Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My crazy luck


  • This topic is locked This topic is locked
38 replies to this topic

#1 zippyzoe

zippyzoe

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 24 May 2010 - 11:08 AM

Was surfing last night and got some crazy spyware popup thing and eventually the popups got overblown before i could run my virus scan. So I tried a reboot. Upon restart, my computer kept rebooting right after the Windows XP screeen. So decided to go back to a restore point and run virus scan. Problem contnued. Tried to boot into all SAFE modes. Still keep rebooting. Tried boot disk and it failed and I received a system error. Told me to run chkdsk and retry. Chkdsk said everything was ok. Still can't get into safe mode. All I have is a dos prompt in the recovery mode.

my error is STOP 0X0000007B (0X78D2524, 0XC0000034, 0X00000000, 0X00000000)

Need my computer badly to get a report in today. I'm bummed.

Please help

Zz

EDIT: Moved from XP to Am I Infected forum ~ Hamluis.

Edited by hamluis, 24 May 2010 - 04:36 PM.


BC AdBot (Login to Remove)

 


#2 itsmevader

itsmevader

  • Banned Spammer
  • 11 posts
  • OFFLINE
  •  
  • Local time:12:28 AM

Posted 24 May 2010 - 12:50 PM

I guess, its not a problem wit OS, may be one of your hardware is failed, most probability is of your RAM. try to reinsert the RAM into motherboard and try again rebooting.

#3 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 24 May 2010 - 03:38 PM

OK...I removed all the RAM and reinstalled. Still same issue. Did some research and it appears as if I might have a virus.

You may receive a "Stop 0x0000007B" error message if your computer is infected with a boot-sector virus. If the problem is intermittent and you can start Windows, check your computer for viruses. If you find a virus, also check any floppy disks for viruses before you use them again.

All my virus software is on my harddrive.

Still no Safe Mode just a Dos prompt.

Waiting...

Zz



#4 caperdog

caperdog

  • BC Advisor
  • 954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nova Scotia
  • Local time:01:28 AM

Posted 24 May 2010 - 04:07 PM

it is possible that a virus can also infect your restore points (system volume information). if you suspect a virus (as i do) you should post to "Am I infected? What do I do" part of this forum.

#5 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 24 May 2010 - 05:13 PM

Good idea! I am not sure how to post a HI Jack log from a Dos prompt. I can't get into safe mode because my computer constantly reboots.

Any help is appreciated.

Zz

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:28 AM

Posted 25 May 2010 - 04:04 AM

Hi Zippyzoe, please see if you can follow these steps. I am moving this topic to a more appropriate forum.

On a working computer please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 May 2010 - 11:09 AM

Thank You for the quick response to my issue --

OTL logfile created on: 5/25/2010 12:40:54 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 7.99 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 13.33 Gb Free Space | 2.86% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 46.41 Gb Free Space | 3.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2009/08/20 14:19:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/28 18:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/21 19:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 08:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/04/19 23:29:44 | 000,411,168 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/05/13 11:19:22 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/20 14:19:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 14:19:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/10 10:51:07 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/19 15:13:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/02/19 15:13:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/01 15:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/01 13:14:18 | 000,006,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Diamond\DIAMOND_XP_8.561\BIN\atiicdxx.sys -- (ATICDSDr)
DRV - [2008/10/31 11:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/16 08:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 08:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/27 01:45:29 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/09/19 18:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/28 20:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/28 12:43:40 | 001,404,288 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/06/23 11:38:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/03/22 22:57:36 | 000,033,688 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2006/08/16 03:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 09:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 09:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 05:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/06/20 15:36:00 | 000,059,776 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PnP680.sys -- (Pnp680)
DRV - [2006/02/26 17:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\Ron_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 11:43:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 11:43:28 | 000,000,000 | ---D | M]

[2009/12/28 13:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/01/18 16:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions
[2010/01/18 12:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions\staged-xpis
[2010/05/18 21:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/23 12:33:19 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/04/28 09:12:02 | 000,000,116 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O1 - Hosts: 255.255.255.255 hcurltest4
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Turtle Beach Riviera] C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKU\Guest_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Ron_ON_C..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKU\Ron_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://java.sun.com/products/plugin/autodl...indows-i586.cab (isInstalled Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 17:11:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/04 12:10:39 | 000,000,067 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 20:08:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/23 20:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx
[2010/05/20 00:58:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron\Recent
[2010/05/14 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\My Documents\Any Video Converter
[2010/05/14 22:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\AnvSoft
[2010/05/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/05/10 00:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\Unity
[2010/05/10 00:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\Unity
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2007/11/11 20:48:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ron\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/24 18:24:41 | 000,000,376 | RHS- | M] () -- C:\boot.ini
[2010/05/23 21:06:32 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/23 21:06:32 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 21:06:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 21:06:02 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/05/23 21:06:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 21:05:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ron\ntuser.ini
[2010/05/23 20:24:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 19:48:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job
[2010/05/23 19:44:32 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 19:44:16 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 17:13:39 | 060,315,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 17:11:42 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/20 11:26:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 11:41:32 | 000,319,589 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/05/14 22:21:24 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 17:38:34 | 000,136,646 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\stone.charles.resume.rtf
[2010/05/13 11:31:22 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/13 11:31:22 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/13 11:31:21 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 15:13:18 | 000,007,684 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 11:49:04 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\DivX Movies.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 12:40:30 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/17 11:41:30 | 000,319,589 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/03/07 17:34:18 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\eaeadafa8_s.dll
[2010/03/07 17:32:21 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/05 15:37:50 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/01/11 21:13:45 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/01/11 21:13:45 | 000,323,584 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/12/23 19:41:17 | 003,745,091 | ---- | C] () -- C:\Documents and Settings\Ron\__rzi_01.296
[2009/10/08 18:43:23 | 614,367,355 | ---- | C] () -- C:\Documents and Settings\Ron\grace
[2009/08/16 17:36:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\inst.exe
[2009/06/07 13:23:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/13 09:57:36 | 000,025,845 | ---- | C] () -- C:\Documents and Settings\Ron\Start Menu.rar
[2009/03/27 13:30:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2009/03/25 23:37:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/03/25 23:35:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.dll
[2009/03/25 23:35:29 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009/03/25 23:35:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2009/03/25 23:35:18 | 000,003,647 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009/03/25 23:35:18 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.imi
[2009/03/25 23:35:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\VMix.dll
[2009/03/25 23:35:13 | 000,000,785 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2009/03/01 10:58:59 | 003,723,189 | ---- | C] () -- C:\Documents and Settings\Ron\TheseAreMyCredentials1.pdf
[2009/01/27 02:03:38 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2009/01/27 01:20:24 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2009/01/27 01:20:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2009/01/27 01:20:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/12/24 14:27:49 | 002,351,616 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.1.17582.msi
[2008/12/11 13:13:52 | 002,327,552 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.0.16396.msi
[2008/10/30 12:58:29 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/15 12:43:11 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_PROTOCOL.log
[2008/10/15 12:43:11 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_API.log
[2008/10/15 12:43:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_UI.log
[2008/10/15 12:43:10 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/16 04:17:55 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\FASTWiz.log
[2008/04/13 14:12:37 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Guest\default.pls
[2008/04/13 14:10:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 18:56:30 | 003,000,782 | ---- | C] () -- C:\Documents and Settings\Ron\ProductContext1400.log
[2008/01/05 13:46:10 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Guest\ntuser.dat
[2008/01/05 13:46:10 | 000,069,632 | -H-- | C] () -- C:\Documents and Settings\Guest\NtUser.dat.LOG
[2008/01/05 13:46:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2007/11/15 11:57:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2007/11/11 20:54:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/11/11 20:49:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2007/11/11 20:48:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2007/11/11 20:48:25 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.log
[2007/11/11 20:48:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\ezpinst.exe
[2007/11/11 20:48:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.cat
[2007/11/11 20:48:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.inf
[2007/11/09 13:57:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/06/28 20:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/06/15 20:24:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/15 15:26:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/13 10:02:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ron\default.pls
[2007/06/13 10:00:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 18:15:39 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/02 17:18:12 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Ron\ntuser.ini
[2007/06/02 17:18:11 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Ron\ntuser.dat.LOG
[2007/06/02 17:17:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/06/02 17:17:25 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/06/02 17:17:25 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/06/02 17:17:07 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/06/02 17:17:06 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/06/02 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/08/16 03:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 03:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 03:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 03:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 03:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 03:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 03:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/06/23 11:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\ACD Systems
[2010/05/14 22:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\AnvSoft
[2007/11/15 00:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Chicken Chase
[2008/12/09 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\DMCache
[2007/11/18 01:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\GameHouse
[2008/12/08 22:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\GrabPro
[2009/03/16 15:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Image Zone Express
[2009/08/16 21:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\InfraRecorder
[2007/06/25 04:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\JAM Software
[2007/12/13 14:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Leadertech
[2009/05/20 00:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\mjusbsp
[2009/04/08 22:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\MSNInstaller
[2008/12/09 18:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Orbit
[2007/11/17 00:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\PlayFirst
[2008/07/13 15:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Sammsoft
[2010/03/06 17:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Snappy Fax
[2010/03/05 14:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Snappy Fax Archives
[2009/03/26 23:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\TradeStation Technologies
[2009/02/18 05:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Uniblue
[2010/05/10 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Unity
[2010/05/20 16:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\uTorrent
[2009/08/16 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Vso
[2008/10/25 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\VTExtra
[2010/05/23 19:48:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job

========== Purity Check ==========


< End of report >

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2009/08/20 14:19:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/28 18:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/21 19:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 08:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/04/19 23:29:44 | 000,411,168 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/05/13 11:19:22 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/20 14:19:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 14:19:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/10 10:51:07 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/19 15:13:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/02/19 15:13:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/01 15:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/01 13:14:18 | 000,006,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Diamond\DIAMOND_XP_8.561\BIN\atiicdxx.sys -- (ATICDSDr)
DRV - [2008/10/31 11:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/16 08:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 08:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/27 01:45:29 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/09/19 18:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/28 20:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/28 12:43:40 | 001,404,288 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/06/23 11:38:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/03/22 22:57:36 | 000,033,688 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2006/08/16 03:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 09:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 09:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 05:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/06/20 15:36:00 | 000,059,776 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PnP680.sys -- (Pnp680)
DRV - [2006/02/26 17:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\Ron_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 11:43:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 11:43:28 | 000,000,000 | ---D | M]

[2009/12/28 13:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/01/18 16:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions
[2010/01/18 12:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions\staged-xpis
[2010/05/18 21:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/23 12:33:19 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/04/28 09:12:02 | 000,000,116 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O1 - Hosts: 255.255.255.255 hcurltest4
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Turtle Beach Riviera] C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKU\Guest_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Ron_ON_C..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKU\Ron_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://java.sun.com/products/plugin/autodl...indows-i586.cab (isInstalled Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 17:11:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/04 12:10:39 | 000,000,067 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/23 20:08:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/23 20:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx
[2010/05/20 00:58:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron\Recent
[2010/05/14 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\My Documents\Any Video Converter
[2010/05/14 22:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\AnvSoft
[2010/05/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/05/10 00:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\Unity
[2010/05/10 00:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\Unity
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2007/11/11 20:48:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ron\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 12:43:07 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Guest\ntuser.dat
[2010/05/24 18:24:41 | 000,000,376 | RHS- | M] () -- C:\boot.ini
[2010/05/23 21:06:32 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/23 21:06:32 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 21:06:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 21:06:02 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/05/23 21:06:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 21:05:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ron\ntuser.ini
[2010/05/23 20:24:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 19:48:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job
[2010/05/23 19:44:32 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 19:44:16 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 17:13:39 | 060,315,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 17:11:42 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/20 11:26:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 11:41:32 | 000,319,589 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/05/14 22:21:24 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 17:38:34 | 000,136,646 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\stone.charles.resume.rtf
[2010/05/13 11:31:22 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/13 11:31:22 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/13 11:31:21 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 15:13:18 | 000,007,684 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 11:49:04 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\DivX Movies.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 12:40:30 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/17 11:41:30 | 000,319,589 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/03/07 17:34:18 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\eaeadafa8_s.dll
[2010/03/07 17:32:21 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/05 15:37:50 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/01/11 21:13:45 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/01/11 21:13:45 | 000,323,584 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/12/23 19:41:17 | 003,745,091 | ---- | C] () -- C:\Documents and Settings\Ron\__rzi_01.296
[2009/10/08 18:43:23 | 614,367,355 | ---- | C] () -- C:\Documents and Settings\Ron\grace
[2009/08/16 17:36:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\inst.exe
[2009/06/07 13:23:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/13 09:57:36 | 000,025,845 | ---- | C] () -- C:\Documents and Settings\Ron\Start Menu.rar
[2009/03/27 13:30:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2009/03/25 23:37:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/03/25 23:35:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.dll
[2009/03/25 23:35:29 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009/03/25 23:35:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2009/03/25 23:35:18 | 000,003,647 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009/03/25 23:35:18 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.imi
[2009/03/25 23:35:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\VMix.dll
[2009/03/25 23:35:13 | 000,000,785 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2009/03/01 10:58:59 | 003,723,189 | ---- | C] () -- C:\Documents and Settings\Ron\TheseAreMyCredentials1.pdf
[2009/01/27 02:03:38 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2009/01/27 01:20:24 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2009/01/27 01:20:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2009/01/27 01:20:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/12/24 14:27:49 | 002,351,616 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.1.17582.msi
[2008/12/11 13:13:52 | 002,327,552 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.0.16396.msi
[2008/10/30 12:58:29 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/15 12:43:11 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_PROTOCOL.log
[2008/10/15 12:43:11 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_API.log
[2008/10/15 12:43:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_UI.log
[2008/10/15 12:43:10 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/16 04:17:55 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\FASTWiz.log
[2008/04/13 14:12:37 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Guest\default.pls
[2008/04/13 14:10:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 18:56:30 | 003,000,782 | ---- | C] () -- C:\Documents and Settings\Ron\ProductContext1400.log
[2008/01/05 13:46:10 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Guest\ntuser.dat
[2008/01/05 13:46:10 | 000,077,824 | -H-- | C] () -- C:\Documents and Settings\Guest\NtUser.dat.LOG
[2008/01/05 13:46:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2007/11/15 11:57:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2007/11/11 20:54:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/11/11 20:49:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2007/11/11 20:48:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2007/11/11 20:48:25 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.log
[2007/11/11 20:48:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\ezpinst.exe
[2007/11/11 20:48:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.cat
[2007/11/11 20:48:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.inf
[2007/11/09 13:57:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/06/28 20:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/06/15 20:24:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/15 15:26:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/13 10:02:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ron\default.pls
[2007/06/13 10:00:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 18:15:39 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/02 17:18:12 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Ron\ntuser.ini
[2007/06/02 17:18:11 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Ron\ntuser.dat.LOG
[2007/06/02 17:17:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/06/02 17:17:25 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/06/02 17:17:25 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/06/02 17:17:07 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/06/02 17:17:06 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/06/02 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/08/16 03:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 03:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 03:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 03:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 03:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 03:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 03:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2007/06/23 11:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\ACD Systems
[2010/05/14 22:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\AnvSoft
[2007/11/15 00:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Chicken Chase
[2008/12/09 18:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\DMCache
[2007/11/18 01:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\GameHouse
[2008/12/08 22:36:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\GrabPro
[2009/03/16 15:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Image Zone Express
[2009/08/16 21:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\InfraRecorder
[2007/06/25 04:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\JAM Software
[2007/12/13 14:43:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Leadertech
[2009/05/20 00:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\mjusbsp
[2009/04/08 22:39:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\MSNInstaller
[2008/12/09 18:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Orbit
[2007/11/17 00:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\PlayFirst
[2008/07/13 15:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Sammsoft
[2010/03/06 17:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Snappy Fax
[2010/03/05 14:09:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Snappy Fax Archives
[2009/03/26 23:05:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\TradeStation Technologies
[2009/02/18 05:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Uniblue
[2010/05/10 00:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Unity
[2010/05/20 16:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\uTorrent
[2009/08/16 17:44:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\Vso
[2008/10/25 12:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ron\Application Data\VTExtra
[2010/05/23 19:48:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job

========== Purity Check ==========



< End of report >


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:28 AM

Posted 25 May 2010 - 01:16 PM

Hello again, looks like a nasty rootkit. Lets see if we can find a replacement copy for the infected driver smile.gif

Rerun OTLPE and copy/paste the text in the codebox below into the "run scan/fix" field in OTLPE. Click the NONE button and then Run Scan. Post me the resulting log (it will be a short one).
CODE
/md5start
disk.sys
/md5stop

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 May 2010 - 02:17 PM

Here you go .....

OTL logfile created on: 5/25/2010 4:15:09 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 7.99 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 13.33 Gb Free Space | 2.86% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 46.41 Gb Free Space | 3.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.74 Gb Total Space | 0.32 Gb Free Space | 8.44% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Custom Scans ==========


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:28 AM

Posted 25 May 2010 - 02:40 PM

I think something went wrong there. Are you absolutely sure you copied all text (or did you paste the complete log)?

At least the infected copy of disk.sys ought to be listed by this custom scan.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 May 2010 - 02:46 PM

Just those 3 lines? Will try again.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:28 AM

Posted 25 May 2010 - 02:47 PM

Okay smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 May 2010 - 02:59 PM

Hope this is it.

OTL logfile created on: 5/25/2010 4:51:26 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 7.99 Gb Free Space | 10.73% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 13.33 Gb Free Space | 2.86% Space Free | Partition Type: NTFS
Drive E: | 1397.26 Gb Total Space | 46.41 Gb Free Space | 3.32% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 3.74 Gb Total Space | 0.32 Gb Free Space | 8.44% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
Drive X: | 280.77 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [On_Demand] -- -- (iPod Service)
SRV - File not found [On_Demand] -- -- (gusvc)
SRV - [2009/08/20 14:19:43 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/28 18:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/05/21 19:25:30 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2008/05/16 08:11:44 | 000,648,504 | ---- | M] (Pure Networks, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2007/04/19 23:29:44 | 000,411,168 | ---- | M] (Acronis) [Auto] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand] -- -- (MREMP50a64)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/05/13 11:19:22 | 000,068,168 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/02/21 02:20:47 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/08/20 14:19:54 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/20 14:19:54 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/10 10:51:07 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/19 15:13:54 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/02/19 15:13:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/12/01 15:13:40 | 003,452,928 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/01 13:14:18 | 000,006,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Diamond\DIAMOND_XP_8.561\BIN\atiicdxx.sys -- (ATICDSDr)
DRV - [2008/10/31 11:52:16 | 000,093,184 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/05/16 08:10:32 | 000,023,992 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/05/16 08:10:30 | 000,025,272 | ---- | M] (Pure Networks, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:40:47 | 000,036,352 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\disk.sys -- (Disk)
DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/27 01:45:29 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2007/09/19 18:16:32 | 004,617,728 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/28 20:01:48 | 000,042,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/28 12:43:40 | 001,404,288 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmudax3.sys -- (cmuda3)
DRV - [2007/06/23 11:38:34 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2007/03/22 22:57:36 | 000,033,688 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra)
DRV - [2006/08/16 03:35:00 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/07/11 09:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 09:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/06/28 05:38:56 | 000,105,088 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/06/20 15:36:00 | 000,059,776 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PnP680.sys -- (Pnp680)
DRV - [2006/02/26 17:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2002/11/18 16:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\Ron_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 10:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/17 11:43:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/17 11:43:28 | 000,000,000 | ---D | M]

[2009/12/28 13:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2010/01/18 16:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions
[2010/01/18 12:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\726as45i.default\extensions\staged-xpis
[2010/05/18 21:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/23 12:33:19 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/04/28 09:12:02 | 000,000,116 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 74.208.77.54 hcurltest1
O1 - Hosts: 82.165.161.232 hcurltest2
O1 - Hosts: 255.255.255.255 hcurltest4
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - Reg Error: Value error. File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\Guest_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - No CLSID value found.
O3 - HKU\Ron_ON_C\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found.
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [Device Detector] File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Turtle Beach Riviera] C:\Program Files\Turtle Beach\Riviera\TBRivieraTray.exe (Voyetra Turtle Beach, Inc.)
O4 - HKU\Guest_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Ron_ON_C..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O4 - HKU\Ron_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Ron_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - Reg Error: Value error. File not found
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {5852F5ED-8BF4-11D4-A245-0080C6F74284} http://java.sun.com/products/plugin/autodl...indows-i586.cab (isInstalled Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/02 17:11:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/08/04 12:10:39 | 000,000,067 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/25 16:48:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/23 20:08:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2010/05/23 20:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx
[2010/05/20 00:58:41 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ron\Recent
[2010/05/14 22:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\My Documents\Any Video Converter
[2010/05/14 22:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\AnvSoft
[2010/05/14 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\AnvSoft
[2010/05/10 00:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Application Data\Unity
[2010/05/10 00:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ron\Local Settings\Application Data\Unity
[2010/04/26 18:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2007/11/11 20:48:19 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ron\Application Data\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/25 16:50:35 | 001,048,576 | ---- | M] () -- C:\Documents and Settings\Guest\ntuser.dat
[2010/05/24 18:24:41 | 000,000,376 | RHS- | M] () -- C:\boot.ini
[2010/05/23 21:06:32 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/23 21:06:32 | 000,225,280 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/23 21:06:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/23 21:06:02 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/05/23 21:06:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/23 21:05:59 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Ron\ntuser.ini
[2010/05/23 20:24:00 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/23 19:48:30 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1A5BD98-0E9F-4BC8-8D1A-D03C17DBD9AB}.job
[2010/05/23 19:44:32 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/23 19:44:16 | 000,013,694 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/23 17:13:39 | 060,315,615 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/23 17:11:42 | 000,069,112 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/05/20 11:26:01 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 11:41:32 | 000,319,589 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/05/14 22:21:24 | 000,115,200 | ---- | M] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/13 17:38:34 | 000,136,646 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\stone.charles.resume.rtf
[2010/05/13 11:31:22 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/13 11:31:22 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/13 11:31:21 | 000,509,574 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 15:13:18 | 000,007,684 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 11:49:04 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Ron\Desktop\DivX Movies.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/04/26 18:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[30 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/25 12:40:30 | 000,008,192 | -H-- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
[2010/05/17 11:41:30 | 000,319,589 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\bookmarks-2010-05-17.json
[2010/05/14 22:27:25 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\Ron\Desktop\Any Video Converter.lnk
[2010/04/27 01:06:33 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Ron\My Documents\questions.doc
[2010/03/07 17:34:18 | 000,000,005 | -HS- | C] () -- C:\WINDOWS\System32\eaeadafa8_s.dll
[2010/03/07 17:32:21 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/05 15:37:50 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/01/11 21:13:45 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Ron\ntuser.dat
[2010/01/11 21:13:45 | 000,323,584 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2009/12/23 19:41:17 | 003,745,091 | ---- | C] () -- C:\Documents and Settings\Ron\__rzi_01.296
[2009/10/08 18:43:23 | 614,367,355 | ---- | C] () -- C:\Documents and Settings\Ron\grace
[2009/08/16 17:36:34 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\inst.exe
[2009/06/07 13:23:39 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/05/13 09:57:36 | 000,025,845 | ---- | C] () -- C:\Documents and Settings\Ron\Start Menu.rar
[2009/03/27 13:30:18 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WALLSTRT.INI
[2009/03/25 23:37:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2009/03/25 23:35:29 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.dll
[2009/03/25 23:35:29 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfl
[2009/03/25 23:35:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll
[2009/03/25 23:35:18 | 000,003,647 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.cfg
[2009/03/25 23:35:18 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Cmicnfg3.ini.imi
[2009/03/25 23:35:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\VMix.dll
[2009/03/25 23:35:13 | 000,000,785 | ---- | C] () -- C:\WINDOWS\cmudax3.ini
[2009/03/01 10:58:59 | 003,723,189 | ---- | C] () -- C:\Documents and Settings\Ron\TheseAreMyCredentials1.pdf
[2009/01/27 02:03:38 | 000,000,019 | ---- | C] () -- C:\WINDOWS\KNP.INI
[2009/01/27 01:20:24 | 000,271,264 | ---- | C] () -- C:\WINDOWS\System32\VBRUN100.DLL
[2009/01/27 01:20:24 | 000,004,608 | ---- | C] () -- C:\WINDOWS\MTNEWS.DLL
[2009/01/27 01:20:24 | 000,000,010 | ---- | C] () -- C:\WINDOWS\BestGame.ini
[2008/12/24 14:27:49 | 002,351,616 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.1.17582.msi
[2008/12/11 13:13:52 | 002,327,552 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-ie-release-1.9.0.16396.msi
[2008/10/30 12:58:29 | 002,869,760 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\cooliris-win-iemin-release-1.8.5.14750.msi
[2008/10/15 12:43:11 | 000,004,046 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_PROTOCOL.log
[2008/10/15 12:43:11 | 000,000,212 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_API.log
[2008/10/15 12:43:10 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\Hewlett-PackardHP PSC 1400 series1204671390_UI.log
[2008/10/15 12:43:10 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2008/09/16 04:17:55 | 000,000,071 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\FASTWiz.log
[2008/04/13 14:12:37 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Guest\default.pls
[2008/04/13 14:10:53 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/04 18:56:30 | 003,000,782 | ---- | C] () -- C:\Documents and Settings\Ron\ProductContext1400.log
[2008/01/05 13:46:10 | 001,048,576 | ---- | C] () -- C:\Documents and Settings\Guest\ntuser.dat
[2008/01/05 13:46:10 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Guest\NtUser.dat.LOG
[2008/01/05 13:46:10 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2007/11/15 11:57:38 | 000,000,067 | ---- | C] () -- C:\WINDOWS\#1 DVD Ripper.INI
[2007/11/11 20:54:12 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2007/11/11 20:49:16 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SystemInfo32.sys
[2007/11/11 20:48:27 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SysEngine2.SYS
[2007/11/11 20:48:25 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.log
[2007/11/11 20:48:19 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\ezpinst.exe
[2007/11/11 20:48:19 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.cat
[2007/11/11 20:48:19 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ron\Application Data\pcouffin.inf
[2007/11/09 13:57:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2007/06/28 20:01:48 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007/06/15 20:24:58 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/06/15 15:26:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/13 10:02:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ron\default.pls
[2007/06/13 10:00:00 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/02 18:15:39 | 000,115,200 | ---- | C] () -- C:\Documents and Settings\Ron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/02 17:18:12 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Ron\ntuser.ini
[2007/06/02 17:18:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Ron\ntuser.dat.LOG
[2007/06/02 17:17:26 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2007/06/02 17:17:25 | 000,229,376 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2007/06/02 17:17:25 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/06/02 17:17:07 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2007/06/02 17:17:06 | 000,225,280 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/06/02 17:17:06 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2006/08/16 03:35:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/16 03:35:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/16 03:35:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/16 03:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 03:35:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/16 03:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/16 03:35:00 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 08:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\disk.sys
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/07/06 17:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========



< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/31 22:57:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/31 22:57:22 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\dllcache\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] () MD5=2992DABC1DC0AA2865AFD536B839DBF3 -- C:\WINDOWS\system32\drivers\disk.sys
< End of report >


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,105 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:28 AM

Posted 25 May 2010 - 03:10 PM

Well done, now I get the results of the custom scan smile.gif

Please copy/paste the following text into OTLPE and click the Run Fix button.
CODE
:files
C:\WINDOWS\system32\drivers\disk.sys|C:\WINDOWS\ServicePackFiles\i386\disk.sys /replace

:otl
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Ron_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
O4 - HKLM..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe
O4 - HKU\Ron_ON_C..\Run: [jiouvbyf] C:\Documents and Settings\Ron\Local Settings\Application Data\hbeeeiupx\lfjoidttssd.exe (Ttrid)
O32 - AutoRun File - [2009/08/04 12:10:39 | 000,000,067 | ---- | M] () - E:\autorun.inf -- [ NTFS ]

:commands
[emptytemp]
[resethosts]

Afterwards try to boot in normal mode and let me know how things are running.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 zippyzoe

zippyzoe
  • Topic Starter

  • Members
  • 121 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 25 May 2010 - 03:35 PM

Hey that worked. I'm back up and running. I went to update my AVG files and I got hijacked by the spyware program that crippled me. Its called Antispyware Soft -- www.antispywareutulite.net Wanna assist in getting this cleared up or do I need to repost a new thread now that my boot problem is fixed. I am very appreciative of your assistance.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users