpy md5
CODE 0x1000 0x98a0 0x9a00 6.43 1bf0329ed761c1055043968293828bdf
DATA 0xb000 0x2fc 0x400 2.88 bf9ea9b2d7426fd90a2d2be3187e1a75
BSS 0xc000 0x601 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.idata 0xd000 0x73a 0x800 4.26 d72389ce58a2b24f0426683ae6e933f1
.edata 0xe000 0xb5 0x200 1.96 f235d704ce9c686fd69023d4d0cceade
.reloc 0xf000 0xc88 0xe00 6.27 52cdb2a06136a086038bf2dcff590205
.rsrc 0x10000 0x1000 0x1000 3.37 ac75f753b345a3adb7204c3d914ca304

( 7 imports )
> kernel32.dll: DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpyA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCommandLineA, FreeLibrary, ExitProcess, WriteFile, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
> user32.dll: GetKeyboardType, LoadStringA, MessageBoxA
> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
> oleaut32.dll: VariantChangeTypeEx, VariantCopyInd, VariantClear, SysStringLen, SysFreeString, SysAllocStringLen
> kernel32.dll: TlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc, GetModuleFileNameA
> kernel32.dll: WriteFile, VirtualQuery, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReadFile, OpenFileMappingA, MapViewOfFile, GetVersionExA, GetThreadLocale, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, FormatMessageA, EnumCalendarInfoA, CreateFileA, CompareStringA, CloseHandle
> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics

( 5 exports )
DllCanUnloadNow, DllGetClassObject, DllMain, DllRegisterServer, DllUnregisterServer

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (58.3%)
Win16/32 Executable Delphi generic (14.1%)
Generic Win/DOS Executable (13.7%)
DOS Executable Generic (13.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned


and also from Jotti:


Jotti's malware scan
Filename: wc98pp.dll
Status: Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Sun 11 Apr 2010 17:23:25 (CET) Permalink



--------------------------------------------------------------------------------
Additional info
File size: 51712 bytes
Filetype: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
MD5: 01ce67a8b8f546986309c28d4594d29c
SHA1: c375555e487481ba317af381d8f8524ab20defb0







Scanners
2010-04-11 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-11 Found nothing
2010-04-09 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-09 Found nothing
2010-04-06 Found nothing 2010-04-11 Found nothing
2010-04-11 Found nothing 2010-04-08 Found nothing
2010-04-10 Found nothing 2010-04-11 Found nothing



--------------------------------------------------------------------------------




Scan a file - Hash search - Frequently Asked Questions - Privacy policy

© 2004-2010 Jotti <jotti@jotti.org>


As for malware bytes I tried renaming the file to syler.exe and running it but still no luck.

MBR Log is as follows:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x872E41F3]<<
kernel: MBR read successfully
BIOS signateure not found


Look forward to your reply.

Cheryl


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 11 April 2010 - 01:06 PM

Please see this topic and follow the instructions to disable your CD Emulation programs using DeFogger.

Once you have done that please run the MBR Rootkit Scan again and post the new log.

Thanks

unite.jpg


#9 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 15 April 2010 - 11:37 AM

Hi

I already disabled cd emulation using defogger as per log below:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:05 on 05/04/2010 (ManMeat)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
a347bus -> Disabled (Service running -> reboot required)
a347scsi -> Disabled (Service running -> reboot required)
Unable to read atapi.sys

Here is new log for defogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:36 on 15/04/2010 (ManMeat)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
a347bus -> Already disabled
a347scsi -> Already disabled


-=E.O.F=-

MBR Log below:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe >>UNKNOWN [0x872E32B3]<<
kernel: MBR read successfully
BIOS signateure not found

Thanks

Cheryl



#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 15 April 2010 - 01:35 PM

Hi Cheryl,
  1. Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  2. Disconnect from the Internet and close all running programs, as this process may crash your computer.
  3. Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  4. Double click on Gmer to run it.
  5. Allow the gmer.sys driver to load if asked.
  6. You may see a rootkit warning window, If you do, click No.
  7. Untick the following boxes on the right side of the Gmer screen.
    Show All
  8. Click on and wait for the scan to finish.
  9. If you see a rootkit warning window, click OK.
  10. Push and save the logfile to your desktop.
  11. Copy and Paste the contents of that file in your next post.

Edited by syler, 15 April 2010 - 01:36 PM.

unite.jpg


#11 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 16 April 2010 - 02:08 PM

Hi

Here is the gmer log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-16 20:07:44
Windows 5.1.2600 Service Pack 3
Running: g3en24j2.exe; Driver: C:\DOCUME~1\ManMeat\LOCALS~1\Temp\fxtdipow.sys


---- System - GMER 1.0.15 ----

Code 87317E10 ZwEnumerateKey
Code 8736D310 ZwFlushInstructionCache
Code 8737129E IofCallDriver
Code 8738072E IofCompleteRequest
Code 8734D1BD ZwSaveKey
Code 8737E825 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKey 804DD6E8 5 Bytes JMP 8734D1C2
.text ntoskrnl.exe!ZwSaveKeyEx 804DD6FC 5 Bytes JMP 8737E82A
.text ntoskrnl.exe!IofCallDriver 804E37D5 5 Bytes JMP 873712A3
.text ntoskrnl.exe!IofCompleteRequest 804E3C06 5 Bytes JMP 87380733
PAGE ntoskrnl.exe!ZwFlushInstructionCache 8056E42A 5 Bytes JMP 8736D314
PAGE ntoskrnl.exe!ZwEnumerateKey 805735A4 5 Bytes JMP 87317E14

---- User code sections - GMER 1.0.15 ----

.text C:\Documents and Settings\ManMeat\Desktop\g3en24j2.exe[204] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00E7000A
.text C:\Documents and Settings\ManMeat\Desktop\g3en24j2.exe[204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00E8000A
.text C:\WINDOWS\system32\winlogon.exe[452] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\winlogon.exe[452] ntdll.dll!LdrUnloadDll 7C91738B 3 Bytes JMP 0092000A
.text C:\WINDOWS\system32\winlogon.exe[452] ntdll.dll!LdrUnloadDll + 4 7C91738F 1 Byte [84]
.text C:\WINDOWS\system32\services.exe[500] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A1000A
.text C:\WINDOWS\system32\services.exe[500] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00A2000A
.text C:\WINDOWS\system32\lsass.exe[512] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00A9000A
.text C:\WINDOWS\system32\lsass.exe[512] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00AC000A
.text C:\WINDOWS\Explorer.EXE[1280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D9000A
.text C:\WINDOWS\Explorer.EXE[1280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00DA000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00EC000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00ED000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E1DF4B9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E352046 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E351FC7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E35200B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E351F53 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E351F8D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!DialogBoxIndirectParamA 7E456D7D 1 Byte [E9]
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E352081 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E2017EA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E352243 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] WININET.dll!HttpAddRequestHeadersA 3D94632F 5 Bytes JMP 00F8000A
.text C:\Program Files\Internet Explorer\Iexplore.exe[1324] WININET.dll!HttpAddRequestHeadersW 3D9AA4C5 5 Bytes JMP 0107000A
.text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00D2000A
.text C:\WINDOWS\system32\ctfmon.exe[1408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00D3000A

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACimpqqnxvvw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACimpqqnxvvw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACimpqqnxvvw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwutpkdmqow.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACksnmlypoff.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACqhyihipjxj.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACixjrubrdfd.db
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACrdqbdnrrxe.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACnqmovycukt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsoajrmqfvm.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACimpqqnxvvw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACimpqqnxvvw.sys
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACwutpkdmqow.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACksnmlypoff.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACqhyihipjxj.dat
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmal \\?\globalroot\systemroot\system32\UACixjrubrdfd.db
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacrem \\?\globalroot\systemroot\system32\UACrdqbdnrrxe.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACnqmovycukt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACsoajrmqfvm.dll

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\ManMeat\Local Settings\Temp\UACf7e.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACimpqqnxvvw.sys 54784 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\uacinit.dll 19585 bytes
File C:\WINDOWS\system32\UACixjrubrdfd.db 1110399 bytes
File C:\WINDOWS\system32\UACksnmlypoff.dll 74240 bytes executable
File C:\WINDOWS\system32\UACnqmovycukt.dll 18432 bytes executable
File C:\WINDOWS\system32\UACqhyihipjxj.dat 310 bytes
File C:\WINDOWS\system32\UACrdqbdnrrxe.dll 30208 bytes executable
File C:\WINDOWS\system32\UACsoajrmqfvm.dll 20480 bytes executable
File C:\WINDOWS\system32\UACwutpkdmqow.dll 26624 bytes executable
File C:\WINDOWS\Temp\UAC1188.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UAC2b10.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UAC32f2.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UAC555a.tmp 8192 bytes executable
File C:\WINDOWS\Temp\UAC6457.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UAC693e.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UAC7460.tmp 57344 bytes executable
File C:\WINDOWS\Temp\UAC858c.tmp 12288 bytes
File C:\WINDOWS\Temp\UAC8cc8.tmp 4096 bytes executable
File C:\WINDOWS\Temp\UACd6f7.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UACd8fa.tmp 32768 bytes executable
File C:\WINDOWS\Temp\UACe466.tmp 40960 bytes executable
File C:\WINDOWS\Temp\UACeb4a.tmp 74240 bytes executable
File C:\WINDOWS\Temp\UACbb6b.tmp 4096 bytes executable

---- EOF - GMER 1.0.15 ----

Thanks

Cheryl

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 16 April 2010 - 02:24 PM

Hello,

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#13 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 16 April 2010 - 02:56 PM

Hi

I have downloaded combofix using both links and it will not allow me to open the programme. I also can't seem to disable my antivirus anyway as there is no options for this, not sure if this has to do with being on safe mode with networking.

Please help!

Thanks

Cheryl

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:03:09 PM

Posted 17 April 2010 - 05:29 AM

Hi please try running any tool in normal mode, if you can't do this let me know first. You can find instructions on disabling your AV here. Before running combofix, rename combofix.exe to syler.exe then try and run it in normal mode.

Thanks

unite.jpg


#15 cherylmcl

cherylmcl
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:09 PM

Posted 17 April 2010 - 06:46 AM

Hi

I managed to open combofix on normal mode. Here is the log below:

ComboFix 10-04-15.05 - ManMeat 17/04/2010 12:26:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.659 [GMT 1:00]
Running from: c:\documents and settings\ManMeat\Desktop\syler.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\ManMeat\Application Data\inst.exe
c:\windows\run.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\UACimpqqnxvvw.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\uacinit.dll
c:\windows\system32\UACixjrubrdfd.db
c:\windows\system32\UACksnmlypoff.dll
c:\windows\system32\UACnqmovycukt.dll
c:\windows\system32\UACqhyihipjxj.dat
c:\windows\system32\UACrdqbdnrrxe.dll
c:\windows\system32\UACsoajrmqfvm.dll
c:\windows\system32\UACwutpkdmqow.dll
c:\windows\Sysvxd.exe
c:\windows\wc98pp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.

2010-04-17 11:35 . 2010-04-17 11:35 -------- d-----w- C:\found.000
2010-04-09 17:08 . 2010-04-09 17:08 -------- d-----w- C:\_OTL
2010-04-05 13:56 . 2010-04-09 17:08 -------- d-----w- c:\documents and settings\ManMeat\Local Settings\Application Data\kylqjvsnf
2010-04-05 13:54 . 2010-04-05 13:54 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-05 00:41 . 2010-04-05 13:54 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-04 22:52 . 2010-04-04 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 20:26 . 2010-03-29 23:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-04 20:26 . 2010-04-11 15:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-04 20:26 . 2010-04-04 20:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-04 20:26 . 2010-03-29 23:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-03 18:06 . 2010-04-09 17:08 -------- d-----w- c:\documents and settings\ManMeat\Local Settings\Application Data\ewqnjblgf
2010-04-02 19:11 . 2010-04-02 19:11 -------- d-----w- c:\documents and settings\ManMeat\Application Data\Avira
2010-04-02 19:07 . 2010-04-02 19:07 -------- d-----w- c:\program files\Enigma Software Group
2010-04-02 19:02 . 2010-04-02 19:15 -------- d-----w- c:\windows\system32\NtmsData
2010-04-02 19:00 . 2010-04-02 19:00 -------- d-----w- c:\program files\Avira
2010-04-02 19:00 . 2010-04-02 19:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-04-02 19:00 . 2010-03-01 08:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-04-02 19:00 . 2009-05-11 10:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-04-02 19:00 . 2009-05-11 10:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-04-02 18:25 . 2010-02-16 12:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-04 22:13 . 2010-03-11 05:03 2972 ----a-w- c:\windows\Wzapikufevorid.dat
2010-04-04 20:20 . 2008-10-30 23:00 -------- d-----w- c:\documents and settings\ManMeat\Application Data\uTorrent
2010-04-03 12:00 . 2010-03-11 05:03 0 ----a-w- c:\windows\Inafeq.bin
2010-03-12 12:08 . 2008-10-30 23:00 -------- d-----w- c:\program files\uTorrent
2010-03-11 12:38 . 2004-08-03 23:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll
2010-02-19 15:16 . 2010-02-19 15:16 -------- d-----w- c:\documents and settings\ManMeat\Application Data\ID3-TagIT 3
2010-02-19 15:15 . 2008-10-11 18:31 -------- d-----w- c:\program files\ID3-TagIT 3
2010-02-19 15:15 . 2008-10-11 18:31 -------- d-----w- c:\documents and settings\All Users\Application Data\ID3-TagIT 3
2010-01-21 17:26 . 2010-02-14 17:07 52224 ----a-w- c:\documents and settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
2010-01-21 17:26 . 2010-02-14 17:07 101376 ----a-w- c:\documents and settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]
2009-12-31 11:53 2349080 ----a-w- c:\program files\DVDVideoSoft\tbDVDV.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}"= "c:\program files\DVDVideoSoft\tbDVDV.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"CTHelper"="CTHELPER.EXE" [2007-04-09 19456]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 19968]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-10-11 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [02/04/2010 20:00 135336]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [11/10/2008 20:07 160640]
S4 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [11/10/2008 20:07 5248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
FF - ProfilePath - c:\documents and settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\ManMeat\Application Data\Mozilla\Firefox\Profiles\roxn1p9h.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-17 12:39
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x865F6760]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf75e6f28
\Driver\ACPI -> 0x865f6760
\Driver\atapi -> atapi.sys @ 0xf73eb852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> 0x8648b690
PacketIndicateHandler -> NDIS.sys @ 0xf7304a21
SendHandler -> NDIS.sys @ 0xf72f8d44
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 0x0E4F8121
malicious code @ sector 0x0E4F8124 !
PE file found in sector at 0x0E4F813A !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3028)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-04-17 12:44:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 11:44

Pre-Run: 10,250,924,032 bytes free
Post-Run: 10,132,414,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - F4E2808D7811C24322A56943B8370432

Thanks

Cheryl




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users