Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Post-AntispywareSoft Removal Issues and Internet Redirects


  • This topic is locked This topic is locked
15 replies to this topic

#1 Boston Kid

Boston Kid

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 19 May 2010 - 11:14 PM

Thanks for taking the time to read this post, I really appreciate it as I'm starting school back in a week and really need my computer back in good health.

Last night I got hit with something that downloaded AntivirusSoft. It blocked me out of everything, including MBAM and the task manager. Somehow after 5-6 reboots, it allowed me back into the task manager and I killed all of the unknown processes as well as used msconfig to modify the startup items and services.
Ran MBAM with older definitions as it wasn't letting me update and removed quite a few threats.

Following rebooting I still can't update MBAM even after reinstalling - it says "Update failed. Make sure you are connected to the Internet and your firewall is set to allow Malwarebytes- Anti Malware to access the internet".

Also, I can't access that website along with several other security-related and non-security related websites, and there are constant redirects. In addition, whenever I boot into Windows, I get a message saying "An application is requesting access to a Protected item" and the Details button yields this "Protected storage helps safeguard data you want to keep private" and it shows this "C:\WINDOWS\system32\spoolsv.exe"

And lastly, from previous virus attacks, I am confident my system files and registry is beyond messed up and if I could get help just making sure nothing is corrupt, that would be great as well.

I have Windows XP SP3 with Norton Corporate Edition.

-------------------------------------------------------------------------------

As requested by boopme, here are steps 6-9. Unfortunately the GMER scan keeps crashing my computer and therefore I was unable to post those.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Belal at 21:32:14.32 on Wed 05/19/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2224 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Lexmark 2600 Series\ezprint.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\Belal\LOCALS~1\Temp\setup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Belal\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: c:\windows\system32\y3ocw.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\y3ocw.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [mcexecwin] rundll32.exe c:\docume~1\belal\locals~1\temp\cx0ir8w.dll, RestoreWindows
uRun: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] c:\docume~1\belal\locals~1\temp\setup.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [EzPrint] "c:\program files\lexmark 2600 series\ezprint.exe"
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\device~1.lnk - c:\program files\olympus\devicedetector\DevDtct2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\embass~1.lnk - c:\program files\wave systems corp\services manager\secure update\AutoUpdate.exe
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\biolsp.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1216929332812
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1216929313687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vpn.msnyuhealth.org/dana-cached/setup/JuniperSetupSP1.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: NameServer = 93.188.165.170,93.188.161.175
TCP: {15A3A51E-5F8F-4668-A05E-C4DD8E0AF369} = 93.188.165.170,93.188.161.175
TCP: {7A18EAA6-C491-47F1-A605-9292E5520F0F} = 93.188.165.170,93.188.161.175
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\y3ocw.dll: {c7ba40a1-74f2-52bd-f411-04b15a2c8953} - c:\windows\system32\y3ocw.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\belal\applic~1\mozilla\firefox\profiles\fnjzfw5x.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================


==================== Find3M ====================


============= FINISH: 21:33:27.43 ===============



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 21 May 2010 - 12:41 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


Ok I would like you to try running Gmer once more, this time untick all the boxes on the right side, except for
sections then try running it, if it still crashes then just go on with the next steps.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 23 May 2010 - 02:26 PM

Thanks so much for your help. Norton Auto-Protect seems to be picking up a few Trojans in my application data folder and C:\Temp so I ran a fresh DDS log as well.


OTL logfile created on: 5/23/2010 3:18:23 PM - Run 2
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Belal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 146.91 Gb Free Space | 63.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAKLAP
Current User Name: Belal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 19:22:32 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/05/20 08:48:16 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/05/17 00:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2007/10/07 20:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/03/25 18:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 12:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 12:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 12:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/30 14:33:04 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
PRC - [2005/11/30 10:39:02 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2005/06/16 12:11:42 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/05/17 00:12:54 | 000,167,936 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll
MOD - [2008/05/16 23:12:54 | 000,109,568 | ---- | M] (www.madshi.net) -- C:\WINDOWS\system32\MadCHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 23:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/11/03 20:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/05/18 23:51:16 | 000,070,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\-f36decbb.exe -- (MSIU-f36decbb)
SRV - [2010/05/18 23:51:16 | 000,070,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\-7f691367.exe -- (MSIU-7f691367)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/12 12:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 12:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/12/12 12:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/05/17 00:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 11:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/10/07 20:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 19:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/25 18:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/30 14:33:04 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/13 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100520.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/13 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100520.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/11/10 12:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/07/24 14:50:56 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 05:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/06 10:35:42 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/08/27 17:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 17:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnusb.sys -- (VNUSB)
DRV - [2006/02/10 04:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/21 00:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/12 00:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/28 14:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/09 13:44:22 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/05 07:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 08:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 08:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 08:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 17:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/14 07:54:16 | 000,017,290 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2005/09/29 02:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/01 22:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfcom.sys -- (Tosrfcom)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 15:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 19:22:39 | 000,000,000 | ---D | M]

[2009/08/03 13:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Belal\Application Data\Mozilla\Extensions
[2010/05/23 15:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions
[2010/01/11 20:51:03 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/05 12:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/23 15:06:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/30 20:13:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOCUME~1\Belal\LOCALS~1\Temp\1278278022.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1216929332812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1216929313687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.msnyuhealth.org/dana-cached/set...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.170,93.188.161.175
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Belal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Belal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\Shell\AutoRun\command - "" = dk.exe
O33 - MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\Shell\open\Command - "" = dk.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/11 18:02:12 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^Belal^Start Menu^Programs^Startup^.. - C:\Documents and Settings\Belal\Start Menu\Programs\Startup\.. - [2010/02/15 16:13:00 | 000,000,000 | R--D | M]
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: asam - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Application Data\asam.exe File not found
MsConfig - StartUpReg: cfimosbb - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Application Data\ymybygwix\tumyilntssd.exe (Caztma)
MsConfig - StartUpReg: cleansweep.exe - hkey= - key= - C:\cleansweep.exe\cleansweep.exe File not found
MsConfig - StartUpReg: DLA - hkey= - key= - File not found
MsConfig - StartUpReg: Document Manager - hkey= - key= - C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
MsConfig - StartUpReg: hsfe8owijfisjhgs7ye39gjsoighsd7y3eu - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\m7l99.exe File not found
MsConfig - StartUpReg: hsfg9w8gujsokgahi8gysgnsdgefshyjy - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\setup.exe File not found
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: IMEKRMIG6.1 - hkey= - key= - C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
MsConfig - StartUpReg: IMJPMIG8.1 - hkey= - key= - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
MsConfig - StartUpReg: iPrint Event Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: iPrint Tray - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
MsConfig - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
MsConfig - StartUpReg: lxdnmon.exe - hkey= - key= - C:\Program Files\Lexmark 2600 Series\lxdnmon.exe ()
MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Temp\Qmh.exe ()
MsConfig - StartUpReg: mcexecwin - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\cx0ir8w.DLL File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: ShowLOMControl - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
MsConfig - StartUpReg: Zune Launcher - hkey= - key= - c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 1
MsConfig - State: "win.ini" - 1
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Unable to start service SrService!

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 14:59:23 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
[2010/05/19 20:01:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Belal\Recent
[2010/05/19 03:52:38 | 000,017,144 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/19 03:52:37 | 000,038,472 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/19 03:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/19 02:16:29 | 034,595,080 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Belal\Desktop\IEXPLORE.exe
[2010/05/19 02:09:57 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Belal\Desktop\procexp.exe
[2010/05/19 00:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/19 00:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/18 23:53:55 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/18 23:53:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/18 23:53:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/18 23:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Local Settings\Application Data\ymybygwix
[2010/05/18 23:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/18 23:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/18 23:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\ATManager
[2010/05/18 23:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/30 22:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\ooVoo Details
[2010/04/30 22:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/04/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\skypePM
[2010/04/30 20:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\Skype
[2010/04/30 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/30 20:12:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/04/30 20:07:34 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/04/30 20:07:34 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010/04/30 20:07:33 | 006,756,632 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010/04/30 20:07:32 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/04/30 20:07:07 | 000,266,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/04/30 20:07:07 | 000,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/04/30 20:06:30 | 000,023,832 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010/04/30 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/04/30 20:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/04/30 20:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/04/30 19:59:27 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/04/30 19:59:20 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/04/30 19:59:13 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/04/30 19:59:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/04/30 19:59:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/04/30 19:59:09 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/04/30 19:59:05 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/04/30 19:59:00 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/04/30 19:58:55 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/04/30 19:58:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2010/04/30 19:58:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/04/30 19:58:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/04/30 19:58:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/04/30 19:58:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/04/30 19:58:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/04/30 19:58:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/30 19:58:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/04/30 19:58:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/04/30 19:58:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/04/30 19:58:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/04/30 19:58:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 02:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Desktop\Backup April 26th
[2009/08/31 08:49:39 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2009/08/31 08:49:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2009/08/31 08:49:39 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2009/08/31 08:49:39 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2009/08/31 08:49:39 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2009/08/31 08:49:39 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2009/08/31 08:49:39 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2009/08/31 08:49:39 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2009/08/31 08:49:39 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2009/08/31 08:49:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2009/08/31 08:49:39 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2 C:\Documents and Settings\Belal\My Documents\*.tmp files -> C:\Documents and Settings\Belal\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/23 15:03:17 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Belal\NTUSER.DAT
[2010/05/23 14:59:34 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
[2010/05/23 14:55:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 14:54:50 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/23 14:53:43 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/23 14:53:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 14:53:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 14:52:09 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Belal\ntuser.ini
[2010/05/20 20:08:21 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
[2010/05/19 03:52:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 03:50:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\HijackThis.lnk
[2010/05/19 03:35:19 | 000,001,014 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 03:35:19 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 03:35:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/19 03:32:33 | 034,595,080 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Belal\Desktop\IEXPLORE.exe
[2010/05/19 02:16:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/19 02:10:37 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Belal\Desktop\procexp.exe
[2010/05/19 02:08:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\iexplore.exe.exe
[2010/05/18 23:51:16 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\-f36decbb.exe
[2010/05/18 23:51:16 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\-7f691367.exe
[2010/05/18 23:50:27 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\DivX Movies.lnk
[2010/05/18 23:50:01 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/18 23:49:44 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/17 01:35:41 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Final-essay 2 research paper(1).doc
[2010/05/16 23:25:44 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Social.doc
[2010/05/16 16:44:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\downloads(1)
[2010/05/16 15:36:32 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\3526054497.doc
[2010/05/14 12:11:04 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Sharewood Attendees May 15th.xls
[2010/05/10 01:06:38 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Summer Sharewood Clinic Scheduling Sign Ups.xls
[2010/05/10 00:50:04 | 000,057,938 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\album.php
[2010/05/09 15:38:32 | 033,803,020 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_19__March_8__2010.m4a
[2010/05/08 21:49:31 | 030,852,589 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_18__March_4__2010.m4a
[2010/05/08 21:49:00 | 030,257,634 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_17__March_2__2010.m4a
[2010/05/08 21:48:30 | 023,814,931 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_16_2010_March_1__2010.m4a
[2010/05/08 21:46:22 | 025,107,110 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_14_February_23__2010.m4a
[2010/05/08 17:54:55 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Solitare High Score.doc
[2010/05/08 15:13:05 | 000,176,571 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Integration of Neurology, Psychiatry, and the Neurosciences.pdf
[2010/05/08 03:07:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\fdwebaudio_asx_video_x_ms_asf_Object_fdwebaudio.asx
[2010/05/07 05:08:02 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/07 03:18:30 | 029,042,999 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_5_February_1__2010.m4a
[2010/05/06 18:08:15 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/01 19:09:06 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\ACTION.htm
[2010/05/01 16:28:25 | 000,089,351 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Concert Board Budget 2010.pdf
[2010/05/01 15:48:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\RGR Graph.doc
[2010/04/30 22:28:58 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/04/30 20:15:18 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/30 20:12:56 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 20:10:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/04/30 20:10:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/04/30 20:05:50 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/24 17:37:02 | 000,524,756 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Elevated response of human amygdala to neutral stimuli in mild PTSD.pdf
[2 C:\Documents and Settings\Belal\My Documents\*.tmp files -> C:\Documents and Settings\Belal\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/19 03:52:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 03:50:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\HijackThis.lnk
[2010/05/19 03:35:20 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
[2010/05/19 03:35:20 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
[2010/05/19 03:35:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/19 03:35:20 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/05/19 02:08:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\iexplore.exe.exe
[2010/05/19 00:02:10 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\-f36decbb.exe
[2010/05/18 23:51:27 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/18 23:51:17 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\-7f691367.exe
[2010/05/18 23:50:01 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/18 23:49:44 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/17 01:35:41 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Final-essay 2 research paper(1).doc
[2010/05/16 23:25:44 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Social.doc
[2010/05/16 16:40:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\downloads(1)
[2010/05/16 15:36:31 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\3526054497.doc
[2010/05/14 12:11:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Sharewood Attendees May 15th.xls
[2010/05/10 01:06:38 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Summer Sharewood Clinic Scheduling Sign Ups.xls
[2010/05/10 00:50:02 | 000,057,938 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\album.php
[2010/05/09 15:38:13 | 033,803,020 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_19__March_8__2010.m4a
[2010/05/08 21:49:30 | 030,852,589 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_18__March_4__2010.m4a
[2010/05/08 21:48:59 | 030,257,634 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_17__March_2__2010.m4a
[2010/05/08 21:48:29 | 023,814,931 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_16_2010_March_1__2010.m4a
[2010/05/08 21:46:21 | 025,107,110 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_14_February_23__2010.m4a
[2010/05/08 17:54:54 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Solitare High Score.doc
[2010/05/08 15:13:05 | 000,176,571 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Integration of Neurology, Psychiatry, and the Neurosciences.pdf
[2010/05/08 03:07:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\fdwebaudio_asx_video_x_ms_asf_Object_fdwebaudio.asx
[2010/05/07 03:16:11 | 029,042,999 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_5_February_1__2010.m4a
[2010/05/01 19:09:05 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\ACTION.htm
[2010/05/01 16:28:25 | 000,089,351 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Concert Board Budget 2010.pdf
[2010/05/01 15:48:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\RGR Graph.doc
[2010/04/30 22:28:58 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/04/30 20:15:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/30 20:12:56 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 20:10:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/04/30 20:07:32 | 000,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/04/30 20:07:07 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/30 20:07:07 | 000,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/04/30 20:06:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/04/30 20:05:50 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/04/24 17:37:02 | 000,524,756 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Elevated response of human amygdala to neutral stimuli in mild PTSD.pdf
[2010/02/03 19:50:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2010/02/03 19:50:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/31 08:50:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2009/08/31 08:50:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2009/08/31 08:49:55 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2009/08/31 08:49:55 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2009/08/31 08:49:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2009/08/31 08:49:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2009/08/31 08:49:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2009/08/15 13:19:04 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 10:12:46 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2008/07/24 15:49:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/24 15:49:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/24 15:49:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/24 15:49:31 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/18 13:47:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/18 13:44:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 17:55:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 17:53:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/11 17:50:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/05/11 17:50:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/05/11 17:29:54 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/25 18:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 16:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 16:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 16:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 16:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 16:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 16:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 16:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 16:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 16:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 16:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 16:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/09 13:25:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/03/09 13:24:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/30 14:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/11/10 09:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/11 18:06:14 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/11 18:06:14 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/11 18:06:14 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
< End of report >

Edited by syler, 24 May 2010 - 06:31 AM.
Removed uneeded logs


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 24 May 2010 - 06:56 AM

Hi,

Can you please just post the logs I ask for in your replies. You have not posted the second OTL log
I asked for, Open OTL and check "use SafeList" under "Extra Registry", then post only Extra.txt that
pops up.

You also have not posted a Gmer log that I asked for, if Gmer is still crashing then let me know, other
wise please post the Gmer log.

unite.jpg


#5 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 May 2010 - 11:41 AM

My apologies, I couldn't find the extra's log file. Also, GMER unfortunately keeps crashing my system and therefore I am unable to post those logs.

Edited by Boston Kid, 24 May 2010 - 12:44 PM.


#6 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 24 May 2010 - 12:40 PM

I've been trying to post the extra's log file but it unfortunately is not going through. Both IE and Firefox both keep saying that the page is not found. I have attached it to this message. I hope that works.

Thanks for all your help.

Attached Files


Edited by Boston Kid, 24 May 2010 - 12:43 PM.


#7 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 25 May 2010 - 09:32 AM

Hi Boston Kid,

That's fine thanks, if you have further problems posting the logs then just attach them.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - [2010/05/18 23:51:16 | 000,070,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\-f36decbb.exe -- (MSIU-f36decbb)
    SRV - [2010/05/18 23:51:16 | 000,070,656 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\-7f691367.exe -- (MSIU-7f691367)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.165.170,93.188.161.175
    O33 - MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\Shell\AutoRun\command - "" = dk.exe
    O33 - MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\Shell\open\Command - "" = dk.exe
    MsConfig - StartUpReg: asam - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Application Data\asam.exe File not found
    MsConfig - StartUpReg: cfimosbb - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Application Data\ymybygwix\tumyilntssd.exe (Caztma)
    MsConfig - StartUpReg: cleansweep.exe - hkey= - key= - C:\cleansweep.exe\cleansweep.exe File not found
    MsConfig - StartUpReg: DLA - hkey= - key= - File not found
    MsConfig - StartUpReg: hsfe8owijfisjhgs7ye39gjsoighsd7y3eu - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\m7l99.exe File not found
    MsConfig - StartUpReg: hsfg9w8gujsokgahi8gysgnsdgefshyjy - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\setup.exe File not found
    MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
    MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
    MsConfig - StartUpReg: iPrint Event Monitor - hkey= - key= - File not found
    MsConfig - StartUpReg: iPrint Tray - hkey= - key= - File not found
    MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Documents and Settings\Belal\Local Settings\Temp\Qmh.exe ()
    MsConfig - StartUpReg: mcexecwin - hkey= - key= - C:\DOCUME~1\Belal\LOCALS~1\Temp\cx0ir8w.DLL File not found
    MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found
    MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
    MsConfig - StartUpReg: NVHotkey - hkey= - key= - File not found
    MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found
    MsConfig - StartUpReg: nwiz - hkey= - key= - File not found
    MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
    MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
    MsConfig - StartUpReg: ShowLOMControl - hkey= - key= - File not found
    [2010/05/18 23:53:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Local Settings\Application Data\ymybygwix
    [2 C:\Documents and Settings\Belal\My Documents\*.tmp files -> C:\Documents and Settings\Belal\My Documents\*.tmp -> ]
    :Reg
    [HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
    "ProxyServer"=""
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL lg
  • mbr.log

Thanks

unite.jpg


#8 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 May 2010 - 12:25 PM

Thanks syler, here's what you requested.

OTL Results

All processes killed
========== OTL ==========
Service MSIU-f36decbb stopped successfully!
Service MSIU-f36decbb deleted successfully!
C:\WINDOWS\system32\-f36decbb.exe moved successfully.
Service MSIU-7f691367 stopped successfully!
Service MSIU-7f691367 deleted successfully!
C:\WINDOWS\system32\-7f691367.exe moved successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15674db0-92ae-11de-9186-0019d2005605}\ not found.
File dk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15674db0-92ae-11de-9186-0019d2005605}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15674db0-92ae-11de-9186-0019d2005605}\ not found.
File dk.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\asam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\cfimosbb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\cleansweep.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DLA\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\hsfe8owijfisjhgs7ye39gjsoighsd7y3eu\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\hsfg9w8gujsokgahi8gysgnsdgefshyjy\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxhkcmd\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxpers\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\igfxtray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\iPrint Event Monitor\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\iPrint Tray\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\M5T8QL3YW3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\mcexecwin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\MSPY2002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvCplDaemon\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NVHotkey\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NvMediaCenter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PHIME2002A\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\PHIME2002ASync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\ShowLOMControl\ deleted successfully.
C:\Documents and Settings\Belal\Local Settings\Application Data\ymybygwix folder moved successfully.
C:\Documents and Settings\Belal\My Documents\~WRL0002.tmp deleted successfully.
C:\Documents and Settings\Belal\My Documents\~WRL1023.tmp deleted successfully.
========== REGISTRY ==========
HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\"ProxyServer"|"" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Belal
->Temp folder emptied: 100315415 bytes
->Temporary Internet Files folder emptied: 883735 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39209133 bytes
->Flash cache emptied: 7104 bytes

User: Default User
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 348 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 128098 bytes
->Temporary Internet Files folder emptied: 704981 bytes
->Flash cache emptied: 7860 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10027255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23943826 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 167.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Belal
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05252010_130840

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\26slice1%253Aday%253D27%2526slice2%253Amonth%253DDec%2526gcid%253DC11287x189%2526WT.mc_id%253De5074%2526WT[1].mc_ev%253Dclick%2526retrieveParams%253Dtrue%2526z%253D1a83%2526r%253D2 not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\3205;k3=588;klg=en;kvid=_EyI4p0yjDQ;ctb=1;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;shortform=1;kp=1;u=_EyI4p0yjDQ_6;kgg=-1;kcr=us;khd=0;dc_dedup=1;kpu=Norcinu;tile=1;ord=902506779[1].asx not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\;kvid=_EyI4p0yjDQ;ctb=1;kr=F;kt=K;ko=c;kpid=6;afc=1;kga=-1;shortform=1;kp=1;u=_EyI4p0yjDQ_6;kgg=-1;kcr=us;khd=0;dc_dedup=1;kpu=Norcinu;dc_seed=215454925;tile=1;ord=219970966[1].asx not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=1&height=1&pos=3&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=1&height=1&pos=1&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=519x150&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=519&height=150&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=519x225&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=519&height=225&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=728x90&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=728&height=90&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZG3Z26S3\channel=air&Section=main&adsize=728x90&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=728&height=90&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\,31939,32004,32376,32400,32479,32594,32749,32822,32859,33757,33776,33852,33873,33897,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=AtbgIf,bfvWAIRggwlcR[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\2F%252Fwww.cheaptickets[1].com%252FApp%252FViewFlightSearchResults%253FretrieveParams%253Dtrue%2526z%253Deadf%2526r%253D2v%2526z%253Deae1%2526r%253D2x%2526lastPage%253Dinterstitial not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\31940,32004,32376,32400,32479,32594,32749,32822,32859,33757,33776,33852,33873,33897,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=bpNxeIk,bfvWAIRggwlcW[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\32376,32400,32479,32594,32749,32822,32827,32859,33757,33776,33852,33873,33897,33998,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=cabIfip,bfvWAIRggwlcK[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=1&height=1&pos=4&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=1&height=1&pos=3&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\channel=air&Section=main&adsize=519x150&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=519&height=150&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\channel=air&Section=main&adsize=519x225&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=519&height=225&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\channel=air&Section=results&adsize=125x125_top&origin=SFO&dest=BOS&CookieName=OSC&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575216532&width=125&height=125&[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\VXCSERN8\nel=air&Section=results&adsize=728x90_top&origin=SFO&dest=BOS&CookieName=OSC&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575216532&width=728&height=90&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\JY05KKRA\32376,32400,32479,32594,32749,32822,32827,32859,33757,33776,33852,33873,33897,33998,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=cehNRqf,bfvWxxtncoKNs[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\JY05KKRA\32736,32749,32822,32825,32859,33756,33757,33776,33852,33872,33873,33895,33897,34092,34253,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=biprzeb,bfvWxxsncoKNg[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\JY05KKRA\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=1&height=1&pos=1&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\JY05KKRA\channel=air&Section=main&adsize=468x60_top&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=468&height=60&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\32376,32400,32479,32594,32749,32822,32827,32859,33757,33776,33852,33873,33897,33998,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=bbmmoqx,bfvWxykncoRIw[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\32376,32400,32479,32594,32749,32822,32827,32859,33757,33776,33852,33873,33897,33998,34092,34282,34452,34457,34471,34538,34539&Values=1588&Redirect=;ord=dmntkAr,bfvWxdviizjNW[1].htm not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\air&Section=results&adsize=160x600_right&origin=SFO&dest=BOS&CookieName=OSC&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575216532&width=160&height=600&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=1&height=1&pos=2&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=1&height=1&pos=2&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=main&adsize=1x1&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=1&height=1&pos=4&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=main&adsize=728x90_top&CookieName=OSC&spu=C11287x189&secure=false&site=orbitz&subdomain=orbitz&group=A&tile=1264575163205&width=728&height=90&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=main&adsize=728x90_top&CookieName=OSC&spu=C16036x268&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575155370&width=728&height=90&adType=noframe&[1] not found!
File\Folder C:\Documents and Settings\Belal\Local Settings\Temp\Temporary Internet Files\Content.IE5\6SU3SFVC\channel=air&Section=results&adsize=1x1&origin=SFO&dest=BOS&CookieName=OSC&secure=false&site=ctix&subdomain=ctix&group=A&tile=1264575216532&width=1&height=1&[1].htm not found!

Registry entries deleted on Reboot...

OTL Scan

OTL logfile created on: 5/25/2010 1:19:32 PM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Documents and Settings\Belal\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 78.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.84 Gb Total Space | 147.04 Gb Free Space | 63.15% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HAKLAP
Current User Name: Belal
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
PRC - [2010/04/12 18:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 19:22:32 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/05/20 08:48:16 | 000,107,176 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2600 Series\ezprint.exe
PRC - [2008/05/17 00:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2007/10/07 20:48:40 | 000,125,368 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/05/29 16:33:22 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/03/25 18:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\common\DataServer.exe
PRC - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2005/12/28 12:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2005/12/28 12:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2005/11/30 14:33:04 | 000,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
PRC - [2005/11/30 10:39:02 | 000,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2005/06/16 12:11:42 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe
PRC - [2003/10/29 03:06:00 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 02:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/05/17 00:12:54 | 000,167,936 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll
MOD - [2008/05/16 23:12:54 | 000,109,568 | ---- | M] (www.madshi.net) -- C:\WINDOWS\system32\MadCHook.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2008/04/13 23:07:58 | 000,208,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2006/11/03 20:20:00 | 000,083,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpShHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/12/12 12:41:18 | 005,117,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2008/12/12 12:41:08 | 000,243,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2008/12/12 12:41:02 | 000,060,032 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2008/05/17 00:12:54 | 000,290,816 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2008/02/27 11:07:26 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2008/02/27 11:07:14 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007/10/07 20:48:36 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/10/07 20:48:32 | 001,822,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/10/07 20:48:24 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/08/28 19:04:25 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/08/27 17:14:00 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/07/26 19:25:20 | 001,181,016 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/29 16:33:36 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2007/05/29 16:33:26 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/03/25 18:24:04 | 000,315,392 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2)
SRV - [2005/12/28 13:04:56 | 000,262,217 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2005/12/28 12:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2005/12/28 12:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2005/12/28 12:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2005/11/30 14:33:04 | 000,180,224 | ---- | M] () [Auto | Running] -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2005/08/30 18:36:00 | 000,188,416 | ---- | M] (Cambridge Silicon Radio) [Disabled | Stopped] -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe -- (Bluetooth Hid Switch Service)


========== Driver Services (SafeList) ==========

DRV - [2010/05/13 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100524.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/13 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100524.002\NAVENG.SYS -- (NAVENG)
DRV - [2009/10/07 04:49:50 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/10/07 04:49:38 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2009/10/07 04:47:54 | 000,266,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/11/10 12:09:32 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2008/07/24 14:50:56 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\changer.sys -- (Changer)
DRV - [2008/04/14 00:10:28 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008/04/14 00:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/22 05:46:00 | 006,658,592 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/09/06 10:35:42 | 000,034,671 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nipplpt.sys -- (nipplpt2)
DRV - [2007/08/27 17:13:36 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/08/27 17:13:32 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/07/26 19:25:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\spbbcdrv.sys -- (SPBBCDrv)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/06/14 11:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2006/04/07 18:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vnusb.sys -- (VNUSB)
DRV - [2006/02/10 04:31:00 | 000,039,936 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2006/01/21 00:08:00 | 000,108,928 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (Tosrfbd)
DRV - [2006/01/12 00:29:42 | 000,062,848 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfhid.sys -- (Tosrfhid)
DRV - [2005/12/28 14:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/12/09 16:35:00 | 000,018,816 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pbadrv.sys -- (PBADRV)
DRV - [2005/12/09 13:44:22 | 000,028,800 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tcusb.sys -- (TcUsb)
DRV - [2005/12/05 07:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel®
DRV - [2005/12/01 08:40:56 | 000,936,960 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2005/12/01 08:40:12 | 000,192,512 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2005/12/01 08:40:08 | 000,669,696 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2005/11/10 17:25:14 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/10/14 07:54:16 | 000,017,290 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btpmw32.sys -- (BCMTPM)
DRV - [2005/09/29 02:57:18 | 000,113,847 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2005/09/12 04:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/18 01:00:00 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavalys\EVEREST Home Edition\kerneld.wnt -- (EverestDriver)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/12 06:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/08/01 22:45:08 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfcom.sys -- (Tosrfcom)
DRV - [2004/02/13 17:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.09
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/24 15:28:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/31 19:22:39 | 000,000,000 | ---D | M]

[2009/08/03 13:01:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Belal\Application Data\Mozilla\Extensions
[2010/05/24 23:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions
[2010/01/11 20:51:03 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009/09/05 12:41:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/24 23:47:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/30 20:13:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2600 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\DOCUME~1\Belal\LOCALS~1\Temp\1278278022.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\biolsp.dll (Wave Systems Corp.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1216929332812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1216929313687 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://www.cvsphoto.com/upload/activex/v3_...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://vpn.msnyuhealth.org/dana-cached/set...perSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 130.64.5.5 130.64.1.13 130.64.63.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Belal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Belal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/25 13:00:19 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2191913200-2470386681-2708119268-1008\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 13:08:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/25 13:00:19 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/05/24 23:44:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Desktop\sisexe.cgi_files
[2010/05/23 14:59:23 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
[2010/05/19 20:01:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Belal\Recent
[2010/05/19 03:52:38 | 000,017,144 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/19 03:52:37 | 000,038,472 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/19 03:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/19 02:16:29 | 034,595,080 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Belal\Desktop\IEXPLORE.exe
[2010/05/19 02:09:57 | 003,879,288 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Belal\Desktop\procexp.exe
[2010/05/19 00:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/19 00:15:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/18 23:53:55 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/05/18 23:53:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/18 23:53:38 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/18 23:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/18 23:53:22 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/18 23:52:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\ATManager
[2010/05/18 23:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/30 22:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\ooVoo Details
[2010/04/30 22:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\ooVoo
[2010/04/30 20:15:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\skypePM
[2010/04/30 20:13:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Application Data\Skype
[2010/04/30 20:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/04/30 20:12:52 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/04/30 20:12:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/04/30 20:07:34 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2010/04/30 20:07:34 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2010/04/30 20:07:33 | 006,756,632 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvc.sys
[2010/04/30 20:07:32 | 000,539,160 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2010/04/30 20:07:07 | 000,266,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvrs.sys
[2010/04/30 20:07:07 | 000,199,192 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci12101110.dll
[2010/04/30 20:06:30 | 000,023,832 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lvuvcflt.sys
[2010/04/30 20:05:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010/04/30 20:05:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/04/30 20:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/04/30 19:59:27 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010/04/30 19:59:20 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010/04/30 19:59:13 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010/04/30 19:59:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010/04/30 19:59:12 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010/04/30 19:59:09 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010/04/30 19:59:05 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010/04/30 19:59:00 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010/04/30 19:58:55 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010/04/30 19:58:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys
[2010/04/30 19:58:45 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2010/04/30 19:58:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010/04/30 19:58:29 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010/04/30 19:58:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010/04/30 19:58:28 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010/04/30 19:58:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010/04/30 19:58:26 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010/04/30 19:58:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010/04/30 19:58:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010/04/30 19:58:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dshowext.ax
[2010/04/30 19:58:24 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dshowext.ax
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/26 02:17:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Belal\Desktop\Backup April 26th
[2009/08/31 08:49:39 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2009/08/31 08:49:39 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2009/08/31 08:49:39 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2009/08/31 08:49:39 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2009/08/31 08:49:39 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2009/08/31 08:49:39 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2009/08/31 08:49:39 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2009/08/31 08:49:39 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2009/08/31 08:49:39 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2009/08/31 08:49:39 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2009/08/31 08:49:39 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll

========== Files - Modified Within 30 Days ==========

[2010/05/25 13:12:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/25 13:12:15 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/25 13:11:30 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/25 13:10:22 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/25 13:10:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/25 13:10:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/25 13:09:25 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Belal\NTUSER.DAT
[2010/05/25 13:09:02 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Belal\ntuser.ini
[2010/05/25 12:58:50 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Flash_Disinfector.exe
[2010/05/25 00:09:30 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Jury Duty Letter.doc
[2010/05/24 23:46:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk
[2010/05/24 23:44:31 | 000,001,091 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\sisexe.cgi.htm
[2010/05/23 14:59:24 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Belal\Desktop\OTL(2).exe
[2010/05/19 21:32:05 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\dds.scr
[2010/05/19 03:52:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 03:50:22 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\HijackThis.lnk
[2010/05/19 03:35:19 | 000,001,014 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/19 03:35:19 | 000,000,327 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/19 03:35:19 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/05/19 03:32:33 | 034,595,080 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Belal\Desktop\IEXPLORE.exe
[2010/05/19 02:16:05 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/19 02:10:37 | 003,879,288 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Belal\Desktop\procexp.exe
[2010/05/19 02:08:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\iexplore.exe.exe
[2010/05/18 23:50:27 | 000,001,447 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\DivX Movies.lnk
[2010/05/18 23:50:01 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/18 23:49:44 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/17 01:35:41 | 000,039,936 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Final-essay 2 research paper(1).doc
[2010/05/16 23:25:44 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Social.doc
[2010/05/16 16:44:45 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\downloads(1)
[2010/05/16 15:36:32 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\3526054497.doc
[2010/05/14 12:11:04 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Sharewood Attendees May 15th.xls
[2010/05/10 01:06:38 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Summer Sharewood Clinic Scheduling Sign Ups.xls
[2010/05/10 00:50:04 | 000,057,938 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\album.php
[2010/05/09 15:38:32 | 033,803,020 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_19__March_8__2010.m4a
[2010/05/08 21:49:31 | 030,852,589 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_18__March_4__2010.m4a
[2010/05/08 21:49:00 | 030,257,634 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_17__March_2__2010.m4a
[2010/05/08 21:48:30 | 023,814,931 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_16_2010_March_1__2010.m4a
[2010/05/08 21:46:22 | 025,107,110 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_14_February_23__2010.m4a
[2010/05/08 17:54:55 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\Solitare High Score.doc
[2010/05/08 15:13:05 | 000,176,571 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Integration of Neurology, Psychiatry, and the Neurosciences.pdf
[2010/05/08 03:07:25 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\fdwebaudio_asx_video_x_ms_asf_Object_fdwebaudio.asx
[2010/05/07 05:08:02 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/07 03:18:30 | 029,042,999 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Lecture_5_February_1__2010.m4a
[2010/05/06 18:08:15 | 000,066,915 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/05/01 19:09:06 | 000,002,308 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\ACTION.htm
[2010/05/01 16:28:25 | 000,089,351 | ---- | M] () -- C:\Documents and Settings\Belal\Desktop\Concert Board Budget 2010.pdf
[2010/05/01 15:48:48 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Belal\My Documents\RGR Graph.doc
[2010/04/30 22:28:58 | 000,000,467 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/04/30 20:15:18 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/30 20:12:56 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 20:10:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/04/30 20:10:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/04/30 20:05:50 | 000,001,850 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl

========== Files Created - No Company Name ==========

[2010/05/25 12:58:49 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Flash_Disinfector.exe
[2010/05/24 23:52:21 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Jury Duty Letter.doc
[2010/05/24 23:44:29 | 000,001,091 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\sisexe.cgi.htm
[2010/05/19 21:32:03 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\dds.scr
[2010/05/19 03:52:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/19 03:50:22 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\HijackThis.lnk
[2010/05/19 03:35:20 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 3.lnk
[2010/05/19 03:35:20 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk
[2010/05/19 03:35:20 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/19 03:35:20 | 000,000,493 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2010/05/19 02:08:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\iexplore.exe.exe
[2010/05/18 23:51:27 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/18 23:50:01 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Player.lnk
[2010/05/18 23:49:44 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Plus Converter.lnk
[2010/05/17 01:35:41 | 000,039,936 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Final-essay 2 research paper(1).doc
[2010/05/16 23:25:44 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Social.doc
[2010/05/16 16:40:45 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\downloads(1)
[2010/05/16 15:36:31 | 000,047,104 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\3526054497.doc
[2010/05/14 12:11:04 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Sharewood Attendees May 15th.xls
[2010/05/10 01:06:38 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Summer Sharewood Clinic Scheduling Sign Ups.xls
[2010/05/10 00:50:02 | 000,057,938 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\album.php
[2010/05/09 15:38:13 | 033,803,020 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_19__March_8__2010.m4a
[2010/05/08 21:49:30 | 030,852,589 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_18__March_4__2010.m4a
[2010/05/08 21:48:59 | 030,257,634 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_17__March_2__2010.m4a
[2010/05/08 21:48:29 | 023,814,931 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_16_2010_March_1__2010.m4a
[2010/05/08 21:46:21 | 025,107,110 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_14_February_23__2010.m4a
[2010/05/08 17:54:54 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\Solitare High Score.doc
[2010/05/08 15:13:05 | 000,176,571 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Integration of Neurology, Psychiatry, and the Neurosciences.pdf
[2010/05/08 03:07:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\fdwebaudio_asx_video_x_ms_asf_Object_fdwebaudio.asx
[2010/05/07 03:16:11 | 029,042,999 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Lecture_5_February_1__2010.m4a
[2010/05/01 19:09:05 | 000,002,308 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\ACTION.htm
[2010/05/01 16:28:25 | 000,089,351 | ---- | C] () -- C:\Documents and Settings\Belal\Desktop\Concert Board Budget 2010.pdf
[2010/05/01 15:48:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Belal\My Documents\RGR Graph.doc
[2010/04/30 22:28:58 | 000,000,467 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ooVoo.lnk
[2010/04/30 20:15:18 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/30 20:12:56 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/04/30 20:10:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/04/30 20:07:32 | 000,266,828 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVAFT.cfg
[2010/04/30 20:07:07 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/04/30 20:07:07 | 000,034,068 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg
[2010/04/30 20:06:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/04/30 20:05:50 | 000,001,850 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech Webcam Software.lnk
[2010/02/03 19:50:03 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2010/02/03 19:50:03 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/31 08:50:09 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2009/08/31 08:50:08 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2009/08/31 08:49:55 | 000,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2009/08/31 08:49:55 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2009/08/31 08:49:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2009/08/31 08:49:39 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2009/08/31 08:49:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2009/08/15 13:19:04 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/07/29 10:12:46 | 000,034,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\nipplpt.sys
[2008/07/24 15:49:34 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/24 15:49:34 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/24 15:49:32 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/24 15:49:31 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/18 13:47:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/05/18 13:44:25 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/11 17:55:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/05/11 17:53:52 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/05/11 17:50:55 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/05/11 17:50:55 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/05/11 17:29:54 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/25 18:19:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_en.dll
[2006/03/24 16:19:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2006/03/24 16:14:34 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2006/03/24 16:14:28 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2006/03/24 16:14:22 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2006/03/24 16:14:18 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2006/03/24 16:14:12 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2006/03/24 16:14:08 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2006/03/24 16:14:02 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2006/03/24 16:13:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2006/03/24 16:13:52 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2006/03/24 16:13:46 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2006/03/09 13:25:24 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2006/03/09 13:24:10 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\detoured.dll
[2005/12/01 15:41:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2005/11/30 14:33:06 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\Tsp.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_RUS.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ITA.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_FRA.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ESN.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_ENU.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_DEU.dll
[2005/11/30 14:33:06 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\TspPopup_CHS.dll
[2005/11/10 09:38:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/09/20 14:36:06 | 000,798,720 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2005/09/01 22:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 22:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/07/21 16:03:14 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/07/20 18:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/07/20 15:27:52 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/01/15 15:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

MBR.log

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8AFAAD01]<<
kernel: MBR read successfully
user & kernel MBR OK


Attached Files



#9 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 25 May 2010 - 02:28 PM

One or more of the identified infections is a backdoor trojan/Rootkit.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

If you decide you want to proceed with trying to clean your machine please follow these next steps.



Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed, click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

unite.jpg


#10 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 25 May 2010 - 09:00 PM

Thanks Syler, here is the log it produced:

ComboFix 10-05-25.02 - Belal 05/25/2010 21:49:32.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2739 [GMT -4:00]
Running from: c:\documents and settings\Belal\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Belal\Application Data\ATManager
c:\documents and settings\Belal\Application Data\ATManager\metafiles\e7e2135bcdfc87179deacdb1cdac8b7a.torrent
C:\ErrLog.txt
c:\windows\system32\st325602.dll

Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-25 17:08 . 2010-05-25 17:08 -------- d-----w- C:\_OTL
2010-05-25 16:44 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\e93k7yW.dll
2010-05-25 03:27 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\K7y317.dll
2010-05-24 17:48 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\YWSK5.dll
2010-05-24 16:43 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll
2010-05-24 16:25 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\yWS9317y.dll
2010-05-23 18:44 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\m3gMY3cEI.dll
2010-05-20 22:58 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mY17931a9.dll
2010-05-20 08:07 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\UOCE1a.dll
2010-05-20 03:37 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\gMYWS3eI9.dll
2010-05-20 02:43 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\AAAA5.dll
2010-05-19 23:52 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\MYW9uOCE.dll
2010-05-19 07:52 . 2008-07-31 00:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 07:52 . 2008-07-31 00:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 07:50 . 2010-05-19 07:50 -------- d-----w- c:\program files\Trend Micro
2010-05-19 07:27 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\i31q9wS7e.dll
2010-05-19 06:20 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\C9s17sK.dll
2010-05-19 03:53 . 2010-05-19 03:53 -------- d-----w- C:\spoolerlogs
2010-05-19 03:53 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-19 03:53 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-19 03:53 . 2008-04-14 04:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-19 03:53 . 2008-04-14 04:11 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-05-19 03:51 . 2010-05-19 03:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-19 03:51 . 2010-05-19 03:51 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\cEIQGMY9.dll
2010-05-19 03:50 . 2010-05-19 03:46 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-19 03:50 . 2010-05-19 03:46 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-19 03:50 . 2009-11-29 00:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-19 03:50 . 2010-05-19 03:50 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-19 03:50 . 2009-11-29 00:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-19 03:50 . 2010-05-19 03:50 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-19 03:50 . 2010-05-19 03:50 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-19 03:50 . 2010-05-19 03:50 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-19 03:46 . 2010-05-19 03:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-19 03:46 . 2010-05-19 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-01 02:29 . 2010-05-01 02:29 -------- d-----w- c:\documents and settings\Belal\Application Data\ooVoo Details
2010-05-01 02:28 . 2010-05-01 02:29 -------- d-----w- c:\program files\ooVoo
2010-05-01 00:15 . 2010-05-01 00:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-01 00:15 . 2010-05-01 00:15 -------- d-----w- c:\documents and settings\Belal\Application Data\skypePM
2010-05-01 00:13 . 2010-05-01 03:25 -------- d-----w- c:\documents and settings\Belal\Application Data\Skype
2010-05-01 00:12 . 2010-05-01 00:12 -------- d-----w- c:\program files\Common Files\Skype
2010-05-01 00:12 . 2010-05-01 00:13 -------- d-----r- c:\program files\Skype
2010-05-01 00:12 . 2010-05-01 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-01 00:07 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-01 00:07 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-01 00:07 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-01 00:07 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-01 00:07 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-01 00:07 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-05-01 00:07 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2010-05-01 00:06 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-05-01 00:05 . 2010-05-03 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-05-01 00:05 . 2010-05-01 00:08 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-01 00:05 . 2010-05-01 00:05 -------- d-----w- c:\program files\Logitech
2010-04-30 23:59 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-04-30 23:59 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-30 23:59 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-04-30 23:59 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-30 23:59 . 2008-04-14 04:16 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2010-04-30 23:59 . 2008-04-14 04:16 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-30 23:59 . 2008-04-14 04:16 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2010-04-30 23:59 . 2008-04-14 04:16 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-04-30 23:59 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2010-04-30 23:59 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-30 23:59 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-04-30 23:59 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-30 23:58 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-04-30 23:58 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-30 23:58 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-04-30 23:58 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-30 23:58 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-30 23:58 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 01:33 . 2008-07-24 18:50 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-19 07:52 . 2010-03-13 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 06:48 . 2009-12-20 18:24 -------- d-----w- c:\program files\Bonjour
2010-05-19 03:50 . 2009-08-23 00:02 -------- d-----w- c:\program files\DivX
2010-05-16 22:04 . 2009-08-02 21:39 -------- d-----w- c:\documents and settings\Belal\Application Data\vlc
2010-05-13 20:53 . 2010-04-19 21:07 439816 ----a-w- c:\documents and settings\Belal\Application Data\Real\Update\setup3.10\setup.exe
2010-05-07 09:07 . 2009-08-27 01:59 -------- d-----w- c:\program files\Steam
2010-05-06 22:08 . 2008-07-24 19:50 66915 ----a-w- c:\windows\system32\nvModes.dat
2010-05-06 14:36 . 2010-03-12 05:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 02:28 . 2006-05-11 21:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 00:10 . 2010-05-01 00:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:10 . 2010-05-01 00:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-31 01:58 . 2009-08-23 00:02 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2009-08-23 00:02 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-08-23 00:02 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-01-26 07:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 23:14 . 2010-03-07 23:14 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-18 122368]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2009-05-20 107176]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-2-3 118784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-11 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^Belal^Start Menu^Programs^Startup^..]
path=c:\documents and settings\Belal\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-08 00:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-03-09 17:26 98304 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 02:13 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2009-05-20 12:48 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-27 16:37 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-18 18:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 21:53 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-12-12 16:41 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\belalhakim@hotmail.com\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [7/29/2009 10:12 AM 34671]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/12/2009 4:15 PM 102448]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/31/2009 8:50 AM 98984]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\biolsp.dll
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 21:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*~* ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-05-25 21:57:13
ComboFix-quarantined-files.txt 2010-05-26 01:57

Pre-Run: 157,719,474,176 bytes free
Post-Run: 157,670,928,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 310EE1DB3F31B01CD1B65F8358425AE6


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 26 May 2010 - 07:02 AM

Hello,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/317900/post-antispywaresoft-removal-issues-and-internet-redirects/

Collect::
c:\windows\system32\Spool\prtprocs\w32x86\e93k7yW.dll
c:\windows\system32\Spool\prtprocs\w32x86\K7y317.dll
c:\windows\system32\Spool\prtprocs\w32x86\YWSK5.dll
c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll
c:\windows\system32\Spool\prtprocs\w32x86\yWS9317y.dll
c:\windows\system32\Spool\prtprocs\w32x86\m3gMY3cEI.dll
c:\windows\system32\Spool\prtprocs\w32x86\mY17931a9.dll
c:\windows\system32\Spool\prtprocs\w32x86\UOCE1a.dll
c:\windows\system32\Spool\prtprocs\w32x86\gMYWS3eI9.dll
c:\windows\system32\Spool\prtprocs\w32x86\AAAA5.dll
c:\windows\system32\Spool\prtprocs\w32x86\MYW9uOCE.dll
c:\windows\system32\Spool\prtprocs\w32x86\i31q9wS7e.dll
c:\windows\system32\Spool\prtprocs\w32x86\C9s17sK.dll
c:\windows\system32\Spool\prtprocs\w32x86\cEIQGMY9.dll
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001
"DisableNotifications"=dword:00000000
RegNull::
[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*~* ]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

unite.jpg


#12 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 26 May 2010 - 10:15 PM

Hey syler, here's the requested log. Also, I submitted a zipped file for analysis. Thanks again for the help!

ComboFix 10-05-25.02 - Belal 05/26/2010 23:01:35.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2706 [GMT -4:00]
Running from: c:\documents and settings\Belal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Belal\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

file zipped: c:\windows\system32\Spool\prtprocs\w32x86\AAAA5.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\C9s17sK.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\cEIQGMY9.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\e93k7yW.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\gMYWS3eI9.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\i31q9wS7e.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\K7y317.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\m3gMY3cEI.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\mY17931a9.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\MYW9uOCE.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\UOCE1a.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\yWS9317y.dll
file zipped: c:\windows\system32\Spool\prtprocs\w32x86\YWSK5.dll
.
The following files were disabled during the run:
c:\progra~1\PHAROS~1\Core\PRNTRACK.DLL


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Spool\prtprocs\w32x86\AAAA5.dll
c:\windows\system32\Spool\prtprocs\w32x86\c555y.dll
c:\windows\system32\Spool\prtprocs\w32x86\C9s17sK.dll
c:\windows\system32\Spool\prtprocs\w32x86\cEIQGMY9.dll
c:\windows\system32\Spool\prtprocs\w32x86\e93k7yW.dll
c:\windows\system32\Spool\prtprocs\w32x86\gMYWS3eI9.dll
c:\windows\system32\Spool\prtprocs\w32x86\i31q9wS7e.dll
c:\windows\system32\Spool\prtprocs\w32x86\K7y317.dll
c:\windows\system32\Spool\prtprocs\w32x86\m3gMY3cEI.dll
c:\windows\system32\Spool\prtprocs\w32x86\mY17931a9.dll
c:\windows\system32\Spool\prtprocs\w32x86\MYW9uOCE.dll
c:\windows\system32\Spool\prtprocs\w32x86\UOCE1a.dll
c:\windows\system32\Spool\prtprocs\w32x86\yWS9317y.dll
c:\windows\system32\Spool\prtprocs\w32x86\YWSK5.dll

.
((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-25 17:08 . 2010-05-25 17:08 -------- d-----w- C:\_OTL
2010-05-19 07:52 . 2008-07-31 00:07 17144 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 07:52 . 2008-07-31 00:07 38472 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 07:50 . 2010-05-19 07:50 -------- d-----w- c:\program files\Trend Micro
2010-05-19 03:53 . 2010-05-19 03:53 -------- d-----w- C:\spoolerlogs
2010-05-19 03:53 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-19 03:53 . 2008-04-14 04:10 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-19 03:53 . 2008-04-14 04:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-19 03:53 . 2008-04-14 04:11 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-05-19 03:51 . 2010-05-19 03:51 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-19 03:50 . 2010-05-19 03:46 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-19 03:50 . 2010-05-19 03:46 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-05-19 03:50 . 2009-11-29 00:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Converter\DivXConverterUninstall.exe
2010-05-19 03:50 . 2010-05-19 03:50 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-19 03:50 . 2009-11-29 00:35 530625 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-05-19 03:50 . 2010-05-19 03:50 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-19 03:50 . 2010-05-19 03:50 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-19 03:50 . 2010-05-19 03:50 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-19 03:46 . 2010-05-19 03:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-19 03:46 . 2010-05-19 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-01 02:29 . 2010-05-01 02:29 -------- d-----w- c:\documents and settings\Belal\Application Data\ooVoo Details
2010-05-01 02:28 . 2010-05-01 02:29 -------- d-----w- c:\program files\ooVoo
2010-05-01 00:15 . 2010-05-01 00:15 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-05-01 00:15 . 2010-05-01 00:15 -------- d-----w- c:\documents and settings\Belal\Application Data\skypePM
2010-05-01 00:13 . 2010-05-01 03:25 -------- d-----w- c:\documents and settings\Belal\Application Data\Skype
2010-05-01 00:12 . 2010-05-01 00:12 -------- d-----w- c:\program files\Common Files\Skype
2010-05-01 00:12 . 2010-05-01 00:13 -------- d-----r- c:\program files\Skype
2010-05-01 00:12 . 2010-05-01 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-01 00:07 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2.dll
2010-05-01 00:07 . 2009-10-07 08:43 416280 ----a-w- c:\windows\system32\lvcodec2.dll
2010-05-01 00:07 . 2009-10-07 08:49 6756632 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2010-05-01 00:07 . 2009-10-07 08:48 539160 ----a-w- c:\windows\system32\LVUI2RC.dll
2010-05-01 00:07 . 2009-10-07 08:47 266008 ----a-w- c:\windows\system32\drivers\lvrs.sys
2010-05-01 00:07 . 2009-10-07 08:43 199192 ----a-w- c:\windows\system32\lvci12101110.dll
2010-05-01 00:07 . 2009-10-07 08:24 34068 ----a-w- c:\windows\system32\Repository.reg
2010-05-01 00:06 . 2009-10-07 08:49 23832 ----a-w- c:\windows\system32\drivers\lvuvcflt.sys
2010-05-01 00:05 . 2010-05-03 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-05-01 00:05 . 2010-05-01 00:08 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-05-01 00:05 . 2010-05-01 00:05 -------- d-----w- c:\program files\Logitech
2010-04-30 23:59 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\drivers\mstee.sys
2010-04-30 23:59 . 2008-04-14 04:09 5504 ----a-w- c:\windows\system32\dllcache\mstee.sys
2010-04-30 23:59 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\drivers\ndisip.sys
2010-04-30 23:59 . 2008-04-14 04:16 10880 ----a-w- c:\windows\system32\dllcache\ndisip.sys
2010-04-30 23:59 . 2008-04-14 04:16 15232 ----a-w- c:\windows\system32\drivers\streamip.sys
2010-04-30 23:59 . 2008-04-14 04:16 15232 ----a-w- c:\windows\system32\dllcache\streamip.sys
2010-04-30 23:59 . 2008-04-14 04:16 11136 ----a-w- c:\windows\system32\drivers\slip.sys
2010-04-30 23:59 . 2008-04-14 04:16 11136 ----a-w- c:\windows\system32\dllcache\slip.sys
2010-04-30 23:59 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\drivers\wstcodec.sys
2010-04-30 23:59 . 2008-04-14 04:16 19200 ----a-w- c:\windows\system32\dllcache\wstcodec.sys
2010-04-30 23:59 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\drivers\nabtsfec.sys
2010-04-30 23:59 . 2008-04-14 04:16 85248 ----a-w- c:\windows\system32\dllcache\nabtsfec.sys
2010-04-30 23:58 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\drivers\ccdecode.sys
2010-04-30 23:58 . 2008-04-14 04:16 17024 ----a-w- c:\windows\system32\dllcache\ccdecode.sys
2010-04-30 23:58 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\drivers\usbaudio.sys
2010-04-30 23:58 . 2008-04-14 04:15 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-04-30 23:58 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-04-30 23:58 . 2008-04-14 09:42 53760 ----a-w- c:\windows\system32\dllcache\vfwwdm32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 01:33 . 2008-07-24 18:50 -------- d-----w- c:\program files\Symantec AntiVirus
2010-05-19 07:52 . 2010-03-13 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 06:48 . 2009-12-20 18:24 -------- d-----w- c:\program files\Bonjour
2010-05-19 03:50 . 2009-08-23 00:02 -------- d-----w- c:\program files\DivX
2010-05-16 22:04 . 2009-08-02 21:39 -------- d-----w- c:\documents and settings\Belal\Application Data\vlc
2010-05-13 20:53 . 2010-04-19 21:07 439816 ----a-w- c:\documents and settings\Belal\Application Data\Real\Update\setup3.10\setup.exe
2010-05-07 09:07 . 2009-08-27 01:59 -------- d-----w- c:\program files\Steam
2010-05-06 22:08 . 2008-07-24 19:50 66915 ----a-w- c:\windows\system32\nvModes.dat
2010-05-06 14:36 . 2010-03-12 05:27 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-01 02:28 . 2006-05-11 21:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-01 00:10 . 2010-05-01 00:10 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-01 00:10 . 2010-05-01 00:06 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-03-31 01:58 . 2009-08-23 00:02 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-03-31 01:58 . 2009-08-23 00:02 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58 . 2009-08-23 00:02 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58 . 2005-01-26 07:03 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-07 23:14 . 2010-03-07 23:14 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-05-26_01.55.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-27 02:23 . 2010-05-27 02:23 16384 c:\windows\Temp\Perflib_Perfdata_6c8.dat
+ 2004-08-11 22:00 . 2010-05-27 02:28 72978 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2010-03-14 23:24 72978 c:\windows\system32\perfc009.dat
+ 2004-08-11 22:00 . 2010-05-27 02:28 445938 c:\windows\system32\perfh009.dat
- 2004-08-11 22:00 . 2010-03-14 23:24 445938 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-18 122368]
"EzPrint"="c:\program files\Lexmark 2600 Series\ezprint.exe" [2009-05-20 107176]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2010-2-3 118784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-11 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\startupfolder\C:^Documents and Settings^Belal^Start Menu^Programs^Startup^..]
path=c:\documents and settings\Belal\Start Menu\Programs\Startup\..
backup=c:\windows\pss\..Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2005-10-08 00:13 176128 ----a-r- c:\program files\Apoint\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Document Manager]
2006-03-09 17:26 98304 ----a-w- c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-04 10:00 44032 ----a-w- c:\windows\ime\imkr6_1\imekrmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 02:13 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdnmon.exe]
2009-05-20 12:48 660136 ----a-w- c:\program files\Lexmark 2600 Series\lxdnmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-07-27 16:37 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-08-18 18:49 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-13 21:53 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2006-11-04 00:20 866584 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2008-12-12 16:41 157312 ----a-w- c:\program files\Zune\ZuneLauncher.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\belalhakim@hotmail.com\\counter-strike\\hl.exe"=
"c:\\WINDOWS\\system32\\lxdncoms.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnpswx.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdnjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdntime.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Lexmark 2600 Series\\lxdnlscn.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\PharosSystems\\Core\\CTskMstr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [7/29/2009 10:12 AM 34671]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\eengine\EraserUtilRebootDrv.sys [9/12/2009 4:15 PM 102448]
S2 lxdnCATSCustConnectService;lxdnCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdnserv.exe [8/31/2009 8:50 AM 98984]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [8/18/2005 1:00 AM 7168]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: %SYSTEMROOT%\system32\biolsp.dll
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
FF - ProfilePath - c:\documents and settings\Belal\Application Data\Mozilla\Firefox\Profiles\fnjzfw5x.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 23:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Intel\Wireless\Folders\x*~* ]
"Path"="c:\\WINDOWS\\system32\\config\\systemprofile\\Application Data\\Intel\\Wireless\\"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(876)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-05-26 23:08:48
ComboFix-quarantined-files.txt 2010-05-27 03:08
ComboFix2.txt 2010-05-26 01:57

Pre-Run: 157,640,392,704 bytes free
Post-Run: 157,593,690,112 bytes free

- - End Of File - - A77FE495ADDE41A01CC43F81365DF455


#13 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 27 May 2010 - 08:21 AM

Hi Boston Kid,

That is looking better please let me know in your next reply how the computer is running
and if you are having any more problems.


You don't have the latest version of Java, you should run JavaRa to clean up any older Java, then
download and install the latest version from here.

Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then in your next reply, please let me know if you are having any more problems and post back here with the following logs:
  • ESET report
  • New DDS log

Thanks

unite.jpg


#14 Boston Kid

Boston Kid
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:05:09 PM

Posted 30 May 2010 - 12:28 AM

Hey Syler,

My sincere apologies for taking so long to reply, things are pretty hectic here, I'll be sure to post within the next day.

By the way, the computer has been running much better now, thank you very very very much.

-Boston Kid

#15 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:09 AM

Posted 30 May 2010 - 03:18 PM

Hi Boston Kid,

No worries about the delay, thanks for keeping me informed thumbup2.gif

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users