Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible pdfupd infection


  • This topic is locked This topic is locked
18 replies to this topic

#1 vince29

vince29

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 07 April 2010 - 02:13 PM

hi
i have started to receive some conflicting virus alerts from norton av., i suspect i have trouble but do not know the nature of it any help would be greatfully appreciated. i have copied & pasted all reports that may help you from both malwarebytes & norton
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3963

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07/04/2010 19:10:18
mbam-log-2010-04-07 (19-10-18).txt

Scan type: Full scan (C:\|)
Objects scanned: 237556
Time elapsed: 1 hour(s), 35 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GXTHLPX7\update[1].exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\pdfupd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:27, on 07/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Bug Shooting\BugShooting.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nottinghamforest.co.uk/page/Home/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [DLBUCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - https://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} (pmpeg4cam Class) - http://146.101.138.189/MpegInst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4F27770-931E-4811-B3EB-2EFA7C30F454}: NameServer = 212.139.132.27 212.139.132.26
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbu_device - Dell - C:\WINDOWS\system32\dlbucoms.exe
O23 - Service: Google Update Service (gupdate1c9b6996b5e79d8) (gupdate1c9b6996b5e79d8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11352 bytes
norton items dates very old but norton now displays them as current
Category: Unresolved Security Risks
Date & Time,Risk,Activity,Status,Recommended Action
29/12/2009 15:53,High,keygen.exe (Trojan Horse) detected by Virus scanner,Attention Required,Eject the CD or DVD from D:\ then remove the security risk
29/12/2009 15:52,High,rorwp424.exe (Backdoor.FTP_Ana.C) detected by Virus scanner,Attention Required,Eject the CD or DVD from D:\ then remove the security risk
29/12/2009 15:52,High,wpa_kill.exe (Trojan Horse) detected by Virus scanner,Attention Required,Eject the CD or DVD from D:\ then remove the security risk
29/12/2009 15:52,High,winxp_crk.exe (Trojan Horse) detected by Virus scanner,Attention Required,Eject the CD or DVD from D:\ then remove the security risk


these items have started popping up as well
Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action
07/04/2010 17:49,High,19196e3a-624aaafe (Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action
06/04/2010 21:32,High,wrxnasmoec.tmp (wrxnasmoec.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,asrmoxcenw.tmp (asrmoxcenw.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,cwnersmaox.tmp (cwnersmaox.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,crnoameswx.tmp (crnoameswx.tmp) detected by SONAR,Quarantined,Resolved - No Action
07/04/2010 17:49,High,19196e3a-624aaafe (Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action
06/04/2010 21:32,High,wrxnasmoec.tmp (wrxnasmoec.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,asrmoxcenw.tmp (asrmoxcenw.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,cwnersmaox.tmp (cwnersmaox.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,crnoameswx.tmp (crnoameswx.tmp) detected by SONAR,Quarantined,Resolved - No Action


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 10 April 2010 - 09:43 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 11 April 2010 - 05:59 AM

hi thanks for your reply
due to work commitments i will not be able to action your instructions for a day or so please be patient i will get back to you asap

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 11 April 2010 - 08:00 AM

ok, I'll look in a day or two. thanks for letting me know.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 12 April 2010 - 11:10 AM

sorry for the delay i hope to have the scans ready by wednesday, (shift work is not a good time keeper)i appreciate that this may cause you some inconvenince but i do still need help

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 12 April 2010 - 10:57 PM

ok, i'll keep the thread open.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 13 April 2010 - 12:25 PM

Hi
pleases find the requested scans attached the poblem i have had since friday last week norton kept notifying me of high risk attacks every couple of minuets.
this stopped after a full system malwarebytes scan, that found the following Files Infected:
C:\Documents and Settings\vince\Local Settings\Temp\ornacxemws.tmp (Trojan.Fraudpack) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.45
the next problem to occur was that on the sunday my internet wan & ip settings were changed to a new connection that allows remote access i ran a scan again with this result Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP105\A0072501.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
i have since run scans which are not showing an infection but i am attaching a sample of the norton reports that show constant attempts to connect.

I also run on occassions a programme called shieldsup which scans the first 1500 ports of the computer this normaly shows me a full stealth mode but this time it showed two ports closed so vunerable.the details given for the first port was trojan mini command,the second was a dns stealer.I appreciate that you have a lot of info here to look at & so it may take sometime.



OTL logfile created on: 11/04/2010 11:55:49 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\vince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 105.50 Gb Free Space | 72.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCE
Current User Name: vince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2010/01/20 19:36:00 | 002,977,792 | ---- | M] (Alexej Hirsch) -- C:\Program Files\Bug Shooting\BugShooting.exe
PRC - [2010/01/08 23:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/10/10 22:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/18 09:32:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe
PRC - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/06/19 10:07:38 | 000,333,960 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/19 10:42:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
MOD - [2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SYSTEM32\kmon.dll
MOD - [2010/03/27 00:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2010/02/10 20:12:08 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/18 09:35:36 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/09/18 09:33:17 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp71.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/06/17 16:44:25 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll
MOD - [2008/07/04 17:58:18 | 000,062,776 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2010/01/08 23:28:52 | 000,103,280 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlusŪ
SRV - [2009/08/24 23:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.2.543\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/25 22:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottinghamforest.co.uk/page/Welcome
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions
[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/03/06 19:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/09/07 09:18:26 | 000,000,789 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Rising PC Doctor) - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\SYSTEM32\UrlFilter.dll (Beijing Rising Information Technology Co., Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bug Shooting.lnk = C:\Program Files\Bug Shooting\BugShooting.exe (Alexej Hirsch)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...9687.3877314815 (Reg Error: Value error.)
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab (Rising Online Antivirus scanner control)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://146.101.138.189/MpegInst.cab (pmpeg4cam Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kmon.dll) - C:\WINDOWS\System32\kmon.dll (Beijing Rising Information Technology Co., Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {51C55F9E-C308-4c95-89AB-8858D8AFD819} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{56a61af6-37f9-11dd-b1ac-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{6c970336-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{6c970337-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (KKNative.exe) - C:\WINDOWS\System32\kknative.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2005/06/08 22:07:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "RoxLiveShare9"
MsConfig - Services: "RichVideo"
MsConfig - Services: "gusvc"
MsConfig - Services: "WSearch"
MsConfig - Services: "CiSvc"
MsConfig - StartUpReg: MediaFace Integration - hkey= - key= - C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)
MsConfig - StartUpReg: P17Helper - hkey= - key= - File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\SYSTEM32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\SYSTEM32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\TSSOFT32.ACM (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\IR32_32.DLL ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: wave2 - C:\WINDOWS\System32\SERWVDRV.DLL (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69256399187607552)

========== Files/Folders - Created Within 14 Days ==========

[2010/04/11 11:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Exterminate It!
[2010/04/11 10:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Local Settings\Application Data\Tific
[2010/04/11 10:20:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup
[2010/04/11 10:20:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.21F
[2010/04/11 10:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2010/04/11 10:19:20 | 011,863,248 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\vince\Desktop\PCCheckupInstaller.exe
[2010/04/10 10:36:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vince\Recent
[2010/04/10 08:46:29 | 000,000,000 | ---D | C] -- C:\86b8ead3c49cd40c6de3d67bf8bf9d
[2010/04/08 19:27:23 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010/04/08 15:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/04/08 15:29:36 | 000,637,592 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:29:36 | 000,100,976 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:29:36 | 000,096,880 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:29:36 | 000,015,776 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 15:29:12 | 000,000,000 | ---D | C] -- C:\Program Files\Rising
[2010/04/08 08:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Application Data\Tific
[2010/04/07 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 15:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 22:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 21:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2010/04/01 16:14:07 | 000,000,000 | ---D | C] -- C:\KU990i
[2010/04/01 16:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/04/01 16:11:35 | 000,251,840 | ---- | C] (LG Electronics) -- C:\Documents and Settings\vince\Desktop\B2CAppSetup.exe
[2010/02/12 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/06/15 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/05 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 12:31:48 | 000,237,568 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinsr.dll
[2009/04/09 12:31:48 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuins.dll
[2009/03/31 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/20 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/21 14:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2008/07/04 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/05/06 15:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/20 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 14 Days ==========

[2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/11 11:33:31 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
[2010/04/11 11:24:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/11 11:16:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/11 11:15:59 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/11 11:15:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/11 11:15:30 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/11 11:14:01 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vince\NTUSER.INI
[2010/04/11 11:14:00 | 008,912,896 | ---- | M] () -- C:\Documents and Settings\vince\ntuser.dat
[2010/04/11 11:13:53 | 017,711,548 | -H-- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\IconCache.db
[2010/04/11 10:20:31 | 000,001,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/04/11 10:19:46 | 011,863,248 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\vince\Desktop\PCCheckupInstaller.exe
[2010/04/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/10 17:47:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/04/10 14:43:51 | 000,001,543 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/04/10 12:58:13 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/04/10 12:58:13 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2010/04/10 10:37:03 | 000,026,996 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/10 08:54:52 | 000,702,476 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/10 08:21:21 | 000,000,084 | ---- | M] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/09 18:31:12 | 000,000,946 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/04/08 21:58:26 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bug Shooting.lnk
[2010/04/08 19:31:37 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 19:27:31 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\YouTube Downloader.lnk
[2010/04/08 17:03:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\user.ini
[2010/04/08 15:28:50 | 000,100,976 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:28:49 | 000,096,880 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:28:49 | 000,015,776 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 10:50:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:23 | 000,180,104 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 19:48:25 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Microsoft Office Word 2007.lnk
[2010/04/07 19:35:09 | 000,090,894 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\malware bytes.jpg
[2010/04/07 19:32:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\HijackThis.lnk
[2010/04/07 19:31:00 | 000,080,768 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\norton3.jpg
[2010/04/07 19:30:22 | 000,094,342 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\norton2.jpg
[2010/04/07 19:29:49 | 000,080,635 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\norton1.jpg
[2010/04/07 19:26:58 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/06 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/04/02 18:51:53 | 000,002,412 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 16:11:50 | 000,251,840 | ---- | M] (LG Electronics) -- C:\Documents and Settings\vince\Desktop\B2CAppSetup.exe
[2010/04/01 15:53:05 | 000,087,806 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/04/01 15:52:11 | 000,011,507 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.xlsx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 12:23:12 | 000,627,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 12:23:12 | 000,516,588 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/28 12:23:12 | 000,098,948 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Files Created - No Company Name ==========

[2010/04/11 11:32:25 | 000,000,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Exterminate It!.lnk
[2010/04/11 10:20:31 | 000,001,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton PC Checkup.lnk
[2010/04/11 10:20:05 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NortonPCCheckup\0200020.21F\isolate.ini
[2010/04/10 10:36:58 | 000,026,996 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/08 21:58:26 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bug Shooting.lnk
[2010/04/08 19:27:30 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\YouTube Downloader.lnk
[2010/04/08 17:03:42 | 000,000,049 | ---- | C] () -- C:\WINDOWS\user.ini
[2010/04/08 17:00:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 10:50:38 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:12 | 000,180,104 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 19:35:09 | 000,090,894 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\malware bytes.jpg
[2010/04/07 19:31:00 | 000,080,768 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\norton3.jpg
[2010/04/07 19:30:22 | 000,094,342 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\norton2.jpg
[2010/04/07 19:29:49 | 000,080,635 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\norton1.jpg
[2010/04/07 15:37:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/01 16:12:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/01 16:12:06 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:04 | 000,087,806 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/03/05 12:14:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/01/24 19:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/01/20 22:45:26 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\19720201.dat
[2010/01/20 22:45:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\art.udk
[2010/01/04 12:23:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2009/12/05 11:05:12 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\vince\CUSTOM.DICCUSTOM.DIC
[2009/10/02 09:42:58 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\vince\Mxcdr.ini
[2009/10/02 09:39:31 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Mxcdr.INI
[2009/09/14 16:50:53 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/07/29 15:34:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/07/29 15:26:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/07/29 15:23:26 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/17 19:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009/04/09 12:32:51 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2009/04/09 12:32:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2009/04/09 12:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2009/04/09 12:31:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2009/04/09 12:31:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2009/04/09 12:31:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2009/04/09 12:31:27 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2009/04/08 17:07:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\wklnhst.dat
[2009/03/11 10:51:27 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/01/24 10:02:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/01/24 10:02:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/01/24 10:02:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/01/24 10:02:09 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/20 10:29:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/20 10:29:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/20 10:29:36 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/20 10:29:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/20 10:29:28 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/11/22 17:15:52 | 008,912,896 | ---- | C] () -- C:\Documents and Settings\vince\ntuser.dat
[2008/10/09 08:26:45 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/09 08:26:45 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/09 08:26:45 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/09 08:26:45 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/24 16:06:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\AVSDVDPlayer.m3u
[2008/09/16 12:53:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/09/16 12:53:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/09/16 12:53:36 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2008/09/05 21:30:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\DMX.bmk
[2008/09/03 20:59:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/26 13:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/08/25 20:30:15 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/24 13:58:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\rx_image.Cache
[2008/08/24 08:55:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/06/25 22:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/25 22:39:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2008/06/22 13:46:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2008/05/29 16:34:31 | 000,009,245 | ---- | C] () -- C:\WINDOWS\boc426.ini
[2008/05/23 12:08:04 | 001,245,064 | ---- | C] () -- C:\Documents and Settings\vince\SymLCSVC.EXE
[2008/05/15 21:11:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/09 12:59:44 | 000,000,304 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 11:16:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 20:52:17 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\KBasic.ini
[2008/04/29 18:50:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 17:18:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\fusioncache.dat
[2008/04/27 14:49:06 | 000,169,984 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 20:44:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/04/19 11:57:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/19 09:05:02 | 000,000,946 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/04/19 09:03:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\vince\ntuser.dat.LOG
[2008/04/19 09:03:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\vince\NTUSER.INI
[2008/04/19 09:02:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2006/12/29 17:25:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/12/05 14:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 22:55:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 22:47:34 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 22:42:02 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/08 22:41:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/06/08 22:41:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/08 22:41:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/08 22:11:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/10 13:13:12 | 000,000,883 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/09/10 07:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 07:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 07:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 07:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 07:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 07:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 07:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 07:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 07:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 07:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 07:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 07:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 07:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 07:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 07:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 07:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 17:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 17:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/02/04 12:53:08 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[1999/10/25 10:53:58 | 000,001,543 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2009/07/01 21:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/02/27 20:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVSVideoBurner
[2010/04/08 21:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bug Shooting
[2009/12/27 14:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/06/14 08:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fellowes
[2010/03/04 21:53:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2009/02/07 21:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar
[2009/01/09 20:48:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2008/10/09 08:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo
[2010/02/25 18:03:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/11 12:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2009/01/09 20:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2010/04/01 16:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/07/29 15:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/02/04 17:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/12/10 23:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mushroom Age
[2010/03/17 11:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeGuardian
[2010/03/05 10:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/07/16 08:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
[2009/02/06 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/02/25 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/12/08 20:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/02/14 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PixelPlanet
[2008/12/15 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/12/11 18:50:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
[2010/04/08 15:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rising
[2009/03/07 10:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2009/08/25 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/01/24 10:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/19 20:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009/04/19 09:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2009/02/05 16:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2009/12/16 21:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sports Interactive
[2010/02/25 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/03/22 10:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/03 21:28:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
[2009/12/20 17:22:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/02/12 14:54:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2008/10/09 08:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/01/20 22:43:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\www.My-Software.co.uk
[2010/02/25 07:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Trusteer
[2009/06/20 12:34:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2008/12/10 17:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\7Wonders
[2010/02/25 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\BullGuard
[2008/12/12 18:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\EnchantedCavern
[2008/12/10 12:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\iWin
[2008/04/19 20:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\MyFamily.com
[2009/02/06 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Oberonv1001
[2008/12/15 18:54:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\PlayFirst
[2008/12/13 17:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\SecretIslandEng
[2008/04/19 16:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\SPAMfighter
[2010/02/25 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Spamihilator
[2010/02/12 14:56:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Trusteer
[2009/05/26 18:42:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Ulead Systems
[2009/01/09 19:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Uniblue
[2009/06/15 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Windows Desktop Search
[2009/06/20 12:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\Windows Search
[2008/07/04 17:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\WinPatrol
[2009/03/25 19:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\hazel\Application Data\wsInspector
[2010/02/12 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/02/16 20:31:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Alawar
[2010/02/03 10:21:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\AnvSoft
[2008/04/28 17:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Ashampoo
[2008/11/14 09:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Audacity
[2008/11/18 16:50:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\AVSMedia
[2009/03/01 12:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Broad Intelligence
[2010/02/08 19:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\CBS Interactive
[2009/12/22 20:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\com.princess.iq.PrincessWidget.95CF48669C469715948E799FD5617DB57BF9FCEB.1
[2009/03/11 10:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\DonationCoder
[2009/07/19 10:52:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\DriverCure
[2010/02/25 19:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\FreshDiagnose
[2009/02/05 09:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Games
[2009/04/01 07:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Graboid Inc
[2008/11/14 09:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\IEPro
[2010/02/25 19:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\IObit
[2009/03/17 19:42:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\KC Softwares
[2010/03/28 12:58:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\LimeWire
[2009/09/28 19:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Longfine Software
[2009/10/12 21:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\MAGIX
[2008/08/31 09:00:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\MyFamily.com
[2009/12/31 18:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Nvu
[2009/07/10 10:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Obsidium
[2008/11/17 20:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\PhotoWorks
[2010/04/01 18:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\PixelPlanet
[2008/12/09 07:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Pmcc
[2008/08/31 09:54:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Qtrax2
[2008/11/14 09:45:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\REAPER
[2008/04/21 09:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Serif
[2008/11/17 16:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Seven Zip
[2009/01/24 10:01:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Simply Super Software
[2009/10/03 20:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Skinux
[2008/11/14 09:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\SlipStream
[2010/02/14 19:37:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Smart PDF Converter Pro
[2008/04/19 16:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\SPAMfighter
[2009/08/10 18:08:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Sports Interactive
[2008/09/07 22:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Template
[2010/04/11 10:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Tific
[2009/12/20 17:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\TomTom
[2010/02/12 16:49:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Trusteer
[2009/08/31 11:02:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\TuneUp Software
[2008/10/01 17:34:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Ulead Systems
[2009/01/05 21:18:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Uniblue
[2009/06/15 08:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Windows Desktop Search
[2009/04/07 15:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Windows Live Writer
[2009/06/15 09:52:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Windows Search
[2008/11/16 17:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\WinPatrol
[2010/04/10 10:35:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\wsInspector
[2010/01/20 22:45:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\www.My-Software.co.uk
[2010/04/10 17:47:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\AWC Update.job
[2010/04/06 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\Pareto UNS.job
[2010/04/10 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2008/09/03 11:24:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2008/09/03 11:24:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2010/04/10 15:46:05 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DLLCACHE\agp440.sys
[2010/04/10 15:46:05 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2008/09/03 11:24:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2008/09/03 11:24:31 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\DLLCACHE\eventlog.dll
[2008/04/14 05:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\I386\EVENTLOG.DLL
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/17 05:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\SYSTEM32\DLLCACHE\netlogon.dll
[2008/04/17 05:50:11 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=06CF9EEDB7E827205C6948C9DAF56974 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2008/04/14 05:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\DLLCACHE\scecli.dll
[2008/04/14 05:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62197B73
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50823280
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93EB7685
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
< End of report >
OTL Extras logfile created on: 11/04/2010 11:55:49 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\vince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 105.50 Gb Free Space | 72.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCE
Current User Name: vince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe:*:Enabled:CyberLink PowerDVD -- (CyberLink Corp.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.4
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D3C662A-F6C6-4767-A788-7AA43A9A1317}" = ARTEuro
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 15
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A550F87-B414-11D6-B627-00E029396FF8}" = SageAcc
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8C52A46C-7961-4A81-AB4B-92CF65CB4772}_is1" = Sothink Web Video Downloader
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B00EBEC1-D693-4B4D-93BD-610EDBA9B0DF}" = G21942EN
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B468AE7B-C667-4073-BED8-EAD17D5EE08C}" = TL-WN321G Wireless Utility
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = ZyXEL G-202 Wireless Adapter Utility
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F20B086F-FB4B-4788-AAC2-AFABA378AD1E}" = SPAMfighter
"{F2F4C144-7D1A-47C4-9D53-395A57B0CD64}" = Family Tree Maker 2006
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AI RoboForm" = AI RoboForm (All Users)
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVIConverter" = AVIConverter 3.0
"AVS Mobile Uploader 1.9_is1" = AVS Mobile Uploader version 1.9
"AVS Update Manager_is1" = AVS Update Manager 1.0 (Update Version)
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video Editor 4_is1" = AVS Video Editor 4
"BBC iPlayer Download Manager" = BBC iPlayer Download Manager
"Bug Shooting" = Bug Shooting
"CCleaner" = CCleaner (remove only)
"Defraggler" = Defraggler
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"DellSupport" = Dell Support 5.0.0 (630)
"Device Control" = Device Control
"DVD Audio Extractor_is1" = DVD Audio Extractor 4.5.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy Screen Capture 2_is1" = Easy Screen Capture 2
"Easy Screen Recorder_is1" = Easy Screen Recorder 1.3
"EAXSet" = Creative EAX Settings
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Exterminate It!" = Exterminate It!
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"InstallShield_{41979C2F-34B8-4F92-8111-B13C5864682D}" = MediaFACE 4.01
"InstallShield_{5A550F87-B414-11D6-B627-00E029396FF8}" = Sage Accounts
"InstallShield_{82AF77BC-423D-42DA-BE5B-FFCA04752181}" = MediaFACE 4.01 Image Library
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"IntelŪ 537EP V9x DF PCI Modem" = IntelŪ 537EP V9x DF PCI Modem
"KeyScrambler" = KeyScrambler
"LimeWire" = LimeWire 5.5.6
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.4.2
"MAGIX Audio Cleaning Lab SE UK" = MAGIX Audio Cleaning Lab SE 9.0.2.0 (UK)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NortonPCCheckup" = Norton PC Checkup
"Picasa 3" = Picasa 3
"Rapport_msi" = Rapport
"RealPlayer 12.0" = RealPlayer
"RisingKaKa" = Rising PC Doctor
"Sage MIS 3.01" = Sage MIS 3.01
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.3.1
"SPAMfighter" = SPAMfighter
"SPEAKER" = Creative Speaker Settings
"Speccy" = Speccy
"Spell Checker For OE 2.1" = Spell Checker For OE 2.1
"TomTom HOME" = TomTom HOME 2.7.3.1894
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/04/2010 11:24:05 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

Error - 04/04/2010 04:24:05 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

Error - 04/04/2010 05:27:13 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

Error - 04/04/2010 13:24:05 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

Error - 06/04/2010 16:31:28 | Computer Name = VINCE | Source = Application Error | ID = 1000
Description = Faulting application ornacxemws.tmp, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000378c0.

Error - 07/04/2010 15:21:21 | Computer Name = VINCE | Source = MsiInstaller | ID = 11905
Description = Product: ESSgui -- Error 1905.Module C:\Program Files\Kodak\Kodak
EasyShare software\bin\ESCom.dll failed to unregister. HRESULT -2147220472. Contact
your support personnel.

Error - 08/04/2010 04:45:33 | Computer Name = VINCE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 4.1.249.1045, fault address 0x000030ef.

Error - 08/04/2010 04:45:58 | Computer Name = VINCE | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 4.1.249.1045, fault address 0x000030ef.

Error - 09/04/2010 09:24:43 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

Error - 11/04/2010 06:16:45 | Computer Name = VINCE | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 13/05/2008 11:37:31 | Computer Name = D9G77P1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 292
seconds with 120 seconds of active time. This session ended with a crash.

Error - 13/05/2008 11:37:52 | Computer Name = D9G77P1J | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.

Error - 30/04/2009 06:16:54 | Computer Name = VINCE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/04/2010 17:39:02 | Computer Name = VINCE | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume2'. It has stopped
monitoring the volume.

Error - 10/04/2010 17:40:33 | Computer Name = VINCE | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 10/04/2010 17:41:04 | Computer Name = VINCE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NIS service.

Error - 10/04/2010 17:41:34 | Computer Name = VINCE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ImapiService service.

Error - 10/04/2010 17:41:35 | Computer Name = VINCE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/04/2010 03:58:25 | Computer Name = VINCE | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 11/04/2010 04:20:29 | Computer Name = VINCE | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 11/04/2010 04:21:56 | Computer Name = VINCE | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.

Error - 11/04/2010 06:16:20 | Computer Name = VINCE | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 11/04/2010 06:17:52 | Computer Name = VINCE | Source = Service Control Manager | ID = 7022
Description = The KService service hung on starting.


< End of report >

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-13 18:01:06
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\vince\LOCALS~1\Temp\uxtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\agp440.sys entry point in ".rsrc" section [0xF7700814]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84]
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0092000A
.text C:\WINDOWS\system32\svchost.exe[580] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0090000C
.text C:\WINDOWS\Explorer.EXE[800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003A5910
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 003A5AB0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003A6200
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 003A5B80
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003A59E0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003A57A8
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A5D20
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A5C50
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 003A5DF0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 003A63A0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 003A6060
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 003A6130
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 003A62D0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003A5EC0
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[1064] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003A5F90

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A9ADAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\agp440.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
norton samples
Category: Quarantine
Date & Time,Risk,Activity,Status,Recommended Action
07/04/2010 17:49,High,19196e3a-624aaafe (Downloader) detected by Auto-Protect,Quarantined,Resolved - No Action
06/04/2010 21:32,High,wrxnasmoec.tmp (wrxnasmoec.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,asrmoxcenw.tmp (asrmoxcenw.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,cwnersmaox.tmp (cwnersmaox.tmp) detected by SONAR,Quarantined,Resolved - No Action
06/04/2010 21:32,High,crnoameswx.tmp (crnoameswx.tmp) detected by SONAR,Quarantined,Resolved - No Action


7/04/2010 19:13,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 95.136.81.45, local service Port (38940) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 87.238.155.82, local service Port (26057) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 92.126.65.219, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 92.114.246.99, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 84.146.229.229, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 89.243.222.117, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 77.120.53.131, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 77.120.53.131, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 82.154.67.164, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 84.146.229.229, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 77.120.53.131, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 87.119.186.226, local service Port (26057) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 91.206.54.25, local service Port (38940) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 109.121.200.122, local service Port (26057) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 93.172.166.86, local service Port (38940) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 109.121.200.122, local service Port (26057) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 77.188.226.115, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 78.150.65.42, local service Port (38940) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 91.48.66.9, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:12,Info,"Unused port blocking has blocked communications. Inbound TCP connection from 89.243.222.117, local service Port (3545) .",Detected,No Action Required,Firewall - Activities
07/04/2010 19:11,Info,"Unused port blocking has blocked communications. Inbound TCP connection fr

Category: Firewall - Network and Connections
Date & Time,Risk,Activity,Status,Recommended Action,Phone Number,Category,Gateway IP Address
13/04/2010 13:57,Info,"Connected to a protected network. (0,38)",Protected,No Action Required,"0,38",,
13/04/2010 13:57,Info,"Protecting your connection to a newly detected network on adapter \"WAN (PPP/SLIP) Interface\" (IP address: 88.105.87.237).",Detected,No Action Required,,Firewall - Network and Connections,
13/04/2010 03:56,Info,Connected to a protected network. (0.0.0.0),Protected,No Action Required,,,0.0.0.0
13/04/2010 03:56,Info,IP address has disappeared from adapter WAN (PPP/SLIP) Interface and is no longer being protected (IP address: 88.105.70.224).,Detected,No Action Required,,Firewall - Network and Connections,
13/04/2010 03:54,Info,"Connected to a protected network. (0,38)",Protected,No Action Required,"0,38",,
13/04/2010 03:54,Info,"Protecting your connection to a newly detected network on adapter \"WAN (PPP/SLIP) Interface\" (IP address: 88.105.70.224).",Detected,No Action Required,,Firewall - Network and Connections,
12/04/2010 19:40,Info,"Connected to a protected network. (0,38)",Protected,No Action Required,"0,38",,
12/04/2010 19:40,Info,"Protecting your connection to a newly detected network on adapter \"WAN (PPP/SLIP) Interface\" (IP address: 88.105.117.186).",Detected,No Action Required,,Firewall - Network and Connections,
12/04/2010 19:25,Info,"Connected to a protected network. (0,38)",Protected,No Action Required,"0,38",,
12/04/2010 19:25,Info,"Protecting your connection to a newly detected network on adapter \"WAN (PPP/SLIP) Interface\" (IP address: 88.105.99.96).",Detected,No Action Required,,Firewall - Network and Connections,
12/04/2010 18:19,Info,"Connected to a protected network. (0,38)",Protected,No Action Required,"0,38",,
12/04/2010 18:19,Info,"Protecting your connection to a newly detected network on adapter \"WAN (PPP/SLIP) Interface\" (IP address: 88.105.119.25).",Detecte


JUST HAD ANOTHER ATTEMPTED ATTACK


Attached Files


Edited by vince29, 13 April 2010 - 04:21 PM.


#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 13 April 2010 - 06:05 PM

Hello, vince29.

Ok, let's get started.



Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case LimeWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.



Step 1
  1. Restart your computer
  2. Before Windows loads, you will be prompted to choose which Operating System to start
  3. Use the up and down arrow key to select Microsoft Windows Recovery Console
  4. You must enter which Windows installation to log onto. Type 1 and press enter.
At the prompt, type the bold lines and press enter after each one. The italics tell you what is happening at each step.

ren c:\windows\system32\drivers\agp440.sys agp440.old
renames infected file so we keep it in case we need it

ren c:\windows\system32\drivers\atapi.sys atapi.old
renames infected file so we keep it in case we need it

copy c:\windows\servicepackfiles\i386\agp440.sys c:\windows\system32\drivers\agp440.sys
You should see 1 file(s) copied

copy c:\windows\servicepackfiles\i386\atapi.sys c:\windows\system32\drivers\atapi.sys
You should see 1 file(s) copied

Now reboot normally.



Step 2

Now, please re-run GMER as before.

etavares

Edited by etavares, 13 April 2010 - 06:06 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 14 April 2010 - 05:40 AM

hi
many thanks for you reply
i attempted the instructions but the agp ren line it said was not found or regognised & when i tried to restart the computer i had the blue screen of death & cuold not get the computer to work. i went back to you instructions & typed in the copy file lines again the agp would not add but the atapi one copied correctly. i was the able to run the computer again.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-14 11:25:49
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\vince\LOCALS~1\Temp\uxtdypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003758E8
.text C:\WINDOWS\Explorer.EXE[780] ntdll.dll!NtCreateKey 7C90D0EE 5 Bytes JMP 00375A88
.text C:\WINDOWS\Explorer.EXE[780] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003761D8
.text C:\WINDOWS\Explorer.EXE[780] ntdll.dll!NtSetValueKey 7C90DDCE 5 Bytes JMP 00375B58
.text C:\WINDOWS\Explorer.EXE[780] ntdll.dll!NtWriteFile 7C90DF7E 5 Bytes JMP 003759B8
.text C:\WINDOWS\Explorer.EXE[780] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00375780
.text C:\WINDOWS\Explorer.EXE[780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00375CF8
.text C:\WINDOWS\Explorer.EXE[780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00375C28
.text C:\WINDOWS\Explorer.EXE[780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00375DC8
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!OpenServiceW 77DE6FFD 5 Bytes JMP 00376378
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!StartServiceA 77DEFB58 5 Bytes JMP 00376038
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!StartServiceW 77DF3E94 5 Bytes JMP 00376108
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!OpenServiceA 77DF4C66 5 Bytes JMP 003762A8
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00375E98
.text C:\WINDOWS\Explorer.EXE[780] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00375F68
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[908] ntdll.dll!NtSetInformationThread 7C90DCAE 5 Bytes JMP 003856B8
.text C:\Documents and Settings\vince\Desktop\gmer\gmer.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 003857A8

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 14 April 2010 - 05:27 PM

Hmmm, odd but it looks better. Are you getting redirected at all? can you please post a fresh OTL log as before?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 15 April 2010 - 03:08 AM

Hi
attached new otl log no extra log was created is this correct.the internet logs from norton are not showing any high risk attacks lately but i am only connecting for short periods. the only message that s still occurring is shown below.

Remote control of local services
Default Block EPMAP

16
EPMAP is a protocol that can be used by one computer to change the configuration of the services that are running at another computer. This rule prevents EPMAP from modifying the services that are at the local computer.
Another computer that uses EPMAP can change the configuration of services that are at the local computer, or Norton Internet Security or Norton Personal Firewall prompts the user. The prompt allows the user to permit or disallow the communication, or to create a rule that allows the communication

OTL logfile created on: 15/04/2010 08:46:40 - Run 3
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\vince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 106.02 Gb Free Space | 72.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCE
Current User Name: vince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/18 09:32:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/06/19 10:07:38 | 000,333,960 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/19 10:42:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
MOD - [2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SYSTEM32\kmon.dll
MOD - [2010/03/27 00:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2010/02/10 20:12:08 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/18 09:35:36 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/09/18 09:33:17 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp71.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/06/17 16:44:25 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/23 22:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/25 22:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2010/04/13 11:36:17 | 000,042,368 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\agp440.old -- (agp440)
DRV - [2010/03/24 21:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/02/27 03:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/27 03:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/27 03:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/19 09:40:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:40:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:40:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 09:41:38 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100413.021\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 09:41:37 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100413.021\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 02:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/04 02:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/07 16:55:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/07 16:55:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/07 16:40:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/07/26 20:52:16 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/29 20:13:40 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2008/06/22 13:23:33 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\STEC3.sys -- (STEC3)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2007/02/06 09:38:02 | 000,028,288 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/16 07:58:18 | 000,378,880 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emBDA.sys -- (USB28xxBGA)
DRV - [2006/11/27 15:56:50 | 000,437,760 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanUZXP.SYS -- (ZY202_XP)
DRV - [2006/11/27 15:56:50 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50.sys -- (ZDPSp50)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/01/12 20:46:28 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottinghamforest.co.uk/page/Welcome
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions
[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/03/06 19:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/09/07 09:18:26 | 000,000,789 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Rising PC Doctor) - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\SYSTEM32\UrlFilter.dll (Beijing Rising Information Technology Co., Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...9687.3877314815 (Reg Error: Value error.)
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://146.101.138.189/MpegInst.cab (pmpeg4cam Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kmon.dll) - C:\WINDOWS\System32\kmon.dll (Beijing Rising Information Technology Co., Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{56a61af6-37f9-11dd-b1ac-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{6c970336-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{6c970337-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{828a9162-af52-11dd-b46d-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (KKNative.exe) - C:\WINDOWS\System32\kknative.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/13 22:46:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vince\Recent
[2010/04/12 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/04/12 19:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/04/12 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/04/11 22:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Desktop\gmer
[2010/04/11 11:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/11 10:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Local Settings\Application Data\Tific
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uexfat.dll
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uexfat.dll
[2010/04/10 08:47:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exfat.sys
[2010/04/10 08:46:29 | 000,000,000 | ---D | C] -- C:\86b8ead3c49cd40c6de3d67bf8bf9d
[2010/04/08 15:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/04/08 15:29:36 | 000,637,592 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:29:36 | 000,100,976 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:29:36 | 000,096,880 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:29:36 | 000,015,776 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 08:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Application Data\Tific
[2010/04/07 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 15:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 22:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 21:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2010/04/01 16:14:07 | 000,000,000 | ---D | C] -- C:\KU990i
[2010/04/01 16:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/03/24 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/03/16 22:25:05 | 000,000,000 | ---D | C] -- C:\Kontiki
[2010/02/12 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/06/15 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/05 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 12:31:48 | 000,237,568 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinsr.dll
[2009/04/09 12:31:48 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuins.dll
[2009/03/31 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/20 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/21 14:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2008/07/04 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/05/06 15:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/20 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/04/15 08:35:10 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/15 08:34:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/15 08:34:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/15 08:34:10 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/14 19:29:39 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\vince\ntuser.dat
[2010/04/14 19:29:39 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vince\NTUSER.INI
[2010/04/14 19:29:29 | 006,474,348 | -H-- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\IconCache.db
[2010/04/14 19:24:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/14 18:44:15 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/04/14 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/14 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/14 12:17:28 | 000,709,050 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/14 12:16:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 08:04:05 | 000,000,946 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/04/14 08:01:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Microsoft Office Word 2007.lnk
[2010/04/13 22:50:10 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defraggler.lnk
[2010/04/13 22:17:41 | 000,042,999 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/13 11:36:17 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2010/04/13 11:36:17 | 000,042,368 | ---- | M] () -- C:\WINDOWS\agp440.old
[2010/04/12 19:50:53 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:53 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:45 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/12 19:26:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 15:39:08 | 000,001,769 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/04/12 11:53:43 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/04/12 11:53:42 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2010/04/11 22:35:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 18:51:46 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/10 10:37:03 | 000,026,996 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/10 08:21:21 | 000,000,084 | ---- | M] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 19:31:37 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 17:03:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\user.ini
[2010/04/08 15:28:50 | 000,100,976 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:28:49 | 000,096,880 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:28:49 | 000,015,776 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 10:50:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:23 | 000,180,104 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 19:32:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\HijackThis.lnk
[2010/04/06 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/04/02 18:51:53 | 000,002,412 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:05 | 000,087,806 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/04/01 15:52:11 | 000,011,507 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.xlsx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 12:23:12 | 000,627,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 12:23:12 | 000,516,588 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/28 12:23:12 | 000,098,948 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/27 01:57:35 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\isolate.ini
[2010/03/25 17:23:35 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/25 17:14:51 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk
[2010/03/16 11:14:44 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\LimeWire 5.5.6.lnk
[2010/03/16 11:12:26 | 000,009,088 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100316_101222.reg
[2010/03/16 10:21:12 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/03/16 10:03:54 | 000,151,139 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\wmplayer.docx

========== Files Created - No Company Name ==========

[2010/04/14 12:09:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 11:27:00 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 22:17:41 | 000,042,999 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/12 19:53:25 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/12 19:50:53 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:52 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/11 22:35:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 14:24:05 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2010/04/10 10:36:58 | 000,026,996 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/08 17:03:42 | 000,000,049 | ---- | C] () -- C:\WINDOWS\user.ini
[2010/04/08 17:00:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 10:50:38 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:12 | 000,180,104 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 15:37:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/01 16:12:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/01 16:12:06 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:04 | 000,087,806 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/03/25 17:14:51 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk
[2010/03/25 16:22:31 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/16 11:14:44 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\LimeWire 5.5.6.lnk
[2010/03/16 11:12:24 | 000,009,088 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100316_101222.reg
[2010/03/16 10:03:52 | 000,151,139 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\wmplayer.docx
[2010/03/16 10:00:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/03/05 12:14:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/01/24 19:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/01/20 22:45:26 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\19720201.dat
[2010/01/20 22:45:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\art.udk
[2010/01/04 12:23:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2009/12/05 11:05:12 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\vince\CUSTOM.DICCUSTOM.DIC
[2009/10/02 09:42:58 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\vince\Mxcdr.ini
[2009/10/02 09:39:31 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Mxcdr.INI
[2009/09/14 16:50:53 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/07/29 15:34:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/07/29 15:26:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/07/29 15:23:26 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/17 19:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009/04/09 12:32:51 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2009/04/09 12:32:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2009/04/09 12:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2009/04/09 12:31:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2009/04/09 12:31:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2009/04/09 12:31:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2009/04/09 12:31:27 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2009/04/08 17:07:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\wklnhst.dat
[2009/03/11 10:51:27 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/01/24 10:02:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/01/24 10:02:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/01/24 10:02:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/01/24 10:02:09 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/20 10:29:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/20 10:29:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/20 10:29:36 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/20 10:29:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/20 10:29:28 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/11/22 17:15:52 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\vince\ntuser.dat
[2008/10/09 08:26:45 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/09 08:26:45 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/09 08:26:45 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/09 08:26:45 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/24 16:06:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\AVSDVDPlayer.m3u
[2008/09/16 12:53:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/09/16 12:53:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/09/16 12:53:36 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2008/09/05 21:30:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\DMX.bmk
[2008/09/03 20:59:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/26 13:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/08/25 20:30:15 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/24 13:58:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\rx_image.Cache
[2008/08/24 08:55:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/06/25 22:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/25 22:39:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2008/06/22 13:46:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2008/05/29 16:34:31 | 000,009,245 | ---- | C] () -- C:\WINDOWS\boc426.ini
[2008/05/23 12:08:04 | 001,245,064 | ---- | C] () -- C:\Documents and Settings\vince\SymLCSVC.EXE
[2008/05/15 21:11:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/09 12:59:44 | 000,000,304 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 11:16:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 20:52:17 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\KBasic.ini
[2008/04/29 18:50:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 17:18:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\fusioncache.dat
[2008/04/27 14:49:06 | 000,169,984 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 20:44:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/04/19 11:57:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/19 09:05:02 | 000,000,946 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/04/19 09:03:41 | 000,028,672 | -H-- | C] () -- C:\Documents and Settings\vince\ntuser.dat.LOG
[2008/04/19 09:03:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\vince\NTUSER.INI
[2008/04/19 09:02:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2006/12/29 17:25:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/12/05 14:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 22:55:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 22:47:34 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 22:42:02 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/08 22:41:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/06/08 22:41:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/08 22:41:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/08 22:11:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/10 13:13:12 | 000,000,883 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/09/10 07:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 07:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 07:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 07:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 07:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 07:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 07:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 07:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 07:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 07:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 07:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 07:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 07:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 07:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 07:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 07:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 17:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 17:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/02/04 12:53:08 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[1999/10/25 10:53:58 | 000,001,769 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
@Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
@Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
@Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62197B73
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50823280
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93EB7685
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
< End of report >


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 15 April 2010 - 05:57 PM

Hello, vince29.

OK, we'll keep an eye on it. The default Norton rule is to block that port and I don't see it open in your logs, so nothing bad shoudl be happening. It can also be legit. Let's continue on. Keep an eye on that.

Please pull anything out of hte recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.



Step 1

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :Files
    C:\86b8ead3c49cd40c6de3d67bf8bf9d
    :OTL
    SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare9)
    SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
    O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O28 - HKLM ShellExecuteHooks: {51C55F9E-C308-4c95-89AB-8858D8AFD819} - Reg Error: Key error. File not found
    @Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D
    @Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EP
    PJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
    @Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EP
    PJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
    @Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C265C458
    @Alternate Data Stream - 178 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF
    @Alternate Data Stream - 176 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F
    @Alternate Data Stream - 175 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44
    @Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B
    @Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9
    @Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DF695222
    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81F83028
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:162D3733
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C
    @Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE
    @Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62197B73
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC
    @Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F
    @Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1
    @Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:50823280
    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93EB7685
    @Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 2

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push



Step 3

In your reply, please post both OTL logs and hte ESET log.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 16 April 2010 - 03:14 PM

Hi
many thanks for your continued help

Esset scan

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv1.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv2.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv3.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv4.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinBankerfgv5.zip Win32/Bagle.gen.zip worm
C:\Program Files\Tiscali\Tiscali Internet\dlls\InstallDialer.exe a variant of Win32/Injector.AHE trojan
C:\WINDOWS\agp440.old Win32/Olmarik.XG trojan

OTL logfile created on: 16/04/2010 08:46:30 - Run 4
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\vince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 106.16 Gb Free Space | 72.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCE
Current User Name: vince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/18 09:32:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/06/19 10:07:38 | 000,333,960 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/19 10:42:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
MOD - [2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SYSTEM32\kmon.dll
MOD - [2010/03/27 00:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2010/02/10 20:12:08 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/18 09:35:36 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/09/18 09:33:17 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp71.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/06/17 16:44:25 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/23 22:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/25 22:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2010/04/13 11:36:17 | 000,042,368 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\agp440.old -- (agp440)
DRV - [2010/03/24 21:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/02/27 03:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/27 03:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/27 03:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/19 09:40:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:40:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:40:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 09:41:38 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100415.036\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 09:41:37 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100415.036\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 02:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/04 02:40:51 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/02/04 02:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/07 16:55:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/07 16:55:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/07 16:40:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100409.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/07/26 20:52:16 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/29 20:13:40 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2008/06/22 13:23:33 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\STEC3.sys -- (STEC3)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2007/02/06 09:38:02 | 000,028,288 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/16 07:58:18 | 000,378,880 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emBDA.sys -- (USB28xxBGA)
DRV - [2006/11/27 15:56:50 | 000,437,760 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanUZXP.SYS -- (ZY202_XP)
DRV - [2006/11/27 15:56:50 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50.sys -- (ZDPSp50)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/01/12 20:46:28 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottinghamforest.co.uk/page/Welcome
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions
[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/03/06 19:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/09/07 09:18:26 | 000,000,789 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Rising PC Doctor) - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\SYSTEM32\UrlFilter.dll (Beijing Rising Information Technology Co., Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...9687.3877314815 (Reg Error: Value error.)
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://146.101.138.189/MpegInst.cab (pmpeg4cam Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kmon.dll) - C:\WINDOWS\System32\kmon.dll (Beijing Rising Information Technology Co., Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{56a61af6-37f9-11dd-b1ac-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{6c970336-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{6c970337-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{828a9162-af52-11dd-b46d-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (KKNative.exe) - C:\WINDOWS\System32\kknative.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/16 08:32:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/15 20:09:15 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/04/13 22:46:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vince\Recent
[2010/04/12 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/04/12 19:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/04/12 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/04/11 22:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Desktop\gmer
[2010/04/11 11:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/11 10:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Local Settings\Application Data\Tific
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uexfat.dll
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uexfat.dll
[2010/04/10 08:47:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exfat.sys
[2010/04/10 08:46:29 | 000,000,000 | ---D | C] -- C:\86b8ead3c49cd40c6de3d67bf8bf9d
[2010/04/08 15:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/04/08 15:29:36 | 000,637,592 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:29:36 | 000,100,976 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:29:36 | 000,096,880 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:29:36 | 000,015,776 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 08:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Application Data\Tific
[2010/04/07 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 15:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 22:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 21:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2010/04/01 16:14:07 | 000,000,000 | ---D | C] -- C:\KU990i
[2010/04/01 16:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/03/24 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/02/12 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/06/15 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/05 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 12:31:48 | 000,237,568 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinsr.dll
[2009/04/09 12:31:48 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuins.dll
[2009/03/31 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/20 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/21 14:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2008/07/04 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/05/06 15:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/20 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/04/16 08:39:13 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/16 08:38:50 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/16 08:38:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/16 08:38:17 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/16 08:36:51 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vince\NTUSER.INI
[2010/04/16 08:36:50 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\vince\ntuser.dat
[2010/04/16 08:24:06 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/16 08:22:40 | 000,709,594 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/15 21:33:47 | 010,197,744 | -H-- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\IconCache.db
[2010/04/14 18:44:15 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/04/14 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/14 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/14 12:16:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 08:04:05 | 000,000,946 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/04/14 08:01:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Microsoft Office Word 2007.lnk
[2010/04/13 22:50:10 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defraggler.lnk
[2010/04/13 22:17:41 | 000,042,999 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/13 11:36:17 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2010/04/13 11:36:17 | 000,042,368 | ---- | M] () -- C:\WINDOWS\agp440.old
[2010/04/12 19:50:53 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:53 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:45 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/12 19:26:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 15:39:08 | 000,001,769 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/04/12 11:53:43 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/04/12 11:53:42 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2010/04/11 22:35:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 18:51:46 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/10 10:37:03 | 000,026,996 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/10 08:21:21 | 000,000,084 | ---- | M] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 19:31:37 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 17:03:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\user.ini
[2010/04/08 15:28:50 | 000,100,976 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:28:49 | 000,096,880 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:28:49 | 000,015,776 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 10:50:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:23 | 000,180,104 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 19:32:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\HijackThis.lnk
[2010/04/06 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/04/02 18:51:53 | 000,002,412 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:05 | 000,087,806 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/04/01 15:52:11 | 000,011,507 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.xlsx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 12:23:12 | 000,627,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 12:23:12 | 000,516,588 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/28 12:23:12 | 000,098,948 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/27 01:57:35 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\isolate.ini
[2010/03/25 17:23:35 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/25 17:14:51 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk

========== Files Created - No Company Name ==========

[2010/04/14 12:09:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 11:27:00 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 22:17:41 | 000,042,999 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/12 19:53:25 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/12 19:50:53 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:52 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/11 22:35:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 14:24:05 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2010/04/10 10:36:58 | 000,026,996 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/08 17:03:42 | 000,000,049 | ---- | C] () -- C:\WINDOWS\user.ini
[2010/04/08 17:00:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 10:50:38 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:12 | 000,180,104 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 15:37:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/01 16:12:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/01 16:12:06 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:04 | 000,087,806 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/03/25 17:14:51 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk
[2010/03/25 16:22:31 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/05 12:14:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/01/24 19:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/01/20 22:45:26 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\19720201.dat
[2010/01/20 22:45:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\art.udk
[2010/01/04 12:23:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2009/12/05 11:05:12 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\vince\CUSTOM.DICCUSTOM.DIC
[2009/10/02 09:42:58 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\vince\Mxcdr.ini
[2009/10/02 09:39:31 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Mxcdr.INI
[2009/09/14 16:50:53 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/07/29 15:34:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/07/29 15:26:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/07/29 15:23:26 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/17 19:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009/04/09 12:32:51 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2009/04/09 12:32:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2009/04/09 12:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2009/04/09 12:31:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2009/04/09 12:31:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2009/04/09 12:31:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2009/04/09 12:31:27 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2009/04/08 17:07:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\wklnhst.dat
[2009/03/11 10:51:27 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/01/24 10:02:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/01/24 10:02:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/01/24 10:02:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/01/24 10:02:09 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/20 10:29:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/20 10:29:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/20 10:29:36 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/20 10:29:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/20 10:29:28 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/11/22 17:15:52 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\vince\ntuser.dat
[2008/10/09 08:26:45 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/09 08:26:45 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/09 08:26:45 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/09 08:26:45 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/24 16:06:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\AVSDVDPlayer.m3u
[2008/09/16 12:53:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/09/16 12:53:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/09/16 12:53:36 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2008/09/05 21:30:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\DMX.bmk
[2008/09/03 20:59:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/26 13:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/08/25 20:30:15 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/24 13:58:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\rx_image.Cache
[2008/08/24 08:55:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/06/25 22:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/25 22:39:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2008/06/22 13:46:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2008/05/29 16:34:31 | 000,009,245 | ---- | C] () -- C:\WINDOWS\boc426.ini
[2008/05/23 12:08:04 | 001,245,064 | ---- | C] () -- C:\Documents and Settings\vince\SymLCSVC.EXE
[2008/05/15 21:11:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/09 12:59:44 | 000,000,304 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 11:16:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 20:52:17 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\KBasic.ini
[2008/04/29 18:50:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 17:18:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\fusioncache.dat
[2008/04/27 14:49:06 | 000,169,984 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 20:44:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/04/19 11:57:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/19 09:05:02 | 000,000,946 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/04/19 09:03:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\vince\ntuser.dat.LOG
[2008/04/19 09:03:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\vince\NTUSER.INI
[2008/04/19 09:02:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2006/12/29 17:25:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/12/05 14:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 22:55:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 22:47:34 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 22:42:02 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/08 22:41:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/06/08 22:41:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/08 22:41:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/08 22:11:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/10 13:13:12 | 000,000,883 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/09/10 07:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 07:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 07:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 07:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 07:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 07:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 07:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 07:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 07:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 07:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 07:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 07:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 07:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 07:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 07:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 07:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 17:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 17:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/02/04 12:53:08 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[1999/10/25 10:53:58 | 000,001,769 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >
All processes killed
Error: Unable to interpret <Files> in the current context!
Error: Unable to interpret <C:\86b8ead3c49cd40c6de3d67bf8bf9d> in the current context!
========== OTL ==========
Service RoxLiveShare9 stopped successfully!
Service RoxLiveShare9 deleted successfully!
Service ACDaemon stopped successfully!
Service ACDaemon deleted successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\SITEguard deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2201595877-1149870447-2797179189-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{51C55F9E-C308-4c95-89AB-8858D8AFD819} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51C55F9E-C308-4c95-89AB-8858D8AFD819}\ deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EP .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EP .
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C265C458 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:13B137AF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEFF768F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:37F44C44 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0FB9F88B deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E98C5DD9 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A9662AE0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DF695222 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:81F83028 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:162D3733 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4220A65C deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3C75E5BE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:62197B73 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BA4AE5FC deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BB24555F deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:92D18A5E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:89CC7FD8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:72E546C1 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2FAFBD6A deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:50823280 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:93EB7685 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:478FEFC3 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41661 bytes

User: hazel
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 148745 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 7654 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 529617 bytes
->Java cache emptied: 96949 bytes
->Flash cache emptied: 9078 bytes

User: vince
->Temp folder emptied: 895841 bytes
->Temporary Internet Files folder emptied: 16399358 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 658 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98592 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 545294270 bytes

Total Files Cleaned = 538.00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04162010_083210

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_624.dat not found!

Registry entries deleted on Reboot...


#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:47 AM

Posted 16 April 2010 - 05:25 PM

Hello, vince29.

How's everything running on your end?

The ESET log showed a Bagle worm that Spybot had already caught. It may have a false positive with the Tiscali program. That appears to be a legitimate Italian ISP. Now that we disabled the rootkit, it caught the old version of the infected driver that we already replaced.

So, a clean report. We'll script out that infected driver here.

Please make sure to copy the colon (":") before Files...it looks like it was missed in the last post and OTL didn't quite fix everything as a result.




Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 20 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 20 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u20-windows-i586-p.exe to install the newest version.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\WINDOWS\agp440.old
    C:\86b8ead3c49cd40c6de3d67bf8bf9d
    :OTL
    DRV - [2010/04/13 11:36:17 | 000,042,368 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\agp440.old -- (agp440)
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 vince29

vince29
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:05:47 AM

Posted 17 April 2010 - 03:00 AM

Hi
the system appears to be running fine there have been no high risk attempts to connect or redirescts. the other infections must have been left over from 3 years ago when an engineer came to fix the computer.


OTL logfile created on: 17/04/2010 08:46:35 - Run 5
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\vince\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.95 Gb Total Space | 106.04 Gb Free Space | 72.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VINCE
Current User Name: vince
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/17 08:45:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaws.exe
PRC - [2010/04/17 08:45:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
PRC - [2010/03/15 14:47:22 | 001,303,784 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccsvchst.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/09/18 09:32:58 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\sfus.exe
PRC - [2009/06/19 10:07:38 | 000,333,960 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\SPAMfighter\SFAgent.exe
PRC - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2008/04/19 10:42:11 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe


========== Modules (SafeList) ==========

MOD - [2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
MOD - [2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\SYSTEM32\kmon.dll
MOD - [2010/03/27 00:52:36 | 000,415,088 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\asoehook.dll
MOD - [2010/02/10 20:12:08 | 000,496,872 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/09/18 09:35:36 | 000,102,400 | ---- | M] (RealPlayer) -- c:\Program Files\Real\RealPlayer\browserrecord\chrome\hook\rpchromebrowserrecordhelper.dll
MOD - [2009/09/18 09:33:17 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcp71.dll
MOD - [2009/08/13 14:55:04 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2009/07/12 09:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 09:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\microsoft.vc90.crt\msvcp90.dll
MOD - [2009/06/17 16:44:25 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\msvcr71.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/15 14:47:22 | 000,779,496 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/02/26 00:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe -- (NIS)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/06 10:18:50 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/10/23 22:58:06 | 000,582,424 | ---- | M] (ParetoLogic Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\XoftSpySE\6\xoftspyservice.exe -- (XoftSpyService)
SRV - [2009/06/19 10:08:14 | 000,189,064 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)
SRV - [2008/06/09 10:37:44 | 000,053,392 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2008/02/27 17:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\PSIService.exe -- (ProtexisLicensing)
SRV - [2004/10/25 22:13:32 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)


========== Driver Services (SafeList) ==========

DRV - [2010/03/24 21:38:08 | 000,536,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\BASHDefs\20100324.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/03/15 14:47:30 | 000,116,328 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/02/27 03:23:54 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS -- (SymIRON)
DRV - [2010/02/27 03:23:21 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SRTSP.SYS -- (SRTSP)
DRV - [2010/02/27 03:23:21 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/26 00:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys -- (ccHP)
DRV - [2010/02/19 09:40:19 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/19 09:40:18 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/19 09:40:18 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/02/04 09:41:38 | 001,324,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100416.038\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/02/04 09:41:37 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\VirusDefs\20100416.038\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 02:40:52 | 000,362,032 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\NIS\1106000.020\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/02/04 02:40:51 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys -- (SymIM)
DRV - [2010/02/04 02:40:50 | 000,172,592 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMEFA.SYS -- (SymEFA)
DRV - [2009/12/07 16:55:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/12/07 16:55:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/12/07 16:40:46 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/11/05 23:06:13 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NIS\1106000.020\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 23:37:22 | 000,329,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.1.0.19\Definitions\IPSDefs\20100415.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2009/10/04 22:33:14 | 000,115,312 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/07/26 20:52:16 | 000,153,104 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2009/06/30 11:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/05/29 20:13:40 | 000,079,888 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2008/06/22 13:23:33 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\STEC3.sys -- (STEC3)
DRV - [2008/04/14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\MPE.sys -- (MPE)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/06/15 11:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)
DRV - [2007/02/06 09:38:02 | 000,028,288 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emOEM.sys -- (USB28xxOEM)
DRV - [2007/01/16 07:58:18 | 000,378,880 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emBDA.sys -- (USB28xxBGA)
DRV - [2006/11/27 15:56:50 | 000,437,760 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\WlanUZXP.SYS -- (ZY202_XP)
DRV - [2006/11/27 15:56:50 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ZDPSp50.sys -- (ZDPSp50)
DRV - [2006/11/21 05:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/01/12 20:46:28 | 000,252,928 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\afc.sys -- (Afc)
DRV - [2005/01/10 19:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 19:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 13:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/06/15 22:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/05 13:40:38 | 000,019,584 | ---- | M] (Pinnacle Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2004/04/06 14:08:06 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2004/04/06 14:07:58 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2004/04/06 14:07:54 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/03/05 22:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 22:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 22:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/03/02 09:26:58 | 000,050,007 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2004/03/02 09:24:16 | 000,127,065 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\adiusbaw.sys -- (adiusbaw)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [1999/09/10 12:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.co.uk/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nottinghamforest.co.uk/page/Welcome
IE - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions
[2009/12/20 17:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/03/06 19:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vince\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2009/09/07 09:18:26 | 000,000,789 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Rising PC Doctor) - {98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} - C:\WINDOWS\SYSTEM32\UrlFilter.dll (Beijing Rising Information Technology Co., Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.6.0.32\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [DLBUCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBUtime.DLL ()
O4 - HKLM..\Run: [SPAMfighter Agent] C:\Program Files\SPAMfighter\SFAgent.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O4 - HKU\S-1-5-18..\RunOnce: [KeyScrambler] C:\Program Files\KeyScrambler\getting_started.html ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108855
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 223
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKU\S-1-5-21-2201595877-1149870447-2797179189-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...9687.3877314815 (Reg Error: Value error.)
O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} http://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex/eB...l_v1-0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {EAEFAD15-8753-45EF-94B0-1BAA7970CC21} http://146.101.138.189/MpegInst.cab (pmpeg4cam Class)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (kmon.dll) - C:\WINDOWS\System32\kmon.dll (Beijing Rising Information Technology Co., Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vince\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{523811b5-15ef-11de-b63e-4d6564696130}\Shell\AutoRun\command - "" = G:\StartClickFreeBackup.exe -- File not found
O33 - MountPoints2\{56a61af6-37f9-11dd-b1ac-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{6c970336-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{6c970337-ed81-11de-ba38-4d6564696130}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
O33 - MountPoints2\{828a9162-af52-11dd-b46d-4d6564696130}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell - "" = AutoRun
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f665e09e-f3a5-11de-ba51-4d6564696130}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (KKNative.exe) - C:\WINDOWS\System32\kknative.exe (Beijing Rising Information Technology Co., Ltd.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/17 08:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/17 08:45:48 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/17 08:45:48 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/17 08:45:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/17 08:45:48 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/16 08:56:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/16 08:32:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/04/15 20:09:15 | 000,047,408 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2010/04/13 22:46:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vince\Recent
[2010/04/12 19:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\XoftSpySE
[2010/04/12 19:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\XoftSpySE
[2010/04/12 19:50:38 | 000,000,000 | ---D | C] -- C:\Program Files\XoftSpySE6
[2010/04/11 22:39:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Desktop\gmer
[2010/04/11 11:54:18 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/11 10:20:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Local Settings\Application Data\Tific
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uexfat.dll
[2010/04/10 08:47:08 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uexfat.dll
[2010/04/10 08:47:06 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exfat.sys
[2010/04/08 15:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Rising
[2010/04/08 15:29:36 | 000,637,592 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:29:36 | 000,100,976 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:29:36 | 000,096,880 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:29:36 | 000,015,776 | ---- | C] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 08:40:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vince\Application Data\Tific
[2010/04/07 15:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/07 15:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/07 15:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/06 22:42:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/06 22:41:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/03 21:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NSV
[2010/04/01 16:14:07 | 000,000,000 | ---D | C] -- C:\KU990i
[2010/04/01 16:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2010/03/24 10:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2010/02/12 16:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2009/06/15 09:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2009/05/05 22:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009/04/09 12:31:48 | 000,237,568 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinsr.dll
[2009/04/09 12:31:48 | 000,110,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuins.dll
[2009/03/31 14:50:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/03/20 21:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/09/21 14:55:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\CyberLink
[2008/07/04 13:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2008/05/06 15:25:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/04/20 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/30 09:35:00 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuiesc.dll
[2007/01/30 09:22:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuinpa.dll
[2007/01/30 09:17:02 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlbuhbn3.dll
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/06/08 22:09:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/11 10:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[1980/01/01 00:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2010/04/17 08:45:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/17 08:45:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/17 08:45:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/17 08:45:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/17 08:45:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010/04/17 08:37:39 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/17 08:36:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/17 08:36:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/04/17 08:36:20 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/17 08:35:22 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\vince\ntuser.dat
[2010/04/17 08:35:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\vince\NTUSER.INI
[2010/04/17 08:31:11 | 000,001,257 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\1271489453360-integrated.jnlp
[2010/04/17 08:24:08 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/16 18:00:00 | 000,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/16 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/04/16 17:47:00 | 000,000,388 | ---- | M] () -- C:\WINDOWS\tasks\AWC Update.job
[2010/04/16 12:39:54 | 010,199,054 | -H-- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\IconCache.db
[2010/04/16 11:14:53 | 000,000,946 | ---- | M] () -- C:\WINDOWS\dellstat.ini
[2010/04/16 08:22:40 | 000,709,594 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\Cat.DB
[2010/04/14 12:16:52 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 08:01:34 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Microsoft Office Word 2007.lnk
[2010/04/13 22:50:10 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defraggler.lnk
[2010/04/13 22:17:41 | 000,042,999 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/13 11:36:17 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agp440.sys
[2010/04/12 19:50:53 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:53 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:45 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/12 19:26:36 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 15:39:08 | 000,001,769 | ---- | M] () -- C:\WINDOWS\SAGE.INI
[2010/04/12 11:53:43 | 000,000,640 | ---- | M] () -- C:\WINDOWS\System32\SGLCH32.USR
[2010/04/12 11:53:42 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\SageInformer50.ssf
[2010/04/11 22:35:33 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:13 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 18:51:46 | 000,000,082 | ---- | M] () -- C:\WINDOWS\SGREP32.INI
[2010/04/11 11:54:21 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vince\Desktop\OTL.exe
[2010/04/10 10:37:03 | 000,026,996 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/10 08:21:21 | 000,000,084 | ---- | M] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 19:31:37 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/08 17:03:42 | 000,000,049 | ---- | M] () -- C:\WINDOWS\user.ini
[2010/04/08 15:28:50 | 000,100,976 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\UrlFilter.dll
[2010/04/08 15:28:49 | 000,637,592 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kmon.dll
[2010/04/08 15:28:49 | 000,096,880 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\KakaTool.dll
[2010/04/08 15:28:49 | 000,015,776 | ---- | M] (Beijing Rising Information Technology Co., Ltd.) -- C:\WINDOWS\System32\kknative.exe
[2010/04/08 10:50:38 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:23 | 000,180,104 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 19:32:14 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\HijackThis.lnk
[2010/04/06 18:00:00 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Pareto UNS.job
[2010/04/02 18:51:53 | 000,002,412 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:05 | 000,087,806 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/04/01 15:52:11 | 000,011,507 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.xlsx
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/28 12:23:12 | 000,627,978 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/28 12:23:12 | 000,516,588 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/28 12:23:12 | 000,098,948 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/27 01:57:35 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NIS\1106000.020\isolate.ini
[2010/03/25 17:23:35 | 000,000,146 | ---- | M] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/25 17:14:51 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk

========== Files Created - No Company Name ==========

[2010/04/17 08:31:10 | 000,001,257 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\1271489453360-integrated.jnlp
[2010/04/14 12:09:42 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/14 11:27:00 | 2145,538,048 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/13 22:17:41 | 000,042,999 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\1NORTON 2.jpg
[2010/04/13 22:14:20 | 000,029,840 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\13042010_214300.jpg
[2010/04/13 22:01:29 | 000,016,158 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\PACKED.jpg
[2010/04/12 19:53:25 | 000,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/04/12 19:50:53 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\XoftSpySE.lnk
[2010/04/12 19:50:52 | 000,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/04/12 19:50:44 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2010/04/11 22:35:30 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\gmer.zip
[2010/04/11 22:31:05 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\defogger_reenable
[2010/04/11 22:23:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Defogger.exe
[2010/04/11 14:24:05 | 000,000,082 | ---- | C] () -- C:\WINDOWS\SGREP32.INI
[2010/04/10 10:36:58 | 000,026,996 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100410_103656.reg
[2010/04/08 17:03:42 | 000,000,049 | ---- | C] () -- C:\WINDOWS\user.ini
[2010/04/08 17:00:17 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\kkdelay.def
[2010/04/08 10:50:38 | 000,002,284 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\Google Chrome.lnk
[2010/04/07 20:31:12 | 000,180,104 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\cc_20100407_203110.reg
[2010/04/07 15:37:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/01 16:12:06 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/01 16:12:06 | 000,002,412 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/04/01 15:53:04 | 000,087,806 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\T4 ROSTER.pdf
[2010/03/25 17:14:51 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\vince\Desktop\WinRAR.lnk
[2010/03/25 16:22:31 | 000,000,146 | ---- | C] () -- C:\Documents and Settings\vince\My Documents\Setting.ini
[2010/03/05 12:14:55 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2010/01/24 19:56:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2010/01/20 22:45:26 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\19720201.dat
[2010/01/20 22:45:26 | 000,000,016 | -H-- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\art.udk
[2010/01/04 12:23:13 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.ini
[2009/12/05 11:05:12 | 000,000,273 | ---- | C] () -- C:\Documents and Settings\vince\CUSTOM.DICCUSTOM.DIC
[2009/10/02 09:42:58 | 000,000,286 | ---- | C] () -- C:\Documents and Settings\vince\Mxcdr.ini
[2009/10/02 09:39:31 | 000,000,046 | ---- | C] () -- C:\WINDOWS\Mxcdr.INI
[2009/09/14 16:50:53 | 000,290,918 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2009/07/29 15:34:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI
[2009/07/29 15:26:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/07/29 15:23:26 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/06/17 19:06:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009/04/09 12:32:51 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2009/04/09 12:32:51 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2009/04/09 12:31:47 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2009/04/09 12:31:44 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2009/04/09 12:31:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2009/04/09 12:31:34 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2009/04/09 12:31:27 | 000,405,504 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2009/04/08 17:07:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\wklnhst.dat
[2009/03/11 10:51:27 | 000,000,058 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2009/01/24 10:02:09 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2009/01/24 10:02:09 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar3.dll
[2009/01/24 10:02:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2009/01/24 10:02:09 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/12/20 10:29:49 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2008/12/20 10:29:36 | 000,000,342 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2008/12/20 10:29:36 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2008/12/20 10:29:31 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2008/12/20 10:29:28 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2008/11/22 17:15:52 | 009,175,040 | ---- | C] () -- C:\Documents and Settings\vince\ntuser.dat
[2008/10/09 08:26:45 | 000,209,040 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/10/09 08:26:45 | 000,204,944 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/10/09 08:26:45 | 000,196,752 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/10/09 08:26:45 | 000,192,656 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/10/09 08:26:45 | 000,024,720 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/09/24 16:06:16 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\AVSDVDPlayer.m3u
[2008/09/16 12:53:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/09/16 12:53:46 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2008/09/16 12:53:36 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2008/09/05 21:30:14 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\DMX.bmk
[2008/09/03 20:59:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008/08/26 13:12:22 | 000,213,072 | ---- | C] () -- C:\WINDOWS\System32\DNLEng.dll
[2008/08/25 20:30:15 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/24 13:58:10 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\rx_image.Cache
[2008/08/24 08:55:53 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2008/06/25 22:41:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/06/25 22:39:12 | 000,000,053 | ---- | C] () -- C:\WINDOWS\GSP_ApRg.INI
[2008/06/22 13:46:37 | 000,000,029 | ---- | C] () -- C:\WINDOWS\AlphaPlayer.INI
[2008/05/29 16:34:31 | 000,009,245 | ---- | C] () -- C:\WINDOWS\boc426.ini
[2008/05/23 12:08:04 | 001,245,064 | ---- | C] () -- C:\Documents and Settings\vince\SymLCSVC.EXE
[2008/05/15 21:11:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/05/09 12:59:44 | 000,000,304 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/09 11:16:50 | 000,000,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/05/06 20:52:17 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\vince\Application Data\KBasic.ini
[2008/04/29 18:50:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/28 17:18:29 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\fusioncache.dat
[2008/04/27 14:49:06 | 000,169,984 | ---- | C] () -- C:\Documents and Settings\vince\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/19 20:44:54 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/04/19 11:57:10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/19 09:05:02 | 000,000,946 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/04/19 09:03:41 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\vince\ntuser.dat.LOG
[2008/04/19 09:03:41 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\vince\NTUSER.INI
[2008/04/19 09:02:44 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/02/19 02:29:24 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlbuinsb.dll
[2007/02/19 02:29:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlbucub.dll
[2006/12/29 17:25:06 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mp4spvd.dll
[2006/12/05 14:29:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/07/15 19:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 19:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/07/15 19:35:24 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/06/08 22:55:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/08 22:47:34 | 000,000,344 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/08 22:42:02 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/06/08 22:41:53 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2005/06/08 22:41:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/06/08 22:41:47 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/06/08 22:11:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/05/25 13:07:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dlbucnv4.dll
[2005/05/03 20:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/03/01 15:30:20 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/08/10 13:13:12 | 000,000,883 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/07/01 18:38:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll
[2004/07/01 18:38:38 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll
[2004/07/01 18:38:28 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2004/07/01 18:38:28 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2003/10/02 19:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/09/10 07:44:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\SGWebBrowser.dll
[2002/09/10 07:44:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\SGCtrlEx.dll
[2002/09/10 07:44:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SageFolderBrowser.dll
[2002/09/10 07:43:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\SGTBAR32.DLL
[2002/09/10 07:43:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGSTAT32.DLL
[2002/09/10 07:43:32 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\SGLOGO32.DLL
[2002/09/10 07:43:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SGJPEG32.dll
[2002/09/10 07:43:04 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\SGCDLG32.DLL
[2002/09/10 07:42:24 | 000,270,336 | ---- | C] () -- C:\WINDOWS\System32\SGLIST32.DLL
[2002/09/10 07:41:52 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\SGTOOL32.DLL
[2002/09/10 07:41:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SGINTL32.DLL
[2002/09/10 07:41:30 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\SGDT32.DLL
[2002/09/10 07:41:26 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\SGHELP32.DLL
[2002/09/10 07:41:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SGAPPBAR.DLL
[2002/09/10 07:41:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SG3D32.DLL
[2002/09/10 07:41:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SGCOM32.DLL
[2002/09/06 17:10:44 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\SGLCH32.DLL
[2002/09/06 17:00:46 | 001,552,384 | ---- | C] () -- C:\WINDOWS\System32\SGREP32.DLL
[2002/04/16 11:27:54 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\CdI5T.drv
[2002/02/04 12:53:08 | 000,001,191 | ---- | C] () -- C:\WINDOWS\SAGEINTL.INI
[1999/10/25 10:53:58 | 000,001,769 | ---- | C] () -- C:\WINDOWS\SAGE.INI
[1998/03/26 01:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SgHmZLib.dll
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Desktop:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 55838 bytes -> C:\Documents and Settings\All Users\Application Data\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
< End of report >
========== FILES ==========
C:\WINDOWS\agp440.old moved successfully.
Folder move failed. C:\86b8ead3c49cd40c6de3d67bf8bf9d\update scheduled to be moved on reboot.
Folder move failed. C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP3QFE scheduled to be moved on reboot.
Folder move failed. C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP3GDR scheduled to be moved on reboot.
Folder move failed. C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP2QFE scheduled to be moved on reboot.
Folder move failed. C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP2GDR scheduled to be moved on reboot.
C:\86b8ead3c49cd40c6de3d67bf8bf9d folder moved successfully.
========== OTL ==========
Service agp440 stopped successfully!
Service agp440 deleted successfully!
File C:\WINDOWS\agp440.old not found.

OTL by OldTimer - Version 3.2.1.1 log created on 04172010_081826

Files\Folders moved on Reboot...
File\Folder C:\86b8ead3c49cd40c6de3d67bf8bf9d\update not found!
File\Folder C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP3QFE not found!
File\Folder C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP3GDR not found!
File\Folder C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP2QFE not found!
File\Folder C:\86b8ead3c49cd40c6de3d67bf8bf9d\SP2GDR not found!

Registry entries deleted on Reboot...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users