Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 huberwoller

huberwoller

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 20 May 2010 - 10:02 AM

Hi, I have had my World of Warcraft account compromised, I received and email stating my password had been changed so i immediately changed my password and started scanning, I run malwarebytes every week and this is the first time I've got a virus on this computer which has been running 4-5 years strong.

Now I haven't even played Warcraft for about 3-4 weeks when this happened so i am unsure how they had got my password, but i changed it like i said until i check my email again today and see that they changed it AGAIN from the new password i made, in addition to running malwarebytes full scan, i downloaded and ran AVG free, Avast! and Spybot S&D - nothing found still, so i am posting these logs in hopes that someone can help me, as i risk to lose a lot more than a wow account.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Justin at 8:03:46.26 on Thu 05/20/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2915 [GMT -6:00]


============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Justin\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 195.229.177.28:80
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - d:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [PlayNC Launcher]
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [GEST] =
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [LifeCam] "d:\program files\microsoft lifecam\LifeExp.exe"
mRun: [OODefragTray] d:\windows\system32\oodtray.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: d:\documents and settings\justin\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: d:\docume~1\justin\startm~1\programs\startup\produc~1.lnk - d:\program files\common files\logishared\ereg\setpoint\eReg.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - d:\program files\java\jre6\bin\jp2iexp.dll
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15110/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\justin\applic~1\mozilla\firefox\profiles\fg4x2z1a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - component: d:\program files\avg\avg9\firefox\components\avgssff.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, trued:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;d:\windows\system32\drivers\nx6000.sys [2009-12-3 30560]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;d:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R3 skfilt;skfilt;d:\windows\system32\drivers\skfilt.sys [2009-12-10 1670016]
S2 GEST Service;GEST Service for program management.;d:\program files\gigabyte\energysaver\GSvr.exe [2009-7-18 80392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;d:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-10 79360]
S3 DAdderFltr;DeathAdder Mouse;d:\windows\system32\drivers\dadder.sys [2009-8-16 22784]
S3 DFU;DFU;d:\windows\system32\drivers\MassDfu.sys [2009-12-3 12288]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

=============== Created Last 30 ================

2010-05-20 13:23:44 176 ----a-w- d:\documents and settings\justin\defogger_reenable
2010-05-20 12:55:29 0 d-----w- d:\program files\Trend Micro
2010-05-19 18:18:34 0 d-----w- d:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-19 16:16:49 0 d-----w- d:\program files\AVG
2010-05-07 19:52:46 41872 ----a-w- d:\windows\system32\xfcodec.dll

==================== Find3M ====================

2010-05-20 14:00:45 16608 ----a-w- d:\windows\gdrv.sys
2010-04-29 21:39:38 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39:26 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-22 20:02:54 215128 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-04-22 18:45:24 139128 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-03-08 23:39:49 1984 ----a-w- d:\windows\system32\d3d9caps.dat
2010-03-08 23:39:49 1648 ----a-w- d:\windows\system32\d3d8caps.dat
2010-03-02 19:31:21 138056 ----a-w- d:\docume~1\justin\applic~1\PnkBstrK.sys
2010-03-02 19:30:39 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-03-02 19:30:39 2434856 ----a-w- d:\windows\system32\pbsvc_bc2.exe

============= FINISH: 8:03:54.98 ===============




I also have a GMER log from what i was able to get of it? I tried 4 different times but it slowed down my computer to a point where it froze, (not sure if its because my drive is partitioned into 2 parts or not, but i have tried selecting C:\ by itself and D:\ and both at the same time, yet it still freezes so here is what i was able to get from ti anyway before it gets to the point where it freezes, if it's any help.




GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-20 09:37:29
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: D:\DOCUME~1\Justin\LOCALS~1\Temp\pfwyrfob.sys


---- Kernel code sections - GMER 1.0.15 ----

.text D:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB7658360, 0x3E57A5, 0xE8000020]
init D:\WINDOWS\system32\drivers\skfilt.sys entry point in "init" section [0xB4395430]
.text D:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB3B54300, 0x3AE88, 0xE8000020]
.text D:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB8388300, 0x1B7E, 0xE8000020]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0x51 0xF2 0x2A ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xC3 0xC9 0x44 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6E 0x30 0x82 0x91 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0x51 0xF2 0x2A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xC3 0xC9 0x44 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x42 0x48 0xCF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x87 0x51 0xF2 0x2A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xE1 0xC3 0xC9 0x44 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x5F 0x42 0x48 0xCF ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 045F1C09702A81AE0A929FE9C7F4632C6A95263983E2F7066CD70ED50E812FAEF6FDE59E31D4E2E4CF99C4E71E353A1E7233B1CB0A078FB76E2094C353B475FCDCAB4698C483C47960151E1CD830371F3ACD1DB6176399BC6A9AA143FC70083F657932BC7C633EC352D750B901E5F505611E5EB90E6F52082B871A41E6BE6122A54821C34CB42C50A50A03E7C46E515770B16F0875B4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DC038D530D6EB34528EDD5E5BE2F6E667C5FEA137F2121A7BB83C25E480FEAF0251E3F072C86CA775F54396C7D68D10C96D14ABC4110966B97F266191E007ED33A14C222FED0F201EB3A54AE3DFB6A16753B265753618CF64B234802D2EA4DC02906791B23C3CF3C7308664B68D1DFB22699A23E7A420DB0BC526E1BAF9445874B413C408340BFA8BC17E356EF3A49149E8459F8FA070B54F73EFC695D743E49FE660290D5E07321603DBEF8EA828F73CCDDDF6B5F251A968B73A5668E3752AAFC6140CF2C331B7A6D223AE6DC973E6EF58C4ABF468FAA99ED4629AB4B922F1E2B529233F74FDCF1355096DB475C73A708D0B22BD511C4D51CFF882CFFB042A0FD9CC054D03D4644271788A6550DA7558B37AA45202574C7470415FE150C968981D5FABC805117EB0531

---- EOF - GMER 1.0.15 ----


Thanks for any help, it will be much appreciated

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 21 May 2010 - 12:45 PM

Hello and and Welcome to Bleepingcomputer

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Thanks

unite.jpg


#3 huberwoller

huberwoller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 21 May 2010 - 11:56 PM

OTL logfile created on: 5/21/2010 11:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 128.00 Gb Total Space | 37.29 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
Drive D: | 170.09 Gb Total Space | 47.94 Gb Free Space | 28.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-21A5C81102
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
PRC - [2010/05/07 13:52:38 | 003,475,856 | ---- | M] (Xfire Inc.) -- D:\Xfire\Xfire.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 22:57:14 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/04/13 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:42:20 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\dwwin.exe


========== Modules (SafeList) ==========

MOD - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
MOD - [2010/05/07 13:52:48 | 000,962,448 | ---- | M] (Xfire Inc.) -- D:\Xfire\xfire_toucan_42628.dll
MOD - [2009/03/02 16:03:30 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 20:42:12 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/10 19:19:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/21 23:14:48 | 001,406,208 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- D:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/04/27 11:39:50 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Stopped] -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Stopped] -- D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/20 10:57:45 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/22 12:45:24 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/09 02:53:17 | 000,012,288 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\MassDfu.sys -- (DFU)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/08 18:02:44 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 10:19:32 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/30 10:19:31 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/18 17:41:53 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/09 12:25:12 | 000,038,304 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2008/06/20 05:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/16 01:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 15:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 15:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/12 10:50:56 | 001,670,016 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\skfilt.sys -- (skfilt)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- D:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1303643608-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-1303643608-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 195.229.177.28:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "173.14.223.170"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/05 10:20:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/20 13:53:24 | 000,000,000 | ---D | M]

[2010/04/30 17:14:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2010/05/21 13:57:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions
[2010/05/18 10:52:04 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/21 13:57:47 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/20 13:53:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/08 20:02:20 | 000,000,738 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] D:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] D:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKU\S-1-5-21-73586283-1303643608-682003330-1003..\Run: [PlayNC Launcher] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1303643608-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Justin\My Documents\Texas_Longhorns___Simple_by_Macchiavellian.jpg


















OTL Extras logfile created on: 5/21/2010 11:40:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 128.00 Gb Total Space | 37.29 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
Drive D: | 170.09 Gb Total Space | 47.94 Gb Free Space | 28.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-21A5C81102
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-73586283-1303643608-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files (x86)\Xfire\Xfire.exe" = E:\Program Files (x86)\Xfire\Xfire.exe:*:Enabled:Xfire -- File not found
"D:\Program Files\THQ\Company of Heroes\RelicCOH.exe" = D:\Program Files\THQ\Company of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes -- (THQ Canada Inc.)
"D:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe" = D:\Program Files\THQ\Company of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader -- (THQ Canada Inc.)
"D:\Program Files\Mass Effect\Binaries\MassEffect.exe" = D:\Program Files\Mass Effect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare)
"D:\Program Files\Mass Effect\MassEffectLauncher.exe" = D:\Program Files\Mass Effect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare)
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = D:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe" = C:\Steam\steamapps\common\america's army 3\Binaries\AA3Game.exe:*:Enabled:America's Army 3 -- File not found
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe" = C:\Program Files\Electronic Arts\Battlefield 2142 Deluxe Edition\BF2142.exe:*:Enabled:Battlefield 2142 -- ()
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Program Files\Microsoft LifeCam\LifeCam.exe" = D:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"D:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = D:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"D:\Program Files\Microsoft LifeCam\LifeExp.exe" = D:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"D:\Program Files\Microsoft LifeCam\LifeTray.exe" = D:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = D:\Program Files\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"D:\Program Files\Steam\Steam.exe" = D:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\bad company 2\BFBC2BetaUpdater.exe" = C:\bad company 2\BFBC2BetaUpdater.exe:*:Enabled:Battlefield Bad Company 2 - BETA -- File not found
"D:\Program Files\Steam\steamapps\common\battlefield 2\BF2.exe" = D:\Program Files\Steam\steamapps\common\battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe" = D:\Program Files\Steam\steamapps\common\stalker shadow of chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R.: Shadow of Chernobyl -- ()
"D:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe" = D:\Program Files\Steam\steamapps\common\killingfloor\System\KillingFloor.exe:*:Enabled:Killing Floor -- ()
"D:\Program Files\Ventrilo\Ventrilo.exe" = D:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"D:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe" = D:\Program Files\Steam\steamapps\common\battlefield bad company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company 2 -- (EA Digital Illusions CE AB)
"D:\Xfire\Xfire.exe" = D:\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"C:\EQ2SONY\LaunchPad.exe" = C:\EQ2SONY\LaunchPad.exe:*:Enabled:LaunchPad -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A9C9BD5-8588-40D4-8A1A-860E3D2ED6EE}" = NBA 2K10
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{14C87AA7-08E6-419F-A165-998EBE5023D7}" = Oblivion - Knights of the Nine
"{16D919E6-F019-4E15-BFBE-4A85EF19DA57}" = Oblivion - Spell Tomes
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 20
"{26FDF89A-FA65-4FA2-8522-37CC84DFDCEE}" = Mercenaries 2: World in Flames™
"{2F2E3D62-8B8C-448F-8900-451325E50948}" = Oblivion - Wizard's Tower
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{3ABEBD00-299D-4DCA-967F-B912163AB5EA}" = Oblivion - Horse Armor Pack
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{520F4B09-3A51-47A2-82B0-9FF1DC2D20FA}" = Oblivion - Vile Lair
"{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"{6663554C-2FC7-4CDC-809D-1BCD59189853}_is1" = Trine
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6D93BD2D-BA71-491A-926C-37FE1580CEE0}" = The Witcher Enhanced Edition - "Side Effects"
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B8.0711.1
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98BAFEF4-7A37-4E48-B66C-BA8D730EFFAF}" = Pocket Tanks Deluxe v1.3
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0A20753-92DF-4631-82B4-9CACE2FCED6A}" = Oblivion - The Fighter's Stronghold
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B210130E-835C-4581-A695-CE10616B8B55}_is1" = Driver Sweeper 2.0.5
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C05B1D21-D5B2-4126-87FE-E458616965E6}" = O&O Defrag Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC425CFC-EE78-4A91-AA25-3BFA65B75364}" = Oblivion - Orrery
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{EF295F5C-7B57-47AA-8889-6B3E8E214E89}" = Oblivion - Mehrunes Razor
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F50BF3E1-99C8-4908-A2C7-B19B2C6FEA47}" = The Witcher Enhanced Edition - "The Price of Neutrality"
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7BD547C-27B2-4279-8158-CDFFF65300F3}" = Aion
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"{FFFFFD17-B460-41EB-93F1-C48ABAD63828}" = Oblivion - Thieves Den
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"Clutch_is1" = Clutch
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Company of Heroes" = Company of Heroes
"Console Launcher" = Creative Console Launcher
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass (02/02/2007 1.0.5.0)
"Guild Wars" = Guild Wars
"Hamachi" = Hamachi 1.0.3.0
"InstallShield_{65A92AAA-3D05-4C94-9F70-731C05E60C16}" = NVIDIA System Update
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
"InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
"Major League Baseball 2K9" = Major League Baseball 2K9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SpeedFan" = SpeedFan (remove only)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1250" = Killing Floor
"Steam App 24860" = Battlefield 2
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 41310" = Altitude - Demo
"Steam App 4500" = S.T.A.L.K.E.R.: Shadow of Chernobyl
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1303643608-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2009 7:42:39 PM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1001
Description = Fault bucket 1516355859.

Error - 1/12/2010 3:31:14 AM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application borderlands.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/12/2010 3:31:18 AM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application borderlands.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/12/2010 3:31:26 AM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application borderlands.exe, version 1.0.0.0, faulting module
kernel32.dll, version 5.1.2600.5781, fault address 0x00012afb.

Error - 1/15/2010 10:21:36 PM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application core.exe, version 5.1.0.4, faulting module core.exe,
version 5.1.0.4, fault address 0x002d0063.

Error - 1/17/2010 4:55:54 AM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application bf2142.exe, version 0.0.0.0, faulting module
bf2142.exe, version 0.0.0.0, fault address 0x00b7189d.

Error - 2/3/2010 4:13:56 PM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.1.0.179, faulting module
unknown, version 0.0.0.0, fault address 0x07181d1c.

Error - 3/6/2010 5:24:57 PM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 9.0.0.4503, faulting module
msvidc32.dll, version 5.1.2600.0, fault address 0x00003007.

Error - 4/10/2010 1:46:59 PM | Computer Name = HOME-21A5C81102 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.1.0.179, faulting module
unknown, version 0.0.0.0, fault address 0x089b580c.

Error - 4/22/2010 6:59:30 PM | Computer Name = HOME-21A5C81102 | Source = Application Hang | ID = 1002
Description = Hanging application Gw.exe, version 1.0.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/20/2010 1:00:12 PM | Computer Name = HOME-21A5C81102 | Source = Service Control Manager | ID = 7034
Description = The Update Center Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 5/20/2010 2:52:04 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1002
Description = The IP address lease 66.169.200.182 for the Network Card with network
address 001FD08E83D5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 2:52:41 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001FD08E83D5.

Error - 5/20/2010 3:04:33 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1002
Description = The IP address lease 66.169.200.182 for the Network Card with network
address 001FD08E83D5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 3:47:24 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1002
Description = The IP address lease 66.169.200.182 for the Network Card with network
address 001FD08E83D5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/20/2010 3:47:57 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001FD08E83D5.

Error - 5/20/2010 9:38:55 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001FD08E83D5.

Error - 5/21/2010 12:42:14 AM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1002
Description = The IP address lease 66.169.200.182 for the Network Card with network
address 001FD08E83D5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 5/21/2010 12:43:31 AM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.11
on the Network Card with network address 001FD08E83D5.

Error - 5/21/2010 2:11:18 PM | Computer Name = HOME-21A5C81102 | Source = Dhcp | ID = 1002
Description = The IP address lease 66.169.200.182 for the Network Card with network
address 001FD08E83D5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).


< End of report >


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 22 May 2010 - 07:23 AM

You have only posted half of the OTL.txt file, can you post the whole log please.

unite.jpg


#5 huberwoller

huberwoller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 22 May 2010 - 11:46 AM

My apologies on that, I must have missed it, sorry - here is the full report


OTL logfile created on: 5/22/2010 11:34:36 AM - Run 3
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 80.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 128.00 Gb Total Space | 37.29 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
Drive D: | 170.09 Gb Total Space | 47.93 Gb Free Space | 28.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-21A5C81102
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
PRC - [2010/05/07 13:52:38 | 003,475,856 | ---- | M] (Xfire Inc.) -- D:\Xfire\Xfire.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 22:57:14 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2008/04/13 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:42:20 | 000,180,224 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\dwwin.exe


========== Modules (SafeList) ==========

MOD - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
MOD - [2010/05/07 13:52:48 | 000,962,448 | ---- | M] (Xfire Inc.) -- D:\Xfire\xfire_toucan_42628.dll
MOD - [2009/03/02 16:03:30 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2008/04/13 20:42:12 | 000,022,528 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\wsock32.dll
MOD - [2008/04/13 20:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/10 19:19:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/21 23:14:48 | 001,406,208 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- D:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/04/27 11:39:50 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Stopped] -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Stopped] -- D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/20 10:57:45 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/22 12:45:24 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/09 02:53:17 | 000,012,288 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\MassDfu.sys -- (DFU)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/08 18:02:44 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 10:19:32 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/30 10:19:31 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/18 17:41:53 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/09 12:25:12 | 000,038,304 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2008/06/20 05:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/16 01:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 15:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 15:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/12 10:50:56 | 001,670,016 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\skfilt.sys -- (skfilt)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- D:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-73586283-1303643608-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-73586283-1303643608-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 195.229.177.28:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "173.14.223.170"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/05 10:20:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/20 13:53:24 | 000,000,000 | ---D | M]

[2010/04/30 17:14:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2010/05/21 13:57:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions
[2010/05/18 10:52:04 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/21 13:57:47 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/20 13:53:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/08 20:02:20 | 000,000,738 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] D:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] D:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKU\S-1-5-21-73586283-1303643608-682003330-1003..\Run: [PlayNC Launcher] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] D:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1303643608-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Justin\My Documents\Texas_Longhorns___Simple_by_Macchiavellian.jpg
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 13:48:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell\AutoRun\command - "" = E:\Run.exe -- File not found
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell\AutoRun\command - "" = E:\Ctrun\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - D:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - D:\WINDOWS\system32\ias [2009/07/18 13:48:35 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - D:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XFR1 - D:\WINDOWS\System32\xfcodec.dll ()
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902053519425536)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/22 01:26:11 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Justin\Recent
[2010/05/20 14:18:45 | 000,164,048 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/20 14:18:45 | 000,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/20 14:18:44 | 000,023,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/20 14:18:43 | 000,046,672 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/20 14:18:42 | 000,100,432 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/20 14:18:42 | 000,094,800 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/20 14:18:41 | 000,028,880 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/20 14:18:32 | 000,165,032 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/05/20 14:18:32 | 000,038,848 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\avastSS.scr
[2010/05/20 13:53:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/05/20 13:53:24 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/05/20 06:55:29 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/05/19 12:18:34 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2010/05/19 12:18:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/19 10:16:49 | 000,000,000 | ---D | C] -- D:\Program Files\AVG
[2010/05/19 10:09:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[13 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/21 19:04:26 | 000,253,748 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml
[2010/05/20 14:18:45 | 000,001,717 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/20 14:18:42 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/05/20 14:10:07 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/05/20 10:58:13 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job
[2010/05/20 10:57:45 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- D:\WINDOWS\gdrv.sys
[2010/05/20 10:57:35 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/05/20 10:57:34 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/05/20 10:57:31 | 000,075,711 | ---- | M] () -- D:\WINDOWS\System32\oodbs.lor
[2010/05/20 07:23:47 | 000,000,176 | ---- | M] () -- D:\Documents and Settings\Justin\defogger_reenable
[2010/05/19 13:33:36 | 007,864,320 | -H-- | M] () -- D:\Documents and Settings\Justin\NTUSER.DAT
[2010/05/19 11:59:27 | 000,521,444 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 11:59:27 | 000,441,366 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/05/19 11:59:27 | 000,071,378 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/05/19 10:22:29 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/05/13 09:32:26 | 000,081,982 | ---- | M] () -- D:\Documents and Settings\Justin\My Documents\cc_20100513_093223.reg
[2010/05/12 15:30:17 | 000,000,681 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/07 13:52:46 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2010/05/06 14:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\avastSS.scr
[2010/05/06 14:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 14:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/01 00:38:37 | 000,013,312 | ---- | M] () -- D:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 02:13:53 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Justin\ntuser.ini
[2010/04/24 10:03:10 | 000,079,902 | ---- | M] () -- D:\Documents and Settings\Justin\My Documents\cc_20100424_100304.reg
[2010/04/22 14:04:10 | 000,000,514 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Guild Wars.lnk
[2010/04/22 14:02:54 | 000,215,128 | ---- | M] () -- D:\WINDOWS\System32\PnkBstrB.xtr
[2010/04/22 12:45:24 | 000,139,128 | ---- | M] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[3 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[13 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/20 14:18:45 | 000,001,717 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/20 07:23:44 | 000,000,704 | ---- | C] () -- D:\Documents and Settings\Justin\defogger_disable.log
[2010/05/20 07:23:44 | 000,000,176 | ---- | C] () -- D:\Documents and Settings\Justin\defogger_reenable
[2010/05/13 09:32:24 | 000,081,982 | ---- | C] () -- D:\Documents and Settings\Justin\My Documents\cc_20100513_093223.reg
[2010/05/07 13:52:46 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010/04/24 10:03:05 | 000,079,902 | ---- | C] () -- D:\Documents and Settings\Justin\My Documents\cc_20100424_100304.reg
[2010/03/11 23:14:53 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/10 19:18:39 | 000,151,040 | ---- | C] () -- D:\WINDOWS\System32\KSXPPI32.dll
[2009/12/10 19:18:39 | 000,025,262 | ---- | C] () -- D:\WINDOWS\System32\xfisk.ini
[2009/12/10 19:18:39 | 000,000,052 | ---- | C] () -- D:\WINDOWS\System32\ctzapxx.ini
[2009/11/01 18:27:37 | 000,001,816 | ---- | C] () -- D:\WINDOWS\TSearch.INI
[2009/08/10 13:01:13 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\psfind.dll
[2009/07/30 10:19:32 | 000,278,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/30 10:19:31 | 000,025,416 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/24 00:02:29 | 000,139,128 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/18 15:40:54 | 000,000,023 | ---- | C] () -- D:\WINDOWS\BlendSettings.ini
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[3 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/18 06:33:35 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/07/18 06:33:34 | 001,089,536 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/07/18 06:33:34 | 000,937,984 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 23 May 2010 - 06:48 AM

No problem.

Download and Run FlashDisinfector
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden file named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.



Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - No CLSID value found.
    O4 - HKLM..\Run: [GEST] File not found
    O4 - HKU\S-1-5-21-73586283-1303643608-682003330-1003..\Run: [PlayNC Launcher] File not found
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\Shell\AutoRun\command - "" = E:\Run.exe -- File not found
    :Commands
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL results
  • New OTL log
  • mbr.log

Thanks

unite.jpg


#7 huberwoller

huberwoller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 23 May 2010 - 12:06 PM

Thanks for all the help... here is the OTL results log :


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_USERS\S-1-5-21-73586283-1303643608-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
D:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a73e13-7396-11de-87c5-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a73e13-7396-11de-87c5-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28a73e13-7396-11de-87c5-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{28a73e13-7396-11de-87c5-806d6172696f}\ not found.
File E:\Run.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 13012145 bytes
->Flash cache emptied: 582 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Justin
->Temp folder emptied: 138300072 bytes
->Temporary Internet Files folder emptied: 34362 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36229903 bytes
->Flash cache emptied: 44314 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3503868 bytes
%systemroot%\System32 .tmp files removed: 1613377 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16492 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 184.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: Justin
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.5.0 log created on 05232010_115044

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\_avast5_\Webshlock.txt not found!

Registry entries deleted on Reboot...
----------------------------------------------------

OTL new log

OTL logfile created on: 5/23/2010 11:57:32 AM - Run 4
OTL by OldTimer - Version 3.2.5.0 Folder = D:\Documents and Settings\Justin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 86.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): D:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 128.00 Gb Total Space | 37.29 Gb Free Space | 29.13% Space Free | Partition Type: NTFS
Drive D: | 170.09 Gb Total Space | 48.07 Gb Free Space | 28.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-21A5C81102
Current User Name: Justin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/03 22:57:14 | 000,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2009/04/15 09:42:52 | 000,133,664 | ---- | M] (NVIDIA) -- D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2008/04/30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/13 20:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/05/21 23:39:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Justin\My Documents\Downloads\OTL.exe
MOD - [2008/04/13 20:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- D:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/12/10 19:19:47 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/08/21 23:14:48 | 001,406,208 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- D:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2009/07/24 15:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/04/27 11:39:50 | 000,121,376 | ---- | M] (NVIDIA) [Auto | Stopped] -- D:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009/04/15 09:42:54 | 000,186,912 | ---- | M] (NVIDIA) [Auto | Running] -- D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2008/07/11 19:00:06 | 000,080,392 | ---- | M] () [Auto | Stopped] -- D:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2008/04/30 10:27:50 | 000,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- D:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - [2010/05/23 11:51:54 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/22 12:45:24 | 000,139,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/09 02:53:17 | 000,012,288 | ---- | M] (Philips PTCL) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\MassDfu.sys -- (DFU)
DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/08/08 18:02:44 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/07/30 10:19:32 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/07/30 10:19:31 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/07/24 15:05:24 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/07/18 17:41:53 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- D:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/06 13:19:46 | 000,023,064 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2009/03/09 12:25:12 | 000,038,304 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2008/06/20 05:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/06/16 01:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 15:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 15:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 13:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/12 10:50:56 | 001,670,016 | ---- | M] (Creative) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\skfilt.sys -- (skfilt)
DRV - [2007/08/02 17:32:26 | 000,022,784 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\dadder.sys -- (DAdderFltr)
DRV - [2007/04/11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007/04/11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- D:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- D:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 195.229.177.28:80

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.77
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "173.14.223.170"
FF - prefs.js..network.proxy.http_port: 80


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/05 10:20:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/05/20 13:53:24 | 000,000,000 | ---D | M]

[2010/04/30 17:14:57 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Extensions
[2010/05/22 14:30:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions
[2010/05/18 10:52:04 | 000,000,000 | ---D | M] (NoScript) -- D:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\fg4x2z1a.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/05/22 14:30:09 | 000,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions
[2010/05/20 13:53:25 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/08 20:02:20 | 000,000,738 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avast5] D:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeCam] D:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] D:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] D:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] D:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] D:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareup...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareup...15110/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.113.206.10 24.217.0.5 24.217.201.67
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: D:\Documents and Settings\Justin\My Documents\Texas_Longhorns___Simple_by_Macchiavellian.jpg
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Justin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/18 13:48:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/23 11:42:37 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/05/23 11:42:37 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7a9807ec-7422-11de-9650-806d6172696f}\Shell\AutoRun\command - "" = E:\Ctrun\Start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - D:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 11:50:44 | 000,000,000 | ---D | C] -- D:\_OTL
[2010/05/23 11:42:37 | 000,000,000 | RHSD | C] -- D:\autorun.inf
[2010/05/23 11:26:39 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\Justin\Recent
[2010/05/22 21:54:18 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Justin\Application Data\ManyCam
[2010/05/20 14:18:45 | 000,164,048 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/20 14:18:45 | 000,019,024 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/20 14:18:44 | 000,023,376 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/20 14:18:43 | 000,046,672 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/20 14:18:42 | 000,100,432 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/20 14:18:42 | 000,094,800 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/20 14:18:41 | 000,028,880 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/20 14:18:32 | 000,165,032 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/05/20 14:18:32 | 000,038,848 | ---- | C] (ALWIL Software) -- D:\WINDOWS\System32\avastSS.scr
[2010/05/20 13:53:33 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/05/20 13:53:24 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/05/20 06:55:29 | 000,000,000 | ---D | C] -- D:\Program Files\Trend Micro
[2010/05/19 12:18:34 | 000,000,000 | ---D | C] -- D:\Program Files\Alwil Software
[2010/05/19 12:18:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/19 10:16:49 | 000,000,000 | ---D | C] -- D:\Program Files\AVG
[2010/05/19 10:09:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

========== Files - Modified Within 30 Days ==========

[2010/05/23 11:53:04 | 000,253,748 | ---- | M] () -- D:\WINDOWS\System32\NvApps.xml
[2010/05/23 11:52:22 | 000,000,260 | ---- | M] () -- D:\WINDOWS\tasks\WGASetup.job
[2010/05/23 11:51:54 | 000,016,608 | ---- | M] (Windows ® 2000 DDK provider) -- D:\WINDOWS\gdrv.sys
[2010/05/23 11:51:48 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/05/23 11:51:42 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/05/23 11:51:38 | 000,078,265 | ---- | M] () -- D:\WINDOWS\System32\oodbs.lor
[2010/05/23 11:51:00 | 008,126,464 | -H-- | M] () -- D:\Documents and Settings\Justin\NTUSER.DAT
[2010/05/23 11:46:00 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/05/22 21:57:06 | 000,031,490 | ---- | M] () -- D:\Documents and Settings\Justin\Desktop\image15001.jpg
[2010/05/20 14:18:45 | 000,001,717 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/20 14:18:42 | 000,002,626 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT
[2010/05/20 14:10:07 | 000,000,644 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2010/05/20 07:23:47 | 000,000,176 | ---- | M] () -- D:\Documents and Settings\Justin\defogger_reenable
[2010/05/19 11:59:27 | 000,521,444 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/19 11:59:27 | 000,441,366 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/05/19 11:59:27 | 000,071,378 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/05/13 09:32:26 | 000,081,982 | ---- | M] () -- D:\Documents and Settings\Justin\My Documents\cc_20100513_093223.reg
[2010/05/12 15:30:17 | 000,000,681 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Steam.lnk
[2010/05/07 13:52:46 | 000,041,872 | ---- | M] () -- D:\WINDOWS\System32\xfcodec.dll
[2010/05/06 14:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\avastSS.scr
[2010/05/06 14:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\aswBoot.exe
[2010/05/06 14:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 14:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 14:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 14:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 14:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 14:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 14:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- D:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/01 00:38:37 | 000,013,312 | ---- | M] () -- D:\Documents and Settings\Justin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- D:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 02:13:53 | 000,000,178 | -HS- | M] () -- D:\Documents and Settings\Justin\ntuser.ini
[2010/04/24 10:03:10 | 000,079,902 | ---- | M] () -- D:\Documents and Settings\Justin\My Documents\cc_20100424_100304.reg

========== Files Created - No Company Name ==========

[2010/05/22 21:57:06 | 000,031,490 | ---- | C] () -- D:\Documents and Settings\Justin\Desktop\image15001.jpg
[2010/05/20 14:18:45 | 000,001,717 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/05/20 07:23:44 | 000,000,704 | ---- | C] () -- D:\Documents and Settings\Justin\defogger_disable.log
[2010/05/20 07:23:44 | 000,000,176 | ---- | C] () -- D:\Documents and Settings\Justin\defogger_reenable
[2010/05/13 09:32:24 | 000,081,982 | ---- | C] () -- D:\Documents and Settings\Justin\My Documents\cc_20100513_093223.reg
[2010/05/07 13:52:46 | 000,041,872 | ---- | C] () -- D:\WINDOWS\System32\xfcodec.dll
[2010/04/24 10:03:05 | 000,079,902 | ---- | C] () -- D:\Documents and Settings\Justin\My Documents\cc_20100424_100304.reg
[2010/03/11 23:14:53 | 000,000,262 | ---- | C] () -- D:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/12/10 19:18:39 | 000,151,040 | ---- | C] () -- D:\WINDOWS\System32\KSXPPI32.dll
[2009/12/10 19:18:39 | 000,025,262 | ---- | C] () -- D:\WINDOWS\System32\xfisk.ini
[2009/12/10 19:18:39 | 000,000,052 | ---- | C] () -- D:\WINDOWS\System32\ctzapxx.ini
[2009/11/01 18:27:37 | 000,001,816 | ---- | C] () -- D:\WINDOWS\TSearch.INI
[2009/08/10 13:01:13 | 000,040,960 | ---- | C] () -- D:\WINDOWS\System32\psfind.dll
[2009/07/30 10:19:32 | 000,278,984 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys
[2009/07/30 10:19:31 | 000,025,416 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys
[2009/07/24 00:02:29 | 000,139,128 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/07/18 15:40:54 | 000,000,023 | ---- | C] () -- D:\WINDOWS\BlendSettings.ini
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- D:\WINDOWS\System32\xlive.dll.cat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- D:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- D:\WINDOWS\System32\AgCPanelFrench.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- D:\WINDOWS\System32\giveio.sys
< End of report >


And the MBR log



Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
kernel: MBR read successfully
user & kernel MBR OK


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 24 May 2010 - 06:53 AM

Your logs are looking ok to me, can you tell me if you are still having any problems?


Please download JavaRa and unzip it to your desktop.
Then Print these instructions as you won't have Internet access during this particular phase.

Close any instances of Internet Explorer before continuing
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English or the appropriate language...and click on Select.
  • JavaRa will open; Select Remove Older Versions, click yes, then ok.
  • A logfile will pop up, you can close it.
  • Now select Additional Tasks and check the following:
    Remove Useless JRE Files
    Remove Startup Entry
  • Click Go then ok to all the prompts, once done restart your computer.



Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push


Then please post back here with the following logs:
  • ESET report
  • New DDS log

unite.jpg


#9 huberwoller

huberwoller
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:58 PM

Posted 25 May 2010 - 12:03 PM

ESET didn't pick up anything, I'm not sure if i am or not - I haven't had the account or my email password reset again but i'm still not sure how it could have happened, as no scan has picked up any keyloggers or anything, here is the DDS log though. :






DDS (Ver_10-03-17.01) - NTFSx86
Run by Justin at 11:55:18.85 on Tue 05/25/2010
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2589 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Creative\Shared Files\CTAudSvc.exe
D:\WINDOWS\Explorer.EXE
svchost.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
D:\WINDOWS\system32\RUNDLL32.EXE
D:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\system32\dwwin.exe
D:\WINDOWS\system32\dwwin.exe
D:\WINDOWS\system32\dwwin.exe
D:\Xfire\Xfire.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Justin\My Documents\Downloads\dds(3).scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = 195.229.177.28:80
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [nwiz] d:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [LifeCam] "d:\program files\microsoft lifecam\LifeExp.exe"
mRun: [OODefragTray] d:\windows\system32\oodtray.exe
mRun: [avast5] d:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRunOnce: [RunNarrator] Narrator.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} - hxxp://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15110/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\justin\applic~1\mozilla\firefox\profiles\fg4x2z1a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - plugin: d:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, trued:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [2010-5-20 164048]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [2010-5-20 19024]
R2 avast! Antivirus;avast! Antivirus;d:\program files\alwil software\avast5\AvastSvc.exe [2010-5-20 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-5-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;d:\program files\alwil software\avast5\AvastSvc.exe [2010-5-20 40384]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;d:\windows\system32\drivers\nx6000.sys [2009-12-3 30560]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;d:\windows\system32\drivers\nvoclock.sys [2009-3-9 38304]
R3 skfilt;skfilt;d:\windows\system32\drivers\skfilt.sys [2009-12-10 1670016]
S2 GEST Service;GEST Service for program management.;d:\program files\gigabyte\energysaver\GSvr.exe [2009-7-18 80392]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;d:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-12-10 79360]
S3 DAdderFltr;DeathAdder Mouse;d:\windows\system32\drivers\dadder.sys [2009-8-16 22784]
S3 DFU;DFU;d:\windows\system32\drivers\MassDfu.sys [2009-12-3 12288]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;d:\windows\system32\drivers\manycam.sys --> d:\windows\system32\drivers\ManyCam.sys [?]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;d:\windows\system32\drivers\ScreamingBAudio.sys [2009-4-6 23064]

=============== Created Last 30 ================

2010-05-25 16:47:16 0 d-----w- d:\program files\ESET
2010-05-23 17:50:44 0 d-----w- D:\_OTL
2010-05-23 17:42:37 0 d-sha-r- D:\autorun.inf
2010-05-23 03:54:18 0 d-----w- d:\docume~1\justin\applic~1\ManyCam
2010-05-20 19:53:24 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-05-20 13:23:44 176 ----a-w- d:\documents and settings\justin\defogger_reenable
2010-05-20 12:55:29 0 d-----w- d:\program files\Trend Micro
2010-05-19 18:18:34 0 d-----w- d:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-19 16:16:49 0 d-----w- d:\program files\AVG
2010-05-07 19:52:46 41872 ----a-w- d:\windows\system32\xfcodec.dll

==================== Find3M ====================

2010-05-23 17:51:54 16608 ----a-w- d:\windows\gdrv.sys
2010-04-29 21:39:38 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 21:39:26 20952 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-04-22 20:02:54 215128 ----a-w- d:\windows\system32\PnkBstrB.exe
2010-04-22 18:45:24 139128 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2010-03-08 23:39:49 1984 ----a-w- d:\windows\system32\d3d9caps.dat
2010-03-08 23:39:49 1648 ----a-w- d:\windows\system32\d3d8caps.dat
2010-03-02 19:31:21 138056 ----a-w- d:\docume~1\justin\applic~1\PnkBstrK.sys
2010-03-02 19:30:39 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2010-03-02 19:30:39 2434856 ----a-w- d:\windows\system32\pbsvc_bc2.exe

============= FINISH: 11:55:27.35 ===============


#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 25 May 2010 - 02:25 PM

Your logs are looking clean to me.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.


Congratulations! You now appear clean! thumbup.gif

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Keeping Windows updated
It is extremely important to keep windows up to date with the latest service pack and patches. This will
prevent you from getting the malware which uses vulnerabilities found in windows to exploit your computer.
The easiest way to do this this is by making sure that Automatic Updates are always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you
do not update your antivirus software then it will not be able to catch any of the new variants that may come
out. If you use a commercial antivirus program you must make sure you keep renewing your subscription.
Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

Make sure all programs are updated
It is also possible for other programs on your computer to have security vulnerability that can allow malware
to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed
applications that are regularly patched to fix vulnerabilities. You can check these by visiting
Calendar of Updates or you can install Secunia PSI.

Install a Firewall
I can not stress how important it is that you use a third party Firewall on your computer. Without a firewall
your computer is susceptible to being hacked and taken over. Windows firewall is good for blocking inbound
connections but it does not block outbound connections. So if Malware manages to get onto your computer it
will be able to send data out when it wants. Here are some free firewalls, you only need to install one of these.

Zone Alarm
Outpost
PC Tools

After you install the third party firewall disable your Windows firewall. Go to My Computer >> Control Panel >> Windows Firewall
and choose Off (not recommended) option. Then click Apply and Ok.

Install an AntiSpyware Program
It is recommended that you have an Anti Spyware program installed alongside your Ani Virus, to add an extra
layer of protection. You should update and scan with it as you would with your Anti Virus, Most Anti Spyware
programs don't have active protection, unless you have a paid version, so in that case you can have more
than one installed for scanning purposes but you also don't want to bloat your computer with these
programs, so I would recommend having no more than two installed.

SuperAntiSpyware
Spybot - Search & Destroy
Ad-aware

Install Sanboxie
Sandboxie is a great program to help protect you against malware, working inside Sandboxie will basically
mean that, what you are doing will not make a permenant changes to your system, unless you allow it too.
So you can be surfing the web inside Sandboxie then if you happen to stumble upon a bad site and get
infected, you can simply delete the Sanbox and all is gone. Having said that, it can not be considered 100%
secure as no program can be, but it can be a great help and is an excellent program. You can find a download
link and more information about the program here.

Secure your browsing
Firefox is generally considered to be a lot safer that Internet Explorer, I would recommend that you install
Firefox and install some addons that will make the browser even safer. You can download the latest version
of Firefox here, if you already have firefox these are some good addons.

Recommended addons
NoScript
Adblock Plus
WOT

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs. You can find a tutorial and download link here.

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions here.


Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing smile.gif
Syler

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:58 AM

Posted 27 May 2010 - 08:23 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users