Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recovering from XP Antimalware 2010 + Trojan.Vundo + Trojan.BHO.H + Rootkit.TDSS + more


  • This topic is locked This topic is locked
25 replies to this topic

#1 Mrunreal

Mrunreal

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 09 April 2010 - 09:40 AM

Hiya, I've just had an awful couple of days removing these viruses, I'm surprised my computer still works!
I'm sure there are still some infected files on my computer or possibly complete viruses because google chrome has ceased to work (even after reinstalling) and I am getting pop-ups in firefox which avast has to keep blocking.

I've also reinstalled java.

If anyone could help me that would be great. Thank you.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:29:29, on 09/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\Jack D.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} (CyImage Class) - http://cyimg7.cyworld.com/ImageUpload/CyPi...33.cab?20081124
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2...15106/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10819 bytes

Edited by Mrunreal, 09 April 2010 - 09:43 AM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 12 April 2010 - 10:10 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 12 April 2010 - 01:10 PM

Hiya thanks so much for helping me smile.gif
I'll try and explain in detail what problems I've had.

The first thing was the XP anti malware 2010 which was one of those roguewares that seems to be going around advertising fake antivirus programs.
After removing it I found it had deleted ndis.sys and so replaced it, I also found that the user32.dll was infected but I managed to replace that too. The pc was still running slow so I ended up trying combofix, which crashed to bluescreen halfway through scanning. I eventually got it working in safemode yesterday. The PC has been running alot faster since then. However, I'm still having the same problems with google chrome not working but I haven't had a firefox pop up yet. TDSSkiller showed atapi.sys to be infected with a rootkit and no matter what I do (delete replace it or let tdsskiller try and remove it) it keeps coming back infected.
I hope that helps you a bit.

Here are my logs:

OTL logfile created on: 12/04/2010 17:57:40 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Jack D\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 32.40 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
Drive D: | 108.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 128.00 Gb Total Space | 18.75 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKSPC
Current User Name: Jack D
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/12 17:57:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack D\Desktop\OTL.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/09 11:24:08 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/08/06 19:58:38 | 000,331,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2009/07/01 17:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/03/21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
PRC - [2006/12/18 14:34:36 | 000,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/01/18 16:37:30 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/01/18 16:08:36 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe
PRC - [2004/10/08 10:52:32 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE


========== Modules (SafeList) ==========

MOD - [2010/04/12 17:57:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack D\Desktop\OTL.exe
MOD - [2007/09/27 11:40:14 | 000,488,523 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2007/07/11 14:06:58 | 000,042,672 | ---- | M] (Stardock.Net, Inc) -- C:\WINDOWS\system32\wbsys.dll
MOD - [2007/07/11 14:06:58 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand | Stopped] -- -- (ALG)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/03/09 11:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/03/09 11:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/03/09 11:24:08 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/08/11 00:19:16 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2009/08/11 00:19:08 | 000,132,144 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2009/08/06 19:58:38 | 000,331,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/20 14:05:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Disabled | Stopped] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2007/05/28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2007/03/21 19:57:56 | 000,516,096 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 2 Pro\nlsvc.exe -- (nlsvc)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


========== Driver Services (SafeList) ==========

DRV - [2010/04/04 23:48:48 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010/03/16 07:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/09 11:12:54 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/03/09 11:12:33 | 000,162,640 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/03/09 11:09:08 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/03/09 11:08:41 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/03/09 11:08:30 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/03/09 11:08:15 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/15 11:24:00 | 000,304,928 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009/09/23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/07/31 20:34:30 | 000,011,296 | ---- | M] (Rsupport Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VRVD302.sys -- (VRVD302)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/05/14 19:08:40 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tapvpn.sys -- (tapvpn)
DRV - [2008/10/03 15:47:38 | 000,279,712 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2008/10/03 15:47:37 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/27 09:39:42 | 000,332,928 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2008/06/07 22:02:06 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/26 16:09:42 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/14 07:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/03/05 18:27:34 | 000,026,656 | ---- | M] (Intellon, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PLCND532.sys -- (PLCND532)
DRV - [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/04/23 12:03:04 | 000,082,200 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nltdi.sys -- (nltdi)
DRV - [2007/03/24 04:20:24 | 000,046,208 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/01/16 02:09:06 | 000,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/11/10 14:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2006/10/18 20:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/03/31 03:39:54 | 000,013,532 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SjyPkt.sys -- (SjyPkt)
DRV - [2006/03/20 17:34:56 | 001,452,032 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\p17filt.sys -- (p17filt)
DRV - [2006/03/17 10:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 12:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/05/25 09:39:06 | 000,004,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Downloads\RamTest\RTCore32.sys -- (RTCore32)
DRV - [2005/01/31 11:26:06 | 000,912,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/01/31 11:19:20 | 000,007,104 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/01/31 11:12:46 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/07 23:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/04 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/03/24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A 15 AE 88 47 13 CA 01 [binary data]
IE - HKU\S-1-5-21-682003330-796845957-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {566D6332-1439-43bf-857E-7AD5F137AD0C}:1.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: chromifox@altmusictv.com:3.6.4

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009/03/20 12:41:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/09 03:59:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/09 03:59:04 | 000,000,000 | ---D | M]

[2008/07/01 00:36:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Extensions
[2010/04/11 22:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions
[2010/02/23 12:27:07 | 000,000,000 | ---D | M] (Rikaichan) -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2010/03/16 18:58:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/15 11:46:08 | 000,000,000 | ---D | M] (Names Dictionary for rikaichan) -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\{566D6332-1439-43bf-857E-7AD5F137AD0C}
[2009/12/14 13:31:46 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/12/15 11:46:05 | 000,000,000 | ---D | M] (Japanese-English Dictionary for rikaichan) -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\{6D898772-AD34-4c16-86BB-9DE787A5DEA0}
[2010/03/01 14:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\extensions\chromifox@altmusictv.com
[2008/06/07 22:06:51 | 000,002,921 | ---- | M] () -- C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\searchplugins\daemon-search.xml
[2010/04/11 22:48:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/05/06 17:42:04 | 007,260,160 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
[2005/03/29 16:26:06 | 000,061,440 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\nputplug.dll
[2010/04/09 03:58:45 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/04/09 03:58:45 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/04/09 03:58:45 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/04/09 03:58:46 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/04/11 21:08:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-682003330-796845957-725345543-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-682003330-796845957-725345543-1003..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-682003330-796845957-725345543-1003..\Run: [TypingSatellite] C:\Program Files\TypingMaster\KBOOST.EXE (TypingMaster Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-682003330-796845957-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\S-1-5-21-682003330-796845957-725345543-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-796845957-725345543-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-682003330-796845957-725345543-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} http://cyimg7.cyworld.com/ImageUpload/CyPi...33.cab?20081124 (CyImage Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://www.creative.com/softwareupdate/su2...15106/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 208.67.222.222 208.67.220.220 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jack D\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/12 19:37:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe" /START "%1" %* File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/04/12 19:37:18 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "AffinegyService"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk - C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe - (ASUSTek Computer Inc.)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe ()
MsConfig - StartUpReg: Clip2Net - hkey= - key= - C:\Program Files\Clip2Net\clip2net.exe ()
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: Nokia.PCSync - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
MsConfig - StartUpReg: PDVD8LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl8 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - c:\program files\steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: Veoh - hkey= - key= - C:\Program Files\Veoh Networks\Veoh\VeohClient.exe (Veoh Networks)
MsConfig - StartUpReg: Wireless Manager - hkey= - key= - C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: klmdb.sys - Driver
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: klmdb.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 11
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\system32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

========== Files/Folders - Created Within 30 Days ==========

[2010/04/12 17:57:10 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jack D\Desktop\OTL.exe
[2010/04/12 17:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/04/11 22:30:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/11 20:01:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/04/11 19:43:47 | 000,000,000 | ---D | C] -- C:\gayboy
[2010/04/11 19:42:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/10 23:13:46 | 000,096,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/04/10 22:57:38 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jack D\Desktop\nadal.exe
[2010/04/09 23:19:45 | 000,000,000 | ---D | C] -- C:\rafael
[2010/04/09 11:29:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/09 03:01:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/04/08 20:50:10 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SAVRKBootTasks.sys
[2010/04/08 14:30:52 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/08 06:52:01 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/04/08 05:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/08 05:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/08 04:56:09 | 000,046,208 | R--- | C] (JMicron Technology Corp.) -- C:\WINDOWS\System32\drivers\JRAID_2.sys
[2010/04/08 04:26:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\Local Settings\Application Data\Google
[2010/04/08 04:12:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\Application Data\CheeseSoft
[2010/04/08 04:12:56 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2010/04/08 02:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/04/08 02:26:46 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/04/08 02:26:45 | 000,162,640 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/04/08 02:26:42 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/04/08 02:26:38 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/04/08 02:26:33 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/04/08 02:26:33 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/04/08 02:26:30 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/08 02:25:08 | 000,153,184 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/04/08 02:25:08 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/08 00:27:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\REALTEK RTL8187 Wireless LAN Driver and Utility
[2010/04/08 00:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/04/07 22:19:55 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/07 22:19:54 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/07 22:19:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/07 22:19:54 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/07 22:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/04/07 22:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/07 21:30:09 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\ielndex.dll
[2010/04/07 18:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\Application Data\IrfanView
[2010/04/07 17:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/07 17:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/07 17:19:43 | 000,182,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010/04/07 16:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\Desktop\Lan
[2010/04/07 16:07:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\Desktop\87-USB
[2010/04/07 16:04:04 | 001,764,032 | ---- | C] (Marvell) -- C:\Documents and Settings\Jack D\Desktop\setup.exe
[2010/04/07 15:18:31 | 000,332,928 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System\rtl8187.sys
[2010/04/07 15:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2010/04/07 15:08:54 | 000,369,952 | ---- | C] (Marvell) -- C:\WINDOWS\System32\yk51x86.dll
[2010/04/07 15:08:54 | 000,304,928 | ---- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2010/04/07 04:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/07 04:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/07 04:27:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/06 23:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/06 22:13:22 | 000,000,000 | ---D | C] -- C:\msdownld.tmp
[2010/04/05 13:48:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/04/02 10:46:39 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\hamachi.sys
[2010/04/02 10:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/03/31 13:10:45 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2010/03/28 17:25:08 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/03/28 17:25:06 | 014,757,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/03/28 17:25:06 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/03/28 17:25:06 | 002,030,184 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/03/28 17:25:03 | 004,075,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/03/28 17:25:02 | 011,640,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/03/28 17:25:02 | 001,097,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/03/28 17:25:02 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/03/28 17:25:02 | 000,215,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/03/23 14:35:08 | 010,232,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/03/23 14:35:08 | 010,232,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/03/23 14:35:07 | 006,432,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/03/23 14:35:07 | 006,432,128 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/03/23 14:35:07 | 000,614,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010/03/23 13:31:24 | 000,000,000 | ---D | C] -- C:\Program Files\DriverCleanerDotNET
[2010/03/18 12:35:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jack D\My Documents\BFBC2
[2010/03/18 12:32:59 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/03/18 12:32:56 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/03/18 12:32:56 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/03/18 12:32:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/03/18 12:32:55 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010/03/18 12:32:55 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/03/18 12:32:54 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010/03/16 03:37:50 | 013,670,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/03/16 03:37:50 | 000,278,120 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/03/16 03:37:50 | 000,145,000 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/03/16 03:37:50 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/03/16 03:37:44 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2010/03/16 03:37:44 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2010/03/16 03:37:44 | 000,286,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2010/03/16 03:37:44 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2010/03/16 03:37:44 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2010/03/16 03:37:44 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2010/03/16 03:37:44 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2010/03/16 03:37:44 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2010/03/16 03:37:44 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2010/03/16 03:37:44 | 000,126,976 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2010/03/16 03:37:44 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/03/14 16:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/03 09:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/06/01 15:12:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2009/06/01 10:51:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Xfire
[2009/04/07 04:07:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/09 19:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Hagel Technologies
[2008/04/12 19:37:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/12 17:57:11 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jack D\Desktop\OTL.exe
[2010/04/12 17:45:46 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/12 17:45:32 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/12 17:45:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/12 17:44:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/12 17:44:34 | 2146,553,856 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/12 00:13:52 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Jack D\ntuser.dat
[2010/04/11 23:31:00 | 000,000,980 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003UA.job
[2010/04/11 21:12:02 | 000,445,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/11 21:12:02 | 000,073,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/11 21:12:00 | 000,526,932 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/11 21:11:05 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/11 21:08:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/04/11 20:03:17 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Jack D\ntuser.ini
[2010/04/11 19:00:25 | 003,911,676 | R--- | M] () -- C:\Documents and Settings\Jack D\Desktop\gayboy.exe
[2010/04/09 23:47:07 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Jack D\ntuser.bak
[2010/04/09 23:27:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/09 23:19:01 | 003,911,239 | R--- | M] () -- C:\Documents and Settings\Jack D\Desktop\rafael.exe
[2010/04/09 15:53:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jack D\defogger_reenable
[2010/04/09 15:53:35 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\Defogger.exe
[2010/04/09 04:31:01 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003Core.job
[2010/04/08 14:17:23 | 000,010,752 | ---- | M] () -- C:\WINDOWS\DCEBoot.exe
[2010/04/08 06:08:25 | 000,002,443 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\HiJackThis.lnk
[2010/04/08 05:58:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/08 05:51:42 | 001,401,344 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\HijackThis.msi
[2010/04/08 04:27:57 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\Google Chrome.lnk
[2010/04/08 04:08:30 | 000,000,845 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/08 04:08:30 | 000,000,426 | RHS- | M] () -- C:\boot.ini
[2010/04/08 02:59:46 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\NTREGOPT.lnk
[2010/04/08 02:59:46 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jack D\Desktop\ERUNT.lnk
[2010/04/08 02:26:47 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/08 02:26:35 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/07 22:19:18 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/04/07 22:19:18 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/07 22:19:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/07 22:19:18 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/07 22:19:18 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/07 22:17:12 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/07 12:04:26 | 000,011,198 | -HS- | M] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\FKw3
[2010/04/07 12:04:26 | 000,011,198 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\FKw3
[2010/04/07 11:58:45 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/07 04:35:21 | 000,011,254 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3989574585
[2010/04/07 04:26:10 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/07 04:26:05 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ddajoyaqogune.dat
[2010/04/07 04:26:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Flelofejinuresi.bin
[2010/04/06 23:27:20 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/05 05:37:53 | 000,006,982 | -HS- | M] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\XORQ
[2010/04/05 05:37:53 | 000,006,982 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/05 05:36:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\sbolsg769g522phrvcl4zksl.ini
[2010/04/05 03:42:46 | 000,215,128 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/04 23:48:48 | 000,139,128 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/25 12:57:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/03/22 10:43:42 | 000,178,000 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\Jack D\Desktop\nadal.exe
[2010/03/18 12:34:12 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Jack D\Application Data\PnkBstrK.sys
[2010/03/18 12:33:19 | 002,434,856 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/03/16 07:51:59 | 014,757,888 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2010/03/16 07:51:59 | 011,640,832 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010/03/16 07:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010/03/16 07:51:59 | 010,232,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2010/03/16 07:51:59 | 006,432,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010/03/16 07:51:59 | 006,432,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2010/03/16 07:51:59 | 004,075,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010/03/16 07:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010/03/16 07:51:59 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/16 07:51:59 | 002,030,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010/03/16 07:51:59 | 001,097,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010/03/16 07:51:59 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2010/03/16 07:51:59 | 000,215,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2010/03/16 07:51:59 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/03/16 07:51:59 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/03/16 03:37:50 | 013,670,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/03/16 03:37:50 | 000,278,120 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/03/16 03:37:50 | 000,145,000 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/03/16 03:37:50 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/03/16 03:37:44 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshe.dll
[2010/03/16 03:37:44 | 000,335,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsar.dll
[2010/03/16 03:37:44 | 000,286,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2010/03/16 03:37:44 | 000,282,624 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsel.dll
[2010/03/16 03:37:44 | 000,278,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspt.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2010/03/16 03:37:44 | 000,274,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsesm.dll
[2010/03/16 03:37:44 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsru.dll
[2010/03/16 03:37:44 | 000,270,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2010/03/16 03:37:44 | 000,266,240 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2010/03/16 03:37:44 | 000,262,144 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrshu.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrstr.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssl.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssk.dll
[2010/03/16 03:37:44 | 000,258,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrspl.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsth.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2010/03/16 03:37:44 | 000,253,952 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrseng.dll
[2010/03/16 03:37:44 | 000,249,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrscs.dll
[2010/03/16 03:37:44 | 000,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2010/03/16 03:37:44 | 000,126,976 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2010/03/16 03:37:44 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/03/16 03:37:34 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/15 10:06:13 | 000,363,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/14 22:33:08 | 000,105,656 | ---- | M] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/11 20:32:45 | 2146,553,856 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/11 19:00:21 | 003,911,676 | R--- | C] () -- C:\Documents and Settings\Jack D\Desktop\gayboy.exe
[2010/04/09 23:46:33 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Jack D\ntuser.tmp.LOG
[2010/04/09 23:19:01 | 003,911,239 | R--- | C] () -- C:\Documents and Settings\Jack D\Desktop\rafael.exe
[2010/04/09 15:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack D\defogger_reenable
[2010/04/09 15:53:35 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\Defogger.exe
[2010/04/09 03:01:29 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/04/08 14:17:23 | 000,010,752 | ---- | C] () -- C:\WINDOWS\DCEBoot.exe
[2010/04/08 05:52:40 | 000,002,443 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\HiJackThis.lnk
[2010/04/08 05:51:41 | 001,401,344 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\HijackThis.msi
[2010/04/08 04:52:48 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/08 04:52:47 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/08 04:27:57 | 000,002,293 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\Google Chrome.lnk
[2010/04/08 04:26:40 | 000,000,980 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003UA.job
[2010/04/08 04:26:39 | 000,000,928 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003Core.job
[2010/04/08 02:59:46 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\NTREGOPT.lnk
[2010/04/08 02:59:46 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jack D\Desktop\ERUNT.lnk
[2010/04/08 02:26:47 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/04/07 22:15:22 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/04/07 11:58:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/07 04:35:10 | 000,011,254 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3989574585
[2010/04/07 04:35:10 | 000,011,198 | -HS- | C] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\FKw3
[2010/04/07 04:26:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Ddajoyaqogune.dat
[2010/04/07 04:26:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Flelofejinuresi.bin
[2010/04/07 04:24:04 | 000,011,262 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FKw3
[2010/04/07 04:24:04 | 000,011,198 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\FKw3
[2010/04/05 05:36:55 | 000,006,982 | -HS- | C] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\XORQ
[2010/04/05 05:36:55 | 000,006,982 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\XORQ
[2010/04/05 05:36:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sbolsg769g522phrvcl4zksl.ini
[2010/03/28 17:25:08 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/03/23 14:35:23 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/18 12:33:18 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010/03/16 03:37:34 | 000,276,202 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/16 03:37:34 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/12/27 16:33:12 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\housecall.guid.cache
[2009/11/26 16:43:00 | 000,000,015 | ---- | C] () -- C:\Documents and Settings\Jack D\logx.txt
[2009/11/26 16:39:35 | 000,009,333 | ---- | C] () -- C:\Documents and Settings\Jack D\log.txt
[2009/08/13 20:53:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/07/14 17:15:00 | 000,178,432 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/12 02:38:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/04/12 02:38:05 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/20 15:23:29 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Jack D\Application Data\PnkBstrK.sys
[2009/02/07 16:47:02 | 000,000,067 | ---- | C] () -- C:\WINDOWS\SpeedGear.INI
[2009/02/07 01:53:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/24 04:01:53 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/01/17 22:55:14 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/01/17 20:20:46 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/01/17 20:12:27 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/01/17 20:12:00 | 000,005,937 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008/12/20 01:15:56 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2008/12/20 01:15:55 | 000,000,335 | ---- | C] () -- C:\WINDOWS\cm106.ini
[2008/10/22 23:00:28 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jack D\Application Data\downloads.m3u
[2008/10/22 22:58:39 | 000,000,202 | ---- | C] () -- C:\Documents and Settings\Jack D\Application Data\default.rss
[2008/10/18 09:24:34 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/10/12 00:45:51 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2008/10/11 09:24:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008/10/03 22:03:45 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/10/03 22:03:45 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008/10/03 15:47:38 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/03 15:47:37 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/09/21 21:57:32 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini
[2008/07/23 12:00:08 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/07/23 09:07:47 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Jack D\.rnd
[2008/07/18 13:27:43 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\5BB70A264E.sys
[2008/06/02 13:28:40 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Jack D\result.ptr
[2008/05/29 11:14:39 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/29 11:11:19 | 000,001,608 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008/05/27 17:22:03 | 000,019,344 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/05/22 12:19:11 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2008/05/14 00:50:21 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Jack D\ntuser.dat
[2008/05/14 00:50:21 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Jack D\ntuser.bak
[2008/05/12 22:35:56 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2008/05/12 15:53:26 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2008/05/12 15:53:26 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/05/05 20:36:10 | 000,069,120 | ---- | C] () -- C:\Documents and Settings\Jack D\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/22 21:34:13 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Jack D\default.pls
[2008/04/21 13:55:01 | 000,005,590 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/21 13:55:01 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\8790C734F7.sys
[2008/04/20 10:09:01 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/04/19 17:22:26 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/04/17 16:49:54 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2008/04/14 05:14:41 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/04/12 20:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2008/04/12 20:32:17 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/04/12 20:32:17 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/04/12 20:06:49 | 000,019,645 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/04/12 20:06:27 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/04/12 20:06:19 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/04/12 19:56:21 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Jack D\ntuser.ini
[2008/04/12 19:56:20 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Jack D\ntuser.dat.LOG
[2008/03/11 17:07:44 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/01/31 16:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2007/03/29 22:00:40 | 000,203,264 | ---- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2006/11/10 14:08:50 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/03/17 15:11:56 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/10/14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 10:56:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[1999/01/27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/02/25 07:24:35 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[9 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2010/03/23 13:53:39 | 018,369,809 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/23 13:54:04 | 018,369,809 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2010/03/23 13:53:39 | 018,369,809 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/23 13:54:04 | 018,369,809 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/10 23:15:13 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2010/04/12 17:43:23 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/04 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2007/10/04 19:20:15 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=56E7D7261A4BE548B784760896375D8A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2007/07/11 16:42:05 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=5FD8684F1C5DD26509383F6CCDAEE3A3 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 13:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:05EE1EEF
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 12/04/2010 17:57:40 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Documents and Settings\Jack D\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 32.40 Gb Free Space | 6.96% Space Free | Partition Type: NTFS
Drive D: | 108.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
Drive F: | 128.00 Gb Total Space | 18.75 Gb Free Space | 14.65% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JACKSPC
Current User Name: Jack D
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ave.exe File not found

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"30201:UDP" = 30201:UDP:*:Enabled:utorrent

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Soldat\Soldat.exe" = C:\Soldat\Soldat.exe:*:Enabled:Soldat -- (Michal Marcinkowski)
"C:\Program Files\EA GAMES\Battlefield 2\BF2.exe" = C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe" = C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe:*:Enabled:Pro Evolution Soccer 2008 -- (KONAMI)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty® 4 - Modern Warfare™ -- ()
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe" = C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI) -- ()
"C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe" = C:\Program Files\Deep Silver\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV) -- ()
"C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre1.6.0_07\launch4j-tmp\JDownloader.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe" = C:\Program Files\Electronic Arts\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™ -- ()
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe" = C:\Program Files\EA GAMES\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™ -- (EA Digital Illusions CE AB)
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd. )
"C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone Version 3 Application -- (Rosetta Stone Ltd. )
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client -- ()
"C:\Program Files\NATEON\BIN\NateOnMain.exe" = C:\Program Files\NATEON\BIN\NateOnMain.exe:*:Enabled:NATE ON -- (SK Communications)
"C:\Program Files\NATEON\Addin\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\AVChatAgent.exe" = C:\Program Files\NATEON\Addin\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\AVChatAgent.exe:*:Enabled:NATEON AVCHAT -- (SK Communications)
"C:\Program Files\Naver\NaverPhone\NaverPhone.exe" = C:\Program Files\Naver\NaverPhone\NaverPhone.exe:*:Enabled:NaverPhone -- (NHN Corp.)
"C:\Program Files\Naver\NaverPhone\NpToSpBridge.exe" = C:\Program Files\Naver\NaverPhone\NpToSpBridge.exe:*:Enabled:Naver PCtoPhone Bridge -- (NHN Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Soldat15\Soldat.exe" = C:\Soldat15\Soldat.exe:*:Enabled:Soldat -- (Michal Marcinkowski)
"C:\Program Files\Xfire\xfire.exe" = C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Red Storm Entertainment\RavenShield\system\RavenShield.exe" = C:\Program Files\Red Storm Entertainment\RavenShield\system\RavenShield.exe:*:Enabled:RavenShield -- ()
"C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe" = C:\Program Files\Eidos\Batman Arkham Asylum\Binaries\ShippingPC-BmGame.exe:*:Enabled:Batman: Arkham Asylum -- (Rocksteady Studios Ltd)
"C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" = C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe:LocalSubNet:Enabled:Wireless Manager -- (Affinegy, Inc.)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX9.EXE:*:Enabled:RESIDENT EVIL 5 (DX9) -- (CAPCOM CO., LTD.)
"C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE" = C:\Program Files\CAPCOM\RESIDENT EVIL 5\RE5DX10.EXE:*:Enabled:RESIDENT EVIL 5 (DX10) -- (CAPCOM CO., LTD.)
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe" = C:\Program Files\Steam\steamapps\common\killingfloor\System\KFEd.exe:*:Enabled:Killing Floor SDK -- ()
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = C:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{148E08FF-D7C4-46ED-8D4D-601C67FE0AFD}" = Rosetta Stone Version 3
"{15AC0C5D-A6FB-4CE2-8CD0-28179EEB5625}" = Nokia Connectivity Cable Driver
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2315B23D-3E21-4920-837D-AE6460934ECB}" = FIFA 09
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames™
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"{3C5F1B30-B10B-4579-86DD-D00F662E1033}" = Nero 8
"{3D654496-9C3D-4565-858C-3E551ECDA4E2}" = Virtual Cable Tester
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{44563206-8FAC-4859-9284-5FE90AF0CC47}" = Power Packet Utility
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57689BE0-BFA7-11DD-AD8B-0800200C9A66}" = Livestation
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{58FB2F9A-5F2D-40E8-82DF-4987E60AD8BD}" = Nokia PC Suite
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{697E41EA-AEBE-4B5F-884E-87B5CD6C70AC}" = 네이트온
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7C4196CA-CA41-4F34-9C08-7724E7705D52}" = Jasc Animation Shop 3
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Patch
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{886E284F-ED78-4149-9007-9C5CF69A52B9}" = Camtasia Studio 6
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B3F4499-32E6-470D-8586-E6C03420F889}" = ASUS WiFi-AP Solo
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9188F3C7-217B-4A19-98DA-77CD49618E5D}" = Yukon Diagnostics
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99E66BC9-E4B6-485F-ABFC-31EFCE36DFDF}" = Microsoft Keyboard Layout Creator 1.4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis™ 2009
"{A03E4302-F387-47F3-8136-6D9D9286CD3B}" = SteelSeries Kinzu Optical Mouse
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield 1.60.412
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK RTL8187 Wireless LAN Driver and Utility
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C95AACD4-9507-4F5C-9D53-22B1ACCFECD1}" = AmpliTube2
"{CAD1691A-FA24-4B95-9009-3257B8440ECC}" = Tom Clancy's Splinter Cell Double Agent
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3E29D5A-B772-4578-9075-4272569504E2}" = Delete FXP Files Classic
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D848D140-41C3-4A53-86D8-E866A100B4CD}" = PC Connectivity Solution
"{D9B3B577-26BD-4CB2-9072-8029AE097AFE}" = Quake Live Mozilla Plugin
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"||GUN|| (MP)Anti-Camper" = ||GUN|| (MP)Anti-Camper
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5986551A16FD8E9B1B4C89E7AAD17C1BB3196D28" = Windows Driver Package - Nokia Modem (10/27/2008 7.01.0.1)
"6D296974BAB6CA8429D5E687B292A6DA3E9FBD4A" = Windows Driver Package - Nokia Modem (10/27/2008 3.9)
"7-Zip" = 7-Zip 4.58 beta
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter_is1" = AC3Filter 1.62b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ASIO4ALL" = ASIO4ALL
"ATITool" = ATITool Overclocking Utility
"avast5" = avast! Free Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CD Audio Reader Filter" = CD Audio Reader Filter (remove only)
"Clip2Net_is1" = Clip2Net 0.7.5b
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Crayon Physics Deluxe_is1" = Crayon Physics Deluxe - release 51
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"CSS FULL DZ [Oct 15 2007]" = CSS FULL DZ [Oct 15 2007] v18.1
"DarkLoader_is1" = DarkLoader 4.3
"DC-Bass Source" = DC-Bass Source 1.1.1
"Device Control" = Device Control
"DirectVobSub" = DirectVobSub (remove only)
"DriverCleanerDotNET" = DH Driver Cleaner.NET
"DScaler 5 Mpeg Decoders_is1" = DScaler 5 Mpeg Decoders
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EAXSet" = Creative EAX Settings
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"FileZilla Client" = FileZilla Client 3.1.3
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"Fraps" = Fraps (remove only)
"Free YouTube to iPod Converter_is1" = Free YouTube to iPod Converter version 3.1
"Game Booster_is1" = Game Booster
"Great Wall of Words" = Great Wall of Words
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HaaliMkx" = Haali Media Splitter
"HotspotShield" = Hotspot Shield 1.22
"ie8" = Windows Internet Explorer 8
"InFlac" = InFlac 1.1.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty® 4 - Modern Warfare™ 1.4 Patch
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty® 4 - Modern Warfare™ 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty® 4 - Modern Warfare™ 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty® 4 - Modern Warfare™ 1.7 Patch
"InstallShield_{A14C40E7-F7E5-498D-B8BD-A3EAE942EED0}" = LEGO® Indiana Jones™
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty® 4 - Modern Warfare™
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"KeyHoleTV" = KeyHoleTV
"Killing Floor 2.5 " = Killing Floor 2.5
"Launch of the Screaming Narwhal" = Tales of Monkey Island - Launch of the Screaming Narwhal
"Logitech Print Service" = Logitech Print Service
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile 3GP converter_is1" = MIKSOFT Mobile 3GP converter
"mIRC" = mIRC
"MONOGRAM AMR Splitter/Decoder" = MONOGRAM AMR Splitter/Decoder (remove only)
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mp3tag" = Mp3tag v2.44
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"NaverPhone" = ³×À̹öÆù
"NetLimiter 2 Pro" = NetLimiter 2 Pro (remove only)
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NewsLeecher_is1" = NewsLeecher v3.9 Final
"NewsReactor" = NewsReactor (remove only)
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"OpenSource Flash Video Splitter" = OpenSource Flash Video Splitter (remove only)
"PeerGuardian_is1" = PeerGuardian 2.0
"PFPortChecker" = PFPortChecker 1.0.28
"Port_Detective_2.0" = Port Detective
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"QcDrv" = Logitech® Camera Driver
"Qtracker" = Qtracker
"QuickPar" = QuickPar 0.9
"RealMedia" = RealMedia (remove only)
"S.T.A.L.K.E.R. - Clear Sky_is1" = S.T.A.L.K.E.R. - Clear Sky [v1.0005]
"SC Video Cut and Split_is1" = SC Video Cut and Split 4.2.0.2
"ScummVM_is1" = ScummVM 0.11.1
"SHOUTcast Source" = SHOUTcast Source (remove only)
"Soldat Beta_is1" = Soldat Beta 1.5.1
"Soldat patch 1.4.2-1.5.0_is1" = Soldat 1.5.0
"Soldat_is1" = Soldat 1.5.0b
"SPEAKER" = Creative Speaker Settings
"ST6UNST #1" = NewsShark
"Steam App 1260" = Killing Floor SDK
"Steam App 17500" = Zombie Panic! Source
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 500" = Left 4 Dead
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 3" = TeamViewer 3
"The Lost Crown_is1" = The Lost Crown version 1.2
"Thief2DeinstallKey" = Thief 2
"Turbo Sliders" = Turbo Sliders (remove only)
"Uninstall_is1" = Uninstall 1.0.0.1
"UnrealTournament" = Unreal Tournament G.O.T.Y. Edition
"UT2004" = Unreal Tournament 2004
"Veetle TV" = Veetle TV 0.9.16
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"WindowBlinds" = WindowBlinds
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"xchat" = XChat 2 (remove only)
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xtreme's Anticamper Pack" = Xtreme's Anticamper Pack

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Killing Floor" = Killing Floor
"NoNameScript" = NNScript
"uTorrent" = µTorrent
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/04/2010 12:43:46 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/04/2010 13:29:05 | Computer Name = JACKSPC | Source = Google Update | ID = 20
Description =

Error - 07/04/2010 13:47:47 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/04/2010 13:47:48 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/04/2010 14:24:38 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/04/2010 14:24:39 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 07/04/2010 16:24:41 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/04/2010 17:02:47 | Computer Name = JACKSPC | Source = MsiInstaller | ID = 10005
Description = Product: Java™ 6 Update 19 -- Error 25099. Unzipping core files
failed.

Error - 07/04/2010 17:15:57 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 07/04/2010 17:15:59 | Computer Name = JACKSPC | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ NetLimiter Events ]
Error - 07/04/2010 07:34:55 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 07:44:08 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 08:01:19 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 08:45:46 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 10:00:50 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 10:43:55 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 10:51:39 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 11:18:35 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 11:46:23 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

Error - 07/04/2010 12:22:46 | Computer Name = JACKSPC | Source = NetLimiter 2 | ID = 1000
Description = Couldn't open the driver: err=2.

[ System Events ]
Error - 11/04/2010 18:50:37 | Computer Name = JACKSPC | Source = NetBT | ID = 4319
Description = A duplicate name has been detected on the TCP network. The IP address
of the machine that sent the message is in the data. Use nbtstat -n in a command
window to see which name is in the Conflict state.

Error - 12/04/2010 12:44:53 | Computer Name = JACKSPC | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 12/04/2010 12:44:53 | Computer Name = JACKSPC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/04/2010 12:44:53 | Computer Name = JACKSPC | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/04/2010 12:44:53 | Computer Name = JACKSPC | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/04/2010 12:44:53 | Computer Name = JACKSPC | Source = cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/04/2010 12:46:39 | Computer Name = JACKSPC | Source = Service Control Manager | ID = 7000
Description = The TAP-Win32 Adapter V9 service failed to start due to the following
error: %%1058

Error - 12/04/2010 12:46:39 | Computer Name = JACKSPC | Source = Service Control Manager | ID = 7001
Description = The Hotspot Shield Service service depends on the TAP-Win32 Adapter
V9 service which failed to start because of the following error: %%1058

Error - 12/04/2010 12:46:39 | Computer Name = JACKSPC | Source = Service Control Manager | ID = 7000
Description = The Remote Packet Capture Protocol v.0 (experimental) service failed
to start due to the following error: %%3

Error - 12/04/2010 12:46:45 | Computer Name = JACKSPC | Source = Service Control Manager | ID = 7000
Description = The Application Layer Gateway Service service failed to start due
to the following error: %%2


< End of report >


Thanks

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 12 April 2010 - 03:15 PM

Hi,

please try to run a scan with gmer:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 13 April 2010 - 01:16 AM

Hi I didn't get any of those rootkit warning messages and I ran the scan over night, woke up to find the scan finished but the mouse cursor had crashed and using the keyboard resulted in a bsod. Here's the quick scan anyway, I will try the full scan now in safe mode.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-13 06:52:13
Windows 5.1.2600 Service Pack 3
Running: 8jche7ht.exe; Driver: C:\DOCUME~1\JACKD~1\LOCALS~1\Temp\kxtdypoc.sys


---- System - GMER 1.0.15 ----

SSDT spfh.sys ZwEnumerateKey [0xB7EC6CA2]
SSDT spfh.sys ZwEnumerateValueKey [0xB7EC7030]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAF56B4FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAF56B322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAF56B45C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
Device \FileSystem\Ntfs \Ntfs 8A7911F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 8A43BAC8

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Thanks again

*Edit
I've tried doing the full scan in safe mode but it crashes to a blue screen :/
The only successful scan I could do was scanning this infected xp os on my vista os but would this log show all the info you need?
If so I have the log if you require it.

Edited by Mrunreal, 13 April 2010 - 08:09 AM.


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 14 April 2010 - 08:11 AM

Hi,

you have been infected by a nasty rootkit. It is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you decide to clean, then please run ComboFix and post the log in your next reply:

Please download ComboFix from one of these locations:

Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 April 2010 - 04:37 PM

Hey,
Thank you for the information, I would have most likely carried on using the computer as normal. Yes, I have carried out some financial transactions on that os in the past but not in the last 2 weeks or so, therefore if it is possible for you to find out when my computer was infected that would be very much appreciated.

_______________________________________________________________________
I have a few questions too:

I also have Vista installed (which I'm using right now) on a different harddrive in the same pc, so each os can access both harddrives freely, is it possible for the virus to have spread to my Vista harddrive too? If so should I scan it with GMER too?

Can this virus spread over a network?
_______________________________________________________________________

I would still like to try and clean it, since I won't use it when inputting sensitive information anymore.
I tried Combofix the other day actually, here is the log:

ComboFix 10-04-10.02 - Jack D 11/04/2010 19:49:33.2.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1657 [GMT 1:00]
Running from: c:\documents and settings\Jack D\Desktop\gayboy.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1245542722-4124386259-4204410904-1000
C:\90210.exe
C:\apnet.exe
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users\Application Data\_VOIDmfeklnmal.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Jack D\Local Settings\Application Data\{2539A1EA-4476-450A-A732-1FF043846D28}
c:\documents and settings\Jack D\Local Settings\Application Data\{2539A1EA-4476-450A-A732-1FF043846D28}\chrome.manifest
c:\documents and settings\Jack D\Local Settings\Application Data\{2539A1EA-4476-450A-A732-1FF043846D28}\chrome\content\_cfg.js
c:\documents and settings\Jack D\Local Settings\Application Data\{2539A1EA-4476-450A-A732-1FF043846D28}\chrome\content\overlay.xul
c:\documents and settings\Jack D\Local Settings\Application Data\{2539A1EA-4476-450A-A732-1FF043846D28}\install.rdf
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\Data
c:\windows\system32\drivers\npf.sys
c:\windows\system32\logs
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\sdra64.exe
c:\windows\system32\tmp.reg
c:\windows\system32\WanPacket.dll
c:\windows\system32\winio.vxd
c:\windows\system32\wpcap.dll

----- BITS: Possible infected sites -----

hxxp://dnusax.com
hxxp://au.downloadj+|Cv+@J:NGD_DQ{zcxLJS@p3wAE!`CMjman,S-1-5-21-682003330-796845957-725345543-1003XtD$?(~
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy__VOIDPUYUSPRXTE
-------\Service__VOIDpuyusprxte
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-03-11 to 2010-04-11 )))))))))))))))))))))))))))))))
.

2010-04-11 18:43 . 2010-04-11 18:48 -------- d-----w- C:\gayboy
2010-04-10 22:24 . 2010-04-10 22:24 36488 ----a-w- c:\windows\system32\drivers\klmd.sys
2010-04-10 22:13 . 2010-04-10 22:15 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-09 22:19 . 2010-04-09 22:23 -------- d-----w- C:\rafael
2010-04-09 02:01 . 2010-04-09 02:01 -------- d-----w- c:\windows\system32\KB905474
2010-04-09 02:01 . 2009-03-10 21:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-09 02:01 . 2009-03-10 21:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-08 19:50 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-04-08 13:30 . 2010-04-08 13:30 -------- d-----w- c:\program files\Sophos
2010-04-08 13:17 . 2010-04-08 13:17 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-08 05:52 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-08 03:56 . 2007-03-24 03:20 46208 ----a-r- c:\windows\system32\drivers\JRAID_2.sys
2010-04-08 03:26 . 2010-04-08 03:27 -------- d-----w- c:\documents and settings\Jack D\Local Settings\Application Data\Google
2010-04-08 03:12 . 2010-04-08 03:12 -------- d-----w- c:\documents and settings\Jack D\Application Data\CheeseSoft
2010-04-08 03:12 . 2010-04-08 03:13 -------- d-----w- C:\FU_Backup
2010-04-08 02:57 . 2008-04-14 00:12 578560 ----a-w- c:\windows\system32\user32.dll
2010-04-08 01:59 . 2010-04-08 02:00 -------- d-----w- c:\program files\ERUNT
2010-04-08 01:26 . 2010-03-09 10:08 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-08 01:26 . 2010-03-09 10:12 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-08 01:26 . 2010-03-09 10:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-08 01:26 . 2010-03-09 10:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-08 01:26 . 2010-03-09 10:08 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-08 01:26 . 2010-03-09 10:08 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-08 01:26 . 2010-03-09 10:08 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-08 01:25 . 2010-03-09 10:24 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-08 01:25 . 2010-03-09 10:24 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\windows\system32\REALTEK RTL8187 Wireless LAN Driver and Utility
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\program files\Alwil Software
2010-04-07 21:03 . 2010-04-07 21:03 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:30 . 2009-03-08 03:34 105984 ----a-w- c:\program files\Common Files\ielndex.dll
2010-04-07 17:54 . 2010-04-07 17:54 -------- d-----w- c:\documents and settings\Jack D\Application Data\IrfanView
2010-04-07 16:38 . 2010-04-08 04:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 16:19 . 2008-04-13 19:20 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2010-04-07 16:19 . 2008-04-13 19:20 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-04-07 14:44 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-07 14:18 . 2008-06-27 08:39 332928 ----a-w- c:\windows\system\rtl8187.sys
2010-04-07 14:18 . 2007-10-09 12:13 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2010-04-07 14:18 . 2010-04-07 14:18 -------- d-----w- c:\program files\REALTEK
2010-04-07 14:08 . 2010-02-15 10:24 369952 ----a-w- c:\windows\system32\yk51x86.dll
2010-04-07 14:08 . 2010-02-15 10:24 304928 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2010-04-07 10:58 . 2010-04-07 10:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-07 03:27 . 2010-04-07 03:27 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-07 03:26 . 2010-04-07 03:26 120 ----a-w- c:\windows\Ddajoyaqogune.dat
2010-04-07 03:26 . 2010-04-07 03:26 0 ----a-w- c:\windows\Flelofejinuresi.bin
2010-04-07 03:24 . 2010-04-07 03:24 105656 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 21:13 . 2010-04-06 21:13 -------- d-----w- C:\msdownld.tmp
2010-04-05 12:48 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-05 04:36 . 2010-04-05 04:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-02 09:46 . 2010-02-03 14:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-04-02 09:46 . 2010-04-02 09:46 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-28 16:25 . 2010-03-16 06:51 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-28 16:25 . 2010-03-16 06:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-28 16:25 . 2010-03-16 06:51 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-28 16:25 . 2010-03-16 06:51 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-28 16:25 . 2010-03-16 06:51 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-28 16:25 . 2010-03-16 06:51 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-28 16:25 . 2010-03-16 06:51 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-23 13:35 . 2010-03-16 06:51 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-03-23 13:35 . 2009-05-18 11:00 614400 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-23 12:31 . 2010-03-23 13:24 -------- d-----w- c:\program files\DriverCleanerDotNET
2010-03-18 11:33 . 2010-03-18 11:33 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-18 11:32 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-18 11:32 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-18 11:32 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-14 15:14 . 2010-03-14 15:14 -------- d-----w- c:\windows\ie8updates

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 01:17 . 2008-04-12 22:56 -------- d-----w- c:\documents and settings\Jack D\Application Data\uTorrent
2010-04-10 01:16 . 2009-02-04 22:53 -------- d-----w- c:\program files\PeerGuardian
2010-04-09 15:44 . 2008-04-12 23:11 -------- d-----w- c:\program files\uTorrentDownloads
2010-04-08 05:51 . 2009-02-04 23:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-08 04:58 . 2009-10-29 17:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-07 23:30 . 2008-04-14 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 23:28 . 2008-10-11 23:41 -------- d-----w- c:\program files\Doom 3
2010-04-07 23:27 . 2009-09-16 23:38 -------- d-----w- c:\documents and settings\Jack D\Application Data\NoNameScript
2010-04-07 23:27 . 2009-08-30 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:19 . 2008-12-04 10:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 21:00 . 2008-04-13 19:26 -------- d-----w- c:\program files\Java
2010-04-07 14:18 . 2008-04-12 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-06 22:06 . 2008-04-12 20:28 -------- d-----w- c:\program files\mIRC
2010-04-05 12:58 . 2008-09-24 16:15 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-05 04:37 . 2010-04-05 04:37 0 ----a-w- c:\windows\system32\4A.tmp
2010-04-05 04:37 . 2010-04-05 04:37 44 ----a-w- c:\windows\system32\43.tmp
2010-04-05 04:36 . 2010-04-05 04:36 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\zcbmvn.dat
2010-04-04 22:48 . 2008-04-17 15:49 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-04 22:48 . 2008-04-17 15:49 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-04 22:48 . 2008-11-11 19:09 -------- d-----w- c:\program files\Steam
2010-04-04 10:30 . 2009-03-22 19:58 -------- d-----w- c:\program files\SopCast
2010-04-03 23:27 . 2010-01-24 12:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-29 23:46 . 2009-08-30 23:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-08-30 23:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 23:45 . 2008-04-13 10:17 -------- d-----w- c:\documents and settings\Jack D\Application Data\teamspeak2
2010-03-28 16:30 . 2009-11-08 12:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-28 16:28 . 2008-04-13 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-24 12:53 . 2008-05-26 16:16 -------- d-----w- c:\documents and settings\Jack D\Application Data\TypingMaster7
2010-03-23 12:44 . 2008-04-12 22:56 -------- d-----w- c:\program files\uTorrent
2010-03-18 11:34 . 2009-03-20 14:23 138056 ----a-w- c:\documents and settings\Jack D\Application Data\PnkBstrK.sys
2010-03-18 11:33 . 2008-04-17 15:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-15 09:05 . 2008-04-14 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-14 21:33 . 2008-04-13 06:01 105656 ----a-w- c:\documents and settings\Jack D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 15:55 . 2009-01-11 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-14 15:34 . 2009-01-11 01:18 -------- d-----w- c:\program files\Microsoft Works
2010-03-13 18:21 . 2009-12-05 17:19 -------- d-----w- c:\program files\Veetle
2010-03-10 23:56 . 2009-04-12 01:36 -------- d-----w- c:\program files\Zoom Player
2010-02-25 13:17 . 2008-12-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-02-25 06:24 . 2007-12-07 02:01 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-15 13:31 . 2008-04-21 12:55 5590 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-05-06 16:42 . 2009-03-24 21:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2008-07-18 12:27 . 2008-07-18 12:27 8 --sh--r- c:\windows\system32\5BB70A264E.sys
2008-07-18 12:27 . 2008-04-21 12:55 88 --sh--r- c:\windows\system32\8790C734F7.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-04 20:18 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2005-04-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"P17Helper"="P17.dll" [2005-05-03 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-10 21:51 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-07 10:07 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]
2008-11-29 14:44 1591296 ----a-w- c:\program files\Clip2Net\clip2net.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-03-20 23:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-08 03:26 136176 ----atw- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 16:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 16:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-11-10 14:07 1253376 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-10 23:02 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 08:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AffinegyService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\NATEON\\Addin\\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\\AVChatAgent.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NaverPhone.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NpToSpBridge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Soldat15\\Soldat.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30201:UDP"= 30201:UDP:utorrent

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/04/2008 05:14 717296]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [08/04/2010 02:26 162640]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 12:03 82200]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [31/07/2009 20:34 11296]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [08/04/2010 02:26 19024]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [07/04/2010 15:18 38144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/04/2008 20:20 332928]
S0 ctpd;ctpd;c:\windows\system32\drivers\agaxb.sys --> c:\windows\system32\drivers\agaxb.sys [?]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [17/01/2009 20:15 1527900]
S3 klmd21;klmd21;c:\windows\system32\drivers\klmd.sys [10/04/2010 23:24 36488]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20/03/2006 17:34 1452032]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05/03/2008 18:27 26656]
S3 RTCore32;RTCore32;c:\downloads\RamTest\RTCore32.sys [18/09/2008 09:40 4608]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [12/04/2008 20:20 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-04-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003Core.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003UA.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-09 21:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
FF - ProfilePath - c:\documents and settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nputplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-nwiz - nwiz.exe
SafeBoot-klmd21.sys
SafeBoot-klmdb.sys
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-c0469877 - c:\windows\system32\bbjfnylm.dll
MSConfigStartUp-PWRISOVM - c:\program files\PowerISO\PWRISOVM.EXE
MSConfigStartUp-RGSC - c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-Rtumonera - c:\windows\emesiquy.dll
MSConfigStartUp-TrayServer - c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\TrayServer.exe
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Native Instruments - Rig Kontrol 3 Driver - c:\program files\Native Instruments\Rig Kontrol 3 Driver\uninst.exe Software\Native Instruments\Rig Kontrol 3 Driver\Setup
AddRemove-Soldat patch 1.4.2-1.5.0c_is1 - c:\soldat1.5.0\unins001.exe
AddRemove-SopCast - c:\program files\SopCast\uninst.exe
AddRemove-{13c5dabb-67c7-46ad-8fcc-92964c357706} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe
AddRemove-{8179cdc3-8bdf-4905-b35d-a7337cfa768c} - c:\program files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-11 21:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A441AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> atapi.sys @ 0xb7dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,9d,93,c2,bf,88,41,2d,65,28,03,33,44,7b,63,09,b8,cc,57,1b,92,de,ed,
f1,4f,9c,75,c5,3d,8c,13,4e,30,36,2e,02,54,c1,04,4a,ea,ac,4c,1f,9c,58,7e,76,\
"??"=hex:83,5b,4c,3f,83,0a,6e,89,d5,cb,4d,c8,bf,57,0a,ac

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,23,c0,48,f6,59,5e,52,99,73,0b,fb,5e,5e,a8,76,2a,fa,b1,39,cf,
fa,98,3f,61,83,49,dc,68,1f,6c,87,9c,62,4b,1f,7f,01,56,ee,0a,92,91,a8,ec,49,\
"rkeysecu"=hex:82,5d,4a,3a,b4,11,88,ac,19,f4,ee,93,57,a1,f3,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1004)
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(1064)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2168)
c:\windows\system32\WININET.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\_AXShlEx.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2010-04-11 21:21:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-11 20:21
ComboFix2.txt 2008-04-21 17:22

Pre-Run: 20,182,056,960 bytes free
Post-Run: 34,721,415,168 bytes free

- - End Of File - - C16CE97C93C222D0B4CF3BF2396B333F


Or should I do a new one now?

Many Thanks

Edited by Mrunreal, 14 April 2010 - 04:38 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 14 April 2010 - 05:12 PM

Hi,

there are some leftovers we should remove:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\windows\system32\drivers\agaxb.sys
c:\windows\Ddajoyaqogune.dat
c:\windows\Flelofejinuresi.bin
C:\WINDOWS\System32\klgd.bmp
C:\WINDOWS\System32\krv

Driver::
ctpd


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

The infection probably was on the seventh, but can have been earlier. This particular infection is not known to spread over partitions, however there are leftovers from other malware present on your PC, so it may be wise to get your Vista install checked as well.

regards myrti

Edited by myrti, 14 April 2010 - 05:14 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 14 April 2010 - 06:08 PM

Well I did another combofix scan before I saw your new post. This time in in normal mode, it seems avast made the normal mode crash before even when disabled (so I uninstalled it temporarily). Here is a new combofix log and I will do your next step tomorrow. Thanks you again!

ComboFix 10-04-14.01 - Jack D 14/04/2010 23:32:12.3.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1524 [GMT 1:00]
Running from: c:\documents and settings\Jack D\Desktop\9083j2e.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1245542722-4124386259-4204410904-1000

.
((((((((((((((((((((((((( Files Created from 2010-03-14 to 2010-04-14 )))))))))))))))))))))))))))))))
.

2010-04-11 18:43 . 2010-04-11 18:48 -------- d-----w- C:\gayboy
2010-04-10 22:13 . 2010-04-12 16:43 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-04-10 22:13 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-04-09 22:19 . 2010-04-09 22:23 -------- d-----w- C:\rafael
2010-04-09 02:01 . 2010-04-09 02:01 -------- d-----w- c:\windows\system32\KB905474
2010-04-09 02:01 . 2009-03-10 21:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-09 02:01 . 2009-03-10 21:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-08 19:50 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-04-08 13:30 . 2010-04-08 13:30 -------- d-----w- c:\program files\Sophos
2010-04-08 13:17 . 2010-04-08 13:17 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-08 05:52 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-08 04:52 . 2010-04-08 04:52 388096 ----a-r- c:\documents and settings\Jack D\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-08 03:56 . 2007-03-24 03:20 46208 ----a-r- c:\windows\system32\drivers\JRAID_2.sys
2010-04-08 03:26 . 2010-04-08 03:27 -------- d-----w- c:\documents and settings\Jack D\Local Settings\Application Data\Google
2010-04-08 03:12 . 2010-04-08 03:12 -------- d-----w- c:\documents and settings\Jack D\Application Data\CheeseSoft
2010-04-08 03:12 . 2010-04-08 03:13 -------- d-----w- C:\FU_Backup
2010-04-08 02:57 . 2008-04-14 00:12 578560 ------w- c:\windows\system32\user32.dll
2010-04-08 01:59 . 2010-04-08 02:00 -------- d-----w- c:\program files\ERUNT
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\windows\system32\REALTEK RTL8187 Wireless LAN Driver and Utility
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\program files\Alwil Software
2010-04-07 21:20 . 2010-04-07 21:20 503808 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\msvcp71.dll
2010-04-07 21:20 . 2010-04-07 21:20 499712 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\jmc.dll
2010-04-07 21:20 . 2010-04-07 21:20 348160 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\msvcr71.dll
2010-04-07 21:20 . 2010-04-07 21:20 61440 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22754476-n\decora-sse.dll
2010-04-07 21:20 . 2010-04-07 21:20 12800 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22754476-n\decora-d3d.dll
2010-04-07 21:03 . 2010-04-07 21:03 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:30 . 2009-03-08 03:34 105984 ----a-w- c:\program files\Common Files\ielndex.dll
2010-04-07 17:54 . 2010-04-07 17:54 -------- d-----w- c:\documents and settings\Jack D\Application Data\IrfanView
2010-04-07 16:38 . 2010-04-08 04:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 16:19 . 2008-04-13 19:20 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-04-07 16:19 . 2008-04-13 19:20 182656 ------w- c:\windows\system32\drivers\ndis.sys
2010-04-07 14:44 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-07 14:18 . 2008-06-27 08:39 332928 ----a-w- c:\windows\system\rtl8187.sys
2010-04-07 14:18 . 2007-10-09 12:13 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2010-04-07 14:18 . 2010-04-07 14:18 -------- d-----w- c:\program files\REALTEK
2010-04-07 14:08 . 2010-02-15 10:24 369952 ----a-w- c:\windows\system32\yk51x86.dll
2010-04-07 14:08 . 2010-02-15 10:24 304928 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2010-04-07 10:58 . 2010-04-07 10:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-07 03:27 . 2010-04-07 03:27 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-07 03:26 . 2010-04-07 03:26 120 ----a-w- c:\windows\Ddajoyaqogune.dat
2010-04-07 03:26 . 2010-04-07 03:26 0 ----a-w- c:\windows\Flelofejinuresi.bin
2010-04-07 03:24 . 2010-04-07 03:24 105656 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 21:13 . 2010-04-06 21:13 -------- d-----w- C:\msdownld.tmp
2010-04-05 12:48 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-05 04:36 . 2010-04-05 04:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-02 09:46 . 2010-02-03 14:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-04-02 09:46 . 2010-04-02 09:46 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-28 16:25 . 2010-03-16 06:51 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-28 16:25 . 2010-03-16 06:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-28 16:25 . 2010-03-16 06:51 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-28 16:25 . 2010-03-16 06:51 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-28 16:25 . 2010-03-16 06:51 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-28 16:25 . 2010-03-16 06:51 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-28 16:25 . 2010-03-16 06:51 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-23 13:35 . 2010-03-16 06:51 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-03-23 13:35 . 2009-05-18 11:00 614400 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-23 12:31 . 2010-03-23 13:24 -------- d-----w- c:\program files\DriverCleanerDotNET
2010-03-18 11:33 . 2010-03-18 11:33 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-18 11:32 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-18 11:32 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-18 11:32 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 05:40 . 2007-08-31 13:03 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-04-12 18:02 . 2009-10-29 17:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-11 23:04 . 2009-09-16 23:38 -------- d-----w- c:\documents and settings\Jack D\Application Data\NoNameScript
2010-04-11 22:16 . 2008-04-12 20:28 -------- d-----w- c:\program files\mIRC
2010-04-10 01:17 . 2008-04-12 22:56 -------- d-----w- c:\documents and settings\Jack D\Application Data\uTorrent
2010-04-10 01:16 . 2009-02-04 22:53 -------- d-----w- c:\program files\PeerGuardian
2010-04-09 15:44 . 2008-04-12 23:11 -------- d-----w- c:\program files\uTorrentDownloads
2010-04-08 05:51 . 2009-02-04 23:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-07 23:30 . 2008-04-14 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 23:28 . 2008-10-11 23:41 -------- d-----w- c:\program files\Doom 3
2010-04-07 23:27 . 2009-08-30 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:19 . 2008-12-04 10:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 21:00 . 2008-04-13 19:26 -------- d-----w- c:\program files\Java
2010-04-07 14:18 . 2008-04-12 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 12:58 . 2008-09-24 16:15 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-05 04:37 . 2010-04-05 04:37 0 ----a-w- c:\windows\system32\4A.tmp
2010-04-05 04:37 . 2010-04-05 04:37 44 ----a-w- c:\windows\system32\43.tmp
2010-04-04 22:48 . 2008-04-17 15:49 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-04 22:48 . 2008-04-17 15:49 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-04 22:48 . 2008-11-11 19:09 -------- d-----w- c:\program files\Steam
2010-04-04 10:30 . 2009-03-22 19:58 -------- d-----w- c:\program files\SopCast
2010-04-03 23:27 . 2010-01-24 12:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-29 23:46 . 2009-08-30 23:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-08-30 23:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 23:45 . 2008-04-13 10:17 -------- d-----w- c:\documents and settings\Jack D\Application Data\teamspeak2
2010-03-28 16:30 . 2009-11-08 12:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-28 16:28 . 2008-04-13 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-24 12:53 . 2008-05-26 16:16 -------- d-----w- c:\documents and settings\Jack D\Application Data\TypingMaster7
2010-03-23 12:44 . 2008-04-12 22:56 -------- d-----w- c:\program files\uTorrent
2010-03-18 11:34 . 2009-03-20 14:23 138056 ----a-w- c:\documents and settings\Jack D\Application Data\PnkBstrK.sys
2010-03-18 11:34 . 2009-03-20 14:23 138056 ----a-w- c:\documents and settings\Jack D\Application Data\PnkBstrK.sys
2010-03-18 11:33 . 2008-04-17 15:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-15 09:05 . 2008-04-14 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-14 21:33 . 2008-04-13 06:01 105656 ----a-w- c:\documents and settings\Jack D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 15:55 . 2009-01-11 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-14 15:34 . 2009-01-11 01:18 -------- d-----w- c:\program files\Microsoft Works
2010-03-13 18:21 . 2009-12-05 17:19 -------- d-----w- c:\program files\Veetle
2010-03-10 23:56 . 2009-04-12 01:36 -------- d-----w- c:\program files\Zoom Player
2010-02-25 13:17 . 2008-12-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-02-25 06:24 . 2007-12-07 02:01 916480 ------w- c:\windows\system32\wininet.dll
2010-02-14 17:07 . 2009-03-08 21:19 114688 ----a-w- c:\documents and settings\Jack D\Application Data\Soldat\Battleye\BEClient.dll
2010-01-15 13:31 . 2008-04-21 12:55 5590 --sha-w- c:\windows\system32\KGyGaAvL.sys
2006-05-06 16:42 . 2009-03-24 21:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2008-07-18 12:27 . 2008-07-18 12:27 8 --sh--r- c:\windows\system32\5BB70A264E.sys
2008-07-18 12:27 . 2008-04-21 12:55 88 --sh--r- c:\windows\system32\8790C734F7.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_20.11.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-14 22:27 . 2010-04-14 22:27 16384 c:\windows\temp\Perflib_Perfdata_6d0.dat
+ 2008-04-12 20:28 . 2010-04-13 10:31 363320 c:\windows\system32\FNTCACHE.DAT
- 2008-04-12 20:28 . 2010-03-15 09:06 363320 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-04 20:18 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2005-04-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"P17Helper"="P17.dll" [2005-05-03 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-10 21:51 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-07 10:07 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]
2008-11-29 14:44 1591296 ----a-w- c:\program files\Clip2Net\clip2net.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-03-20 23:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-08 03:26 136176 ----atw- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 16:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 16:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-11-10 14:07 1253376 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-10 23:02 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 08:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AffinegyService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\NATEON\\Addin\\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\\AVChatAgent.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NaverPhone.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NpToSpBridge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Soldat15\\Soldat.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30201:UDP"= 30201:UDP:utorrent

R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 12:03 82200]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [31/07/2009 20:34 11296]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [07/04/2010 15:18 38144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
S0 ctpd;ctpd;c:\windows\system32\drivers\agaxb.sys --> c:\windows\system32\drivers\agaxb.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/04/2008 05:14 717296]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [17/01/2009 20:15 1527900]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20/03/2006 17:34 1452032]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05/03/2008 18:27 26656]
S3 RTCore32;RTCore32;c:\downloads\RamTest\RTCore32.sys [18/09/2008 09:40 4608]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/04/2008 20:20 332928]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [12/04/2008 20:20 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003Core.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003UA.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-14 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-09 21:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
FF - ProfilePath - c:\documents and settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nputplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-14 23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A59CAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7f7fcb8
\Driver\atapi -> atapi.sys @ 0xb7f11852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7df2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7de1a0d
SendHandler -> NDIS.sys @ 0xb7df5b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,9d,93,c2,bf,88,41,2d,65,28,03,33,44,7b,63,09,b8,cc,57,1b,92,de,ed,
f1,4f,9c,75,c5,3d,8c,13,4e,30,36,2e,02,54,c1,04,4a,ea,ac,4c,1f,9c,58,7e,76,\
"??"=hex:83,5b,4c,3f,83,0a,6e,89,d5,cb,4d,c8,bf,57,0a,ac

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,23,c0,48,f6,59,5e,52,99,73,0b,fb,5e,5e,a8,76,2a,fa,b1,39,cf,
fa,98,3f,61,83,49,dc,68,1f,6c,87,9c,62,4b,1f,7f,01,56,ee,0a,92,91,a8,ec,49,\
"rkeysecu"=hex:82,5d,4a,3a,b4,11,88,ac,19,f4,ee,93,57,a1,f3,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(872)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3908)
c:\windows\system32\WININET.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\_AXShlEx.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-14 23:53:02
ComboFix-quarantined-files.txt 2010-04-14 22:52
ComboFix2.txt 2010-04-11 20:21
ComboFix3.txt 2008-04-21 17:22

Pre-Run: 34,612,830,208 bytes free
Post-Run: 34,592,268,288 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - B97C24E8027B5D97074D99AA0DA8F87A


#10 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 15 April 2010 - 04:39 PM

Ok here is the new combofix from the steps you outlined:
How are we doing?

ComboFix 10-04-14.01 - Jack D 15/04/2010 13:37:41.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1680 [GMT 1:00]
Running from: c:\documents and settings\Jack D\Desktop\9083j2e.exe
Command switches used :: c:\documents and settings\Jack D\Desktop\CFScript.txt

FILE ::
"c:\windows\Ddajoyaqogune.dat"
"c:\windows\Flelofejinuresi.bin"
"c:\windows\system32\drivers\agaxb.sys"
"c:\windows\System32\klgd.bmp"
"c:\windows\System32\krv"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1245542722-4124386259-4204410904-1000
c:\windows\Ddajoyaqogune.dat
c:\windows\Flelofejinuresi.bin

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ctpd


((((((((((((((((((((((((( Files Created from 2010-03-15 to 2010-04-15 )))))))))))))))))))))))))))))))
.

2010-04-11 18:43 . 2010-04-11 18:48 -------- d-----w- C:\gayboy
2010-04-10 22:13 . 2010-04-12 16:43 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-04-10 22:13 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
2010-04-09 22:19 . 2010-04-09 22:23 -------- d-----w- C:\rafael
2010-04-09 02:01 . 2010-04-09 02:01 -------- d-----w- c:\windows\system32\KB905474
2010-04-09 02:01 . 2009-03-10 21:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-04-09 02:01 . 2009-03-10 21:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-04-08 19:50 . 2009-06-18 11:55 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-04-08 13:30 . 2010-04-08 13:30 -------- d-----w- c:\program files\Sophos
2010-04-08 13:17 . 2010-04-08 13:17 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-08 05:52 . 2009-05-07 07:04 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-08 03:56 . 2007-03-24 03:20 46208 ----a-r- c:\windows\system32\drivers\JRAID_2.sys
2010-04-08 03:26 . 2010-04-08 03:27 -------- d-----w- c:\documents and settings\Jack D\Local Settings\Application Data\Google
2010-04-08 03:12 . 2010-04-08 03:12 -------- d-----w- c:\documents and settings\Jack D\Application Data\CheeseSoft
2010-04-08 03:12 . 2010-04-08 03:13 -------- d-----w- C:\FU_Backup
2010-04-08 02:57 . 2008-04-14 00:12 578560 ------w- c:\windows\system32\user32.dll
2010-04-08 01:59 . 2010-04-08 02:00 -------- d-----w- c:\program files\ERUNT
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\windows\system32\REALTEK RTL8187 Wireless LAN Driver and Utility
2010-04-07 23:27 . 2010-04-07 23:27 -------- d-----w- c:\program files\Alwil Software
2010-04-07 21:03 . 2010-04-07 21:03 -------- d-----w- c:\program files\Common Files\Java
2010-04-07 20:30 . 2009-03-08 03:34 105984 ----a-w- c:\program files\Common Files\ielndex.dll
2010-04-07 17:54 . 2010-04-07 17:54 -------- d-----w- c:\documents and settings\Jack D\Application Data\IrfanView
2010-04-07 16:38 . 2010-04-08 04:58 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-07 16:19 . 2008-04-13 19:20 182656 ----a-w- c:\windows\system32\dllcache\ndis.sys
2010-04-07 16:19 . 2008-04-13 19:20 182656 ------w- c:\windows\system32\drivers\ndis.sys
2010-04-07 14:44 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys
2010-04-07 14:18 . 2008-06-27 08:39 332928 ----a-w- c:\windows\system\rtl8187.sys
2010-04-07 14:18 . 2007-10-09 12:13 38144 ----a-w- c:\windows\system32\drivers\EAPPkt.sys
2010-04-07 14:18 . 2010-04-07 14:18 -------- d-----w- c:\program files\REALTEK
2010-04-07 14:08 . 2010-02-15 10:24 369952 ----a-w- c:\windows\system32\yk51x86.dll
2010-04-07 14:08 . 2010-02-15 10:24 304928 ----a-w- c:\windows\system32\drivers\yk51x86.sys
2010-04-07 10:58 . 2010-04-07 10:58 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-07 03:27 . 2010-04-07 03:27 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-04-07 03:24 . 2010-04-07 03:24 105656 ----a-w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-06 22:04 . 2010-04-06 22:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-06 21:13 . 2010-04-06 21:13 -------- d-----w- C:\msdownld.tmp
2010-04-05 12:48 . 2008-04-13 19:40 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys
2010-04-05 04:36 . 2010-04-05 04:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-04-02 09:46 . 2010-02-03 14:56 26176 ---ha-w- c:\windows\system32\hamachi.sys
2010-04-02 09:46 . 2010-04-02 09:46 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-03-28 16:25 . 2010-03-16 06:51 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-03-28 16:25 . 2010-03-16 06:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-03-28 16:25 . 2010-03-16 06:51 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-03-28 16:25 . 2010-03-16 06:51 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-28 16:25 . 2010-03-16 06:51 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-28 16:25 . 2010-03-16 06:51 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-28 16:25 . 2010-03-16 06:51 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-03-28 16:25 . 2010-03-16 06:51 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-03-23 13:35 . 2010-03-16 06:51 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 10232352 ----a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-23 13:35 . 2010-03-16 06:51 6432128 ----a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-03-23 13:35 . 2009-05-18 11:00 614400 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-23 12:31 . 2010-03-23 13:24 -------- d-----w- c:\program files\DriverCleanerDotNET
2010-03-18 11:33 . 2010-03-18 11:33 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-18 11:32 . 2009-09-04 17:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-18 11:32 . 2009-09-04 17:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-18 11:32 . 2009-09-04 17:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-18 11:32 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-13 05:40 . 2007-08-31 13:03 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys
2010-04-12 18:02 . 2009-10-29 17:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-11 23:04 . 2009-09-16 23:38 -------- d-----w- c:\documents and settings\Jack D\Application Data\NoNameScript
2010-04-11 22:16 . 2008-04-12 20:28 -------- d-----w- c:\program files\mIRC
2010-04-10 01:17 . 2008-04-12 22:56 -------- d-----w- c:\documents and settings\Jack D\Application Data\uTorrent
2010-04-10 01:16 . 2009-02-04 22:53 -------- d-----w- c:\program files\PeerGuardian
2010-04-09 15:44 . 2008-04-12 23:11 -------- d-----w- c:\program files\uTorrentDownloads
2010-04-08 05:51 . 2009-02-04 23:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-08 04:52 . 2010-04-08 04:52 388096 ----a-r- c:\documents and settings\Jack D\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-07 23:30 . 2008-04-14 14:28 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-07 23:28 . 2008-10-11 23:41 -------- d-----w- c:\program files\Doom 3
2010-04-07 23:27 . 2009-08-30 23:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 21:20 . 2010-04-07 21:20 503808 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\msvcp71.dll
2010-04-07 21:20 . 2010-04-07 21:20 499712 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\jmc.dll
2010-04-07 21:20 . 2010-04-07 21:20 348160 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-77abb107-n\msvcr71.dll
2010-04-07 21:20 . 2010-04-07 21:20 61440 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22754476-n\decora-sse.dll
2010-04-07 21:20 . 2010-04-07 21:20 12800 ----a-w- c:\documents and settings\Jack D\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-22754476-n\decora-d3d.dll
2010-04-07 21:19 . 2008-12-04 10:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-07 21:00 . 2008-04-13 19:26 -------- d-----w- c:\program files\Java
2010-04-07 14:18 . 2008-04-12 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-05 12:58 . 2008-09-24 16:15 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-05 04:37 . 2010-04-05 04:37 0 ----a-w- c:\windows\system32\4A.tmp
2010-04-05 04:37 . 2010-04-05 04:37 44 ----a-w- c:\windows\system32\43.tmp
2010-04-04 22:48 . 2008-04-17 15:49 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-04-04 22:48 . 2008-04-17 15:49 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-04-04 22:48 . 2008-11-11 19:09 -------- d-----w- c:\program files\Steam
2010-04-04 10:30 . 2009-03-22 19:58 -------- d-----w- c:\program files\SopCast
2010-04-03 23:27 . 2010-01-24 12:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-03-29 23:46 . 2009-08-30 23:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 23:45 . 2009-08-30 23:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 23:45 . 2008-04-13 10:17 -------- d-----w- c:\documents and settings\Jack D\Application Data\teamspeak2
2010-03-28 16:30 . 2009-11-08 12:18 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-28 16:28 . 2008-04-13 22:52 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-24 12:53 . 2008-05-26 16:16 -------- d-----w- c:\documents and settings\Jack D\Application Data\TypingMaster7
2010-03-23 12:44 . 2008-04-12 22:56 -------- d-----w- c:\program files\uTorrent
2010-03-18 11:34 . 2009-03-20 14:23 138056 ----a-w- c:\documents and settings\Jack D\Application Data\PnkBstrK.sys
2010-03-18 11:34 . 2009-03-20 14:23 138056 ----a-w- c:\documents and settings\Jack D\Application Data\PnkBstrK.sys
2010-03-18 11:33 . 2008-04-17 15:49 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-15 09:05 . 2008-04-14 11:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-14 21:33 . 2008-04-13 06:01 105656 ----a-w- c:\documents and settings\Jack D\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-14 15:55 . 2009-01-11 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-14 15:34 . 2009-01-11 01:18 -------- d-----w- c:\program files\Microsoft Works
2010-03-13 18:21 . 2009-12-05 17:19 -------- d-----w- c:\program files\Veetle
2010-03-10 23:56 . 2009-04-12 01:36 -------- d-----w- c:\program files\Zoom Player
2010-02-25 13:17 . 2008-12-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Rosetta Stone
2010-02-25 06:24 . 2007-12-07 02:01 916480 ------w- c:\windows\system32\wininet.dll
2010-02-14 17:07 . 2009-03-08 21:19 114688 ----a-w- c:\documents and settings\Jack D\Application Data\Soldat\Battleye\BEClient.dll
2006-05-06 16:42 . 2009-03-24 21:11 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2008-07-18 12:27 . 2008-07-18 12:27 8 --sh--r- c:\windows\system32\5BB70A264E.sys
2008-07-18 12:27 . 2008-04-21 12:55 88 --sh--r- c:\windows\system32\8790C734F7.sys
2010-01-15 13:31 . 2008-04-21 12:55 5590 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-04-11_20.11.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-15 21:20 . 2010-04-15 21:20 16384 c:\windows\temp\Perflib_Perfdata_6cc.dat
+ 2008-04-12 20:28 . 2010-04-13 10:31 363320 c:\windows\system32\FNTCACHE.DAT
- 2008-04-12 20:28 . 2010-03-15 09:06 363320 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2009-08-04 20:18 218160 ----a-w- c:\program files\Hotspot Shield\hssie\HssIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TypingSatellite"="c:\program files\TypingMaster\KBOOST.EXE" [2007-08-14 1243152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-03-21 1953792]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2005-04-07 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"P17Helper"="P17.dll" [2005-05-03 64512]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-10-10 21:51 229376 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-09-07 10:07 4608 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clip2Net]
2008-11-29 14:44 1591296 ----a-w- c:\program files\Clip2Net\clip2net.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-03-20 23:33 478800 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-04-01 09:39 486856 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-04-08 03:26 136176 ----atw- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 11:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 17:07 1828136 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 16:29 2221352 ----a-w- c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-04-28 16:14 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2008-11-10 14:07 1253376 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2008-12-03 11:47 1205760 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ------w- c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ------w- c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-07-16 12:20 25604904 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-10 23:02 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 08:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wireless Manager]
2008-05-26 15:20 585728 ----a-w- c:\program files\Virgin Broadband Wireless\Wireless Manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AffinegyService"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Soldat\\Soldat.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Pro Evolution Soccer 2008\\PES2008.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\Deep Silver\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\EA GAMES\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\xchat\\xchat.exe"=
"c:\\Program Files\\NATEON\\BIN\\NateOnMain.exe"=
"c:\\Program Files\\NATEON\\Addin\\7AEF7E74-08E8-47b9-96F3-BC4A07E4D5E8\\AVChatAgent.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NaverPhone.exe"=
"c:\\Program Files\\Naver\\NaverPhone\\NpToSpBridge.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Soldat15\\Soldat.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Red Storm Entertainment\\RavenShield\\system\\RavenShield.exe"=
"c:\\Program Files\\Eidos\\Batman Arkham Asylum\\Binaries\\ShippingPC-BmGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
"c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KFEd.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\battlefield bad company 2\\BFBC2Game.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"30201:UDP"= 30201:UDP:utorrent

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14/04/2008 05:14 717296]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 12:03 82200]
R1 VRVD302;VRVD302;c:\windows\system32\drivers\VRVD302.sys [31/07/2009 20:34 11296]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [07/04/2010 15:18 38144]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [30/03/2010 11:16 1107336]
S3 DBKDRVR54;DBKDRVR54;\??\c:\program files\Cheat Engine\dbk32.sys --> c:\program files\Cheat Engine\dbk32.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [17/01/2009 20:15 1527900]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [20/03/2006 17:34 1452032]
S3 PLCND532;PLCND532 NDIS Protocol Driver;c:\windows\system32\drivers\PLCND532.sys [05/03/2008 18:27 26656]
S3 RTCore32;RTCore32;c:\downloads\RamTest\RTCore32.sys [18/09/2008 09:40 4608]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [12/04/2008 20:20 332928]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [12/04/2008 20:20 13532]
.
Contents of the 'Scheduled Tasks' folder

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003Core.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-796845957-725345543-1003UA.job
- c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-08 03:26]

2010-04-15 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-04-09 21:18]
.
.
------- Supplementary Scan -------
.
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8DC067B8-911D-473A-90F1-1171B887CDE0} - hxxp://cyimg7.cyworld.com/ImageUpload/CyPictureU1233.cab?20081124
FF - ProfilePath - c:\documents and settings\Jack D\Application Data\Mozilla\Firefox\Profiles\03yl8n34.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Jack D\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nputplug.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-15 22:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A4AEAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xb811cf28
\Driver\ACPI -> ACPI.sys @ 0xb7e67cb8
\Driver\atapi -> atapi.sys @ 0xb7dfcb40
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller -> SendCompleteHandler -> NDIS.sys @ 0xb7cf2bb0
PacketIndicateHandler -> NDIS.sys @ 0xb7ce1a0d
SendHandler -> NDIS.sys @ 0xb7cf5b40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,91,3a,d2,80,b5,64,91,46,87,98,fa,\

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f5,9d,93,c2,bf,88,41,2d,65,28,03,33,44,7b,63,09,b8,cc,57,1b,92,de,ed,
f1,4f,9c,75,c5,3d,8c,13,4e,30,36,2e,02,54,c1,04,4a,ea,ac,4c,1f,9c,58,7e,76,\
"??"=hex:83,5b,4c,3f,83,0a,6e,89,d5,cb,4d,c8,bf,57,0a,ac

[HKEY_USERS\S-1-5-21-682003330-796845957-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:eb,23,c0,48,f6,59,5e,52,99,73,0b,fb,5e,5e,a8,76,2a,fa,b1,39,cf,
fa,98,3f,61,83,49,dc,68,1f,6c,87,9c,62,4b,1f,7f,01,56,ee,0a,92,91,a8,ec,49,\
"rkeysecu"=hex:82,5d,4a,3a,b4,11,88,ac,19,f4,ee,93,57,a1,f3,9a
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\WININET.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WININET.dll
c:\program files\Microsoft Office\Office12\GrooveShellExtensions.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\_AXShlEx.dll
c:\windows\system32\ieframe.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\NetLimiter 2 Pro\nlsvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\system32\PSIService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2010-04-15 22:33:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-15 21:33
ComboFix2.txt 2010-04-14 22:53
ComboFix3.txt 2010-04-11 20:21
ComboFix4.txt 2008-04-21 17:22

Pre-Run: 34,685,706,240 bytes free
Post-Run: 34,620,940,288 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 313BAC0F01E6CEF8D6761E09FA3CE175


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 16 April 2010 - 06:44 AM

Hi,

very likely still infected. How is your PC doing?

Please download maxlook.exe by noahdfear and save it onto your Desktop.
  • Then click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 16 April 2010 - 11:24 AM

It is loading a bit faster at start up! However, google chrome still isn't working. :/

I ran maxlook and got the message "no driver copies present to verify. Please run maxlook by double clicking."
Is this good news?

#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 18 April 2010 - 01:17 PM

Hi,

sorry I missed a step.

Please run the following first:
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 Mrunreal

Mrunreal
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:12:04 AM

Posted 19 April 2010 - 07:10 AM

Hiya, it didn't seem to find anything.
Log:

Run from C:\Documents and Settings\Jack D\Desktop\maxlook.exe on 19/04/2010 at 13:07:52.14

No infected file found


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:04 AM

Posted 19 April 2010 - 07:21 AM

Hi,

could you then please run the instructions I gave you in the first place:

Please download maxlook.exe by noahdfear and save it onto your Desktop.
  • Then click on start
  • select Run...
  • enter "%userprofile%\Desktop\maxlook.exe" -sig and hit enter
  • a blue window will open. Please make sure that you are connected to the internet while the blue window is open.
  • Once it is finished a log file will open. Please save that log and post the content in your next reply.
If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.


regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users