Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

suspicion of an infected computer


  • This topic is locked This topic is locked
11 replies to this topic

#1 dragonuv

dragonuv

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 24 June 2010 - 10:34 PM

Lately my computer is taking too much to load at startup, and the main cause of the suspicion is that tasks are taking a fairly high PID number after some time the computer has been up (for example, task manager PID = 202128).

here is my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:29:33, on 25/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\Installer\MSICE4F.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gnotify.exe
C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
C:\Documents and Settings\Dragonuv\Start Menu\Programs\Startup\lol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\uTorrent\uTorrent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=123.201.83.7:1080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - (no file)
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: GomezPEER.lnk = C:\Program Files\Gomez\GomezPEER\bin\GomezPEER.exe
O4 - Startup: lol.exe
O4 - Startup: n3tuse.bat
O4 - Global Startup: gnotify.exe
O8 - Extra context menu item: +Dynamic Download Solution: File - C:\Documents and Settings\Dragonuv\Desktop\Increases_2099811302008\accelget\accelget\UrlAdds.htm
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Download All Links with IDM - D:\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.13\MediaManager\grab.html
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SMS - {9DCDE23F-B98A-4736-8EDE-543B57A11FFE} - D:\SMSender\SMSender.exe (file missing)
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98C8516A-893B-44DB-9307-069E3A720A88}: NameServer = 192.117.235.237,62.219.186.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SolidConverterPDFReadSpool (SCPDFReadSpool) - Solid Documents, LLC - C:\WINDOWS\Installer\MSICE4F.tmp
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

--
End of file - 12284 bytes


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 30 June 2010 - 07:11 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 dragonuv

dragonuv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 05 July 2010 - 02:24 PM

I'm sorry, but I have been trying for a few days to run the GMER without success. Everytime I ran it, it scan and made my computer stuck.
However, I didn't have any problem running the OTL.

here are the logs:



--------------OTL.txt------------

OTL logfile created on: 02/07/2010 15:44:12 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dragonuv\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.00 Gb Total Space | 34.74 Gb Free Space | 24.81% Space Free | Partition Type: NTFS
Drive D: | 325.76 Gb Total Space | 67.26 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOAM-AA9432EBA6
Current User Name: Dragonuv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/02 15:43:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dragonuv\Desktop\OTL.exe
PRC - [2010/07/02 15:13:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/09 23:09:32 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/09 23:08:43 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/05/25 23:01:51 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- D:\uTorrent\uTorrent.exe
PRC - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2010/05/01 01:59:01 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/01 01:59:00 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/03/28 22:27:06 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Start Menu\Programs\Startup\lol.exe
PRC - [2009/12/24 08:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2009/10/20 20:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/06/28 22:22:19 | 000,189,696 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSICE4F.tmp
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVCOMSER\LVComSer.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) -- C:\NVIDIA Corporation\nTune\nTuneService.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2005/07/15 23:48:34 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gnotify.exe


========== Modules (SafeList) ==========

MOD - [2010/07/02 15:43:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dragonuv\Desktop\OTL.exe
MOD - [2008/07/26 08:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
MOD - [2008/04/14 05:42:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll
MOD - [2008/04/14 05:41:50 | 001,852,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/06/09 23:09:32 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/05/21 00:56:36 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/05/21 00:56:32 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/05/21 00:56:18 | 000,399,920 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2010/05/20 23:40:20 | 000,539,184 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/05/01 01:59:00 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/27 16:42:04 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/01/13 00:09:00 | 003,395,532 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/12/24 08:55:22 | 001,732,960 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2009/10/20 20:39:28 | 000,340,456 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2009/10/20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/28 22:22:19 | 000,189,696 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSICE4F.tmp -- (SCPDFReadSpool)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/17 00:32:52 | 001,467,760 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/07/29 13:10:46 | 003,201,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2008/07/26 08:27:42 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2008/07/26 08:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/07/26 08:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/09/04 19:25:44 | 000,131,072 | ---- | M] (NVIDIA) [Auto | Running] -- C:\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV - [2010/06/09 23:09:22 | 000,013,408 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\radpms.sys -- (radpms)
DRV - [2010/06/09 23:08:54 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/06/08 13:30:16 | 000,142,928 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/08 13:30:16 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/06/08 13:30:16 | 000,041,744 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/05/21 00:56:56 | 000,854,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2010/05/21 00:56:56 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2010/05/21 00:56:40 | 000,014,896 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport)
DRV - [2010/05/21 00:55:04 | 000,024,624 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2010/05/21 00:54:02 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2010/05/21 00:53:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2010/05/20 23:40:08 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010/05/20 21:19:20 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/27 16:41:40 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2010/04/23 00:10:42 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/12/10 14:48:40 | 000,041,504 | ---- | M] (Diskeeper Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKRtWrt.sys -- (DKRtWrt)
DRV - [2009/10/22 15:09:34 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/10/20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/10/14 21:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 19:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/01 15:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009/07/26 16:22:34 | 000,651,264 | ---- | M] (www.ext2fsd.com) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ext2fsd.sys -- (Ext2Fsd)
DRV - [2009/04/30 22:02:00 | 008,055,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2009/04/20 14:19:38 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/07/26 08:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/07/03 19:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/05/16 12:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 12:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 12:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 12:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 12:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 12:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 12:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/05/12 11:57:28 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vncmirror.sys -- (vncmirror)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 22:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/08 14:57:14 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/03/13 15:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/09/04 19:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\nvoclock.sys -- (NVR0Dev)
DRV - [2007/03/20 06:33:28 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2007/03/02 10:37:44 | 000,246,680 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2007/03/02 10:36:22 | 001,178,088 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/03/02 10:36:20 | 000,041,728 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32)
DRV - [2007/03/02 10:36:10 | 000,044,416 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/11/01 05:01:56 | 000,003,328 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rminiv3.sys -- (mirrorv3)
DRV - [2006/09/24 15:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/09/18 14:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 14:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 14:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 14:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 14:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 14:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 14:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2005/07/22 04:20:04 | 001,275,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2004/10/19 09:07:22 | 000,009,728 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
DRV - [2001/08/17 13:53:42 | 000,004,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\loop.sys -- (msloop)
DRV - [1996/04/03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=123.201.83.7:1080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.7
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.578
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 1111
FF - prefs.js..network.proxy.socks_remote_dns: true

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 15:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/02 15:14:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010/04/20 21:21:01 | 000,000,000 | ---D | M]

[2008/11/20 16:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dragonuv\Application Data\Mozilla\Extensions
[2010/07/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\extensions
[2010/06/12 19:09:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/04/05 21:00:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\extensions\LogMeInClient@logmein.com
[2009/10/11 02:03:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\extensions\wjob@wjob.eu
[2010/07/01 23:42:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/09 21:42:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/03/07 01:04:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010/05/09 21:42:10 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/03/25 14:34:25 | 000,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/04/24 21:35:07 | 000,000,025 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {F3FAF2F7-D2C0-4EA4-8DAD-B4B974371C1E} - No CLSID value found.
O3 - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\gnotify.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\Dragonuv\Start Menu\Programs\Startup\lol.exe ()
O4 - Startup: C:\Documents and Settings\Dragonuv\Start Menu\Programs\Startup\n3tuse.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Download All Links with IDM - D:\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - D:\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - D:\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SMS - {9DCDE23F-B98A-4736-8EDE-543B57A11FFE} - D:\SMSender\SMSender.exe File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} http://support.f-secure.com/ols/fscax.cab (F-Secure Online Scanner 3.3)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/RACtrl.cab (Performance Viewer Activex Control)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Dragonuv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dragonuv\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/25 15:40:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (autocheck lsdelete) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/02 15:42:31 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dragonuv\Desktop\OTL.exe
[2010/06/25 20:10:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dragonuv\Recent
[2010/06/25 00:36:15 | 000,000,000 | ---D | C] -- C:\Program Files\EditPlus 3
[2010/06/25 00:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Application Data\EditPlus 3
[2010/06/19 05:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\recover
[2010/06/17 23:53:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\Video
[2010/06/17 23:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\DOK
[2010/06/12 21:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\.VirtualBox
[2010/06/12 20:57:23 | 000,142,928 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2010/06/12 20:57:09 | 000,041,744 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2010/06/12 20:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2010/06/11 04:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\My Documents\My Virtual Machines
[2010/06/11 04:22:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Local Settings\Application Data\VMware
[2010/06/11 04:22:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Application Data\VMware
[2010/06/11 03:34:36 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2010/06/11 03:34:11 | 000,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2010/06/11 03:34:10 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2010/06/11 03:33:20 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2010/06/11 03:31:53 | 000,024,624 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2010/06/11 03:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2010/06/11 03:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/06/11 03:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2010/06/11 03:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/06/11 03:24:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\VMware.Workstation.v7.1.0.Build.261024_3rabWarez.Com
[2010/06/10 18:59:40 | 000,000,000 | ---D | C] -- C:\Program Files\CACE Technologies
[2010/06/09 23:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\IMMonitor
[2010/06/08 13:30:16 | 000,100,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys
[2010/06/07 23:08:58 | 000,000,000 | ---D | C] -- C:\Program Files\WinHTTrack
[2010/06/06 22:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2010/06/05 21:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\mIRC.v6.34.Incl.KeyGen.and.Server.Patch-F4CG
[2010/06/05 21:04:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\mIRC.6.34
[2010/06/05 14:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\softnyx
[2010/06/04 19:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\PING
[2010/06/04 17:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Application Data\Scooter Software
[2010/06/04 17:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Beyond Compare 3
[2010/06/04 16:41:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dragonuv\Desktop\UDP_Data_E174282572004
[2008/10/13 18:40:12 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/02 15:45:41 | 000,040,448 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/02 15:43:06 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dragonuv\Desktop\OTL.exe
[2010/07/02 15:37:32 | 000,000,372 | ---- | M] () -- C:\WINDOWS\tasks\iexplore.job
[2010/07/02 15:26:28 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\New Task.job
[2010/07/02 15:19:47 | 000,000,000 | -HS- | M] () -- C:\DkHyperbootSync
[2010/07/02 15:15:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\close media player.job
[2010/07/02 15:14:37 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/02 15:14:36 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/02 15:14:35 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/02 15:14:34 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/02 15:14:33 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/02 15:13:41 | 000,197,019 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/02 15:02:20 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/02 15:01:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/02 15:01:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/02 14:58:47 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/02 01:41:18 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/01 23:02:31 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/29 23:32:02 | 020,709,376 | ---- | M] () -- C:\Documents and Settings\Dragonuv\NTUSER.DAT
[2010/06/29 23:31:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dragonuv\ntuser.ini
[2010/06/26 03:49:52 | 003,020,254 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\AM604G_306020100.dat
[2010/06/26 03:16:16 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Local Settings\Application Data\PUTTY.RND
[2010/06/26 02:58:01 | 010,548,059 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\12 - Decode.mp3
[2010/06/26 02:53:36 | 000,000,574 | ---- | M] () -- C:\Documents and Settings\Dragonuv\My Documents\My Sharing Folders.lnk
[2010/06/19 17:31:39 | 000,000,862 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/19 17:31:39 | 000,000,317 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/19 17:31:39 | 000,000,150 | RHS- | M] () -- C:\boot.ini
[2010/06/19 05:42:09 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/06/19 05:42:09 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/06/18 01:01:25 | 2716,860,416 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\livedvd-x86-amd64-32ul-10.1.iso
[2010/06/11 05:39:09 | 105,504,768 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\install-x86-minimal-20100216.iso
[2010/06/11 03:31:42 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/06/11 03:30:10 | 000,510,558 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/11 03:30:10 | 000,435,616 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/11 03:30:10 | 000,068,716 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 19:02:30 | 119,545,856 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\install-amd64-minimal-20100408_2.iso
[2010/06/09 23:09:22 | 000,013,408 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\radpms.sys
[2010/06/09 23:08:54 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/06/09 23:08:49 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/06/09 23:08:47 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/06/08 13:30:16 | 000,142,928 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxDrv.sys
[2010/06/08 13:30:16 | 000,100,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxNetAdp.sys
[2010/06/08 13:30:16 | 000,041,744 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\drivers\VBoxUSBMon.sys
[2010/06/07 23:02:24 | 060,100,972 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\WSCNA.DVD1.part01.rar
[2010/06/07 22:12:35 | 000,000,070 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Start Menu\Programs\Startup\n3tuse.bat
[2010/06/04 17:31:33 | 000,010,242 | ---- | M] () -- C:\Documents and Settings\Dragonuv\Desktop\4.6.2010.conf
[2010/06/03 23:58:34 | 000,000,093 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/02 14:54:13 | 000,000,000 | -HS- | C] () -- C:\DkHyperbootSync
[2010/06/26 03:49:41 | 003,020,254 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\AM604G_306020100.dat
[2010/06/26 02:52:46 | 010,548,059 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\12 - Decode.mp3
[2010/06/19 20:42:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/06/19 20:42:42 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/06/19 20:42:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/06/19 20:42:41 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/06/19 20:42:40 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/06/17 23:53:06 | 2716,860,416 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\livedvd-x86-amd64-32ul-10.1.iso
[2010/06/16 02:53:13 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/16 02:53:13 | 000,000,872 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/11 05:29:36 | 105,504,768 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\install-x86-minimal-20100216.iso
[2010/06/11 03:15:18 | 000,000,150 | RHS- | C] () -- C:\boot.ini
[2010/06/10 18:55:54 | 119,545,856 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\install-amd64-minimal-20100408_2.iso
[2010/06/07 22:54:27 | 060,100,972 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\WSCNA.DVD1.part01.rar
[2010/06/04 17:31:33 | 000,010,242 | ---- | C] () -- C:\Documents and Settings\Dragonuv\Desktop\4.6.2010.conf
[2010/05/01 23:42:40 | 000,000,045 | ---- | C] () -- C:\WINDOWS\AFX.INI
[2010/05/01 18:08:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SPYXX.INI
[2010/04/20 18:13:45 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\NMAPI.dll
[2010/04/20 18:13:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\NMEVTRPT.dll
[2010/03/13 22:24:52 | 000,000,318 | ---- | C] () -- C:\WINDOWS\WPE 2PRO2.INI
[2010/03/13 22:22:41 | 000,000,261 | ---- | C] () -- C:\WINDOWS\WPE PRO.INI
[2009/10/20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/10/18 20:13:10 | 000,000,648 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini
[2009/09/02 00:59:33 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/08/09 21:37:22 | 000,000,365 | ---- | C] () -- C:\WINDOWS\GOTCHA32.INI
[2009/08/08 21:35:40 | 000,000,065 | ---- | C] () -- C:\WINDOWS\sendit.INI
[2009/07/23 19:33:41 | 000,002,554 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2009/06/28 22:37:40 | 000,000,133 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2009/06/28 22:22:12 | 000,021,248 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2009/06/28 22:22:12 | 000,013,568 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2009/06/23 11:56:14 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\VNCpm.dll
[2009/06/20 02:22:15 | 000,002,588 | ---- | C] () -- C:\WINDOWS\Se.INI
[2009/06/04 02:14:35 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2009/05/01 00:31:06 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/05/01 00:31:06 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/05/01 00:31:06 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/05/01 00:31:06 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/03/19 00:05:12 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/02/14 01:57:11 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\B92B4B6AA9.sys
[2009/01/31 23:26:41 | 000,001,598 | ---- | C] () -- C:\WINDOWS\CITP_SearchHistory.INI
[2008/11/29 23:19:25 | 000,000,281 | ---- | C] () -- C:\WINDOWS\ddespy.ini
[2008/10/14 19:39:54 | 000,000,058 | ---- | C] () -- C:\WINDOWS\my.ini
[2008/10/13 18:40:42 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/10/13 18:40:14 | 000,001,977 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2008/10/13 18:40:14 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/10/13 18:40:13 | 000,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2008/10/13 18:40:12 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2008/10/13 18:40:12 | 000,004,865 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2008/10/13 18:39:47 | 000,000,065 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/08/23 20:56:39 | 000,000,073 | -HS- | C] () -- C:\WINDOWS\System32\SYSDRV004.SYS
[2008/08/23 20:56:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\SYSTMBXNDRV.SYS
[2008/08/09 02:12:46 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/09 02:12:46 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/20 15:47:58 | 000,000,125 | ---- | C] () -- C:\WINDOWS\fd3.INI
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/05/14 14:27:28 | 000,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2008/05/03 01:30:12 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/22 16:06:46 | 000,000,164 | ---- | C] () -- C:\WINDOWS\yidocr.ini
[2008/04/21 21:26:10 | 000,000,174 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2008/04/21 18:33:50 | 000,000,273 | ---- | C] () -- C:\WINDOWS\batchrec.ini
[2008/04/21 18:33:45 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\vscfdx.dll
[2008/03/31 23:25:46 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\divx_xx0a.dll
[2008/03/21 22:30:08 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/03/21 22:28:54 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/03/21 22:28:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/29 14:49:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\remotecontrol.ini
[2008/02/29 14:49:18 | 000,000,073 | ---- | C] () -- C:\WINDOWS\FailSafe.sys
[2008/02/29 14:48:53 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2008/02/17 21:04:20 | 000,000,337 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/02/12 22:29:12 | 000,000,012 | -H-- | C] () -- C:\WINDOWS\mmax_hren2.ini
[2008/01/21 13:45:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/12/08 01:53:21 | 000,000,039 | ---- | C] () -- C:\WINDOWS\ideq32.ini
[2007/11/30 03:57:01 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/11/13 23:21:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/09 13:23:04 | 000,000,294 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/11/04 00:50:57 | 000,000,199 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2007/11/03 21:42:41 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2007/10/26 19:04:40 | 000,000,185 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007/10/26 19:04:31 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/10/26 16:52:45 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/10/25 20:22:04 | 000,000,068 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2007/09/17 01:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/08/06 11:07:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/03/12 12:01:30 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll
[2004/03/30 22:47:44 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\nl_msgs.dll
[2004/03/30 22:47:41 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\nl_msgc.dll
[2002/10/16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/01/02 05:11:35 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\W32PATCH.dll
[1998/06/10 00:00:00 | 000,015,120 | ---- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL
[1998/05/18 00:00:00 | 000,014,017 | ---- | C] () -- C:\WINDOWS\JAUTOEXP.INI
[1998/04/24 00:00:00 | 000,000,218 | ---- | C] () -- C:\WINDOWS\FRONTPG.INI
[1997/08/23 11:33:24 | 000,022,064 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll
[1996/04/03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4BF2F6B5
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98781370
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:58B11540
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7DA3C874
< End of report >






------------------Extras.txt----------------------

OTL Extras logfile created on: 02/07/2010 15:44:12 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Dragonuv\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040D | Country: Israel | Language: HEB | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
8.00 Gb Paging File | 8.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.00 Gb Total Space | 34.74 Gb Free Space | 24.81% Space Free | Partition Type: NTFS
Drive D: | 325.76 Gb Total Space | 67.26 Gb Free Space | 20.65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NOAM-AA9432EBA6
Current User Name: Dragonuv
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Force Uninstall] -- C:\Perfect Uninstaller\PU.exe "%1" ()
Directory [Winamp.Bookmark] -- "c:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "c:\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "c:\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Combat Arms\CombatArms.exe" = C:\Combat Arms\CombatArms.exe:*Enabled:CombatArms.exe -- File not found
"C:\Combat Arms\Engine.exe" = C:\Combat Arms\Engine.exe:*Enabled:Engine.exe -- File not found
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\mIRC\mirc.exe" = C:\mIRC\mirc.exe:*:Enabled:mIRC -- File not found
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\NetMeeting\conf.exe" = C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting® -- (Microsoft Corporation)
"C:\eMule\emule.exe" = C:\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\ICQ6\ICQ.exe" = C:\ICQ6\ICQ.exe:*:Enabled:ICQ Library -- File not found
"D:\SecondLife\SLVoice.exe" = D:\SecondLife\SLVoice.exe:*:Enabled:SLVoice -- ()
"C:\VNC4\winvnc4.exe" = C:\VNC4\winvnc4.exe:*:Enabled:VNC Server -- (RealVNC Ltd.)
"C:\iCall\iCall.exe" = C:\iCall\iCall.exe:*:Enabled:iCall -- File not found
"C:\There\ThereClient\There.exe" = C:\There\ThereClient\There.exe:*:Enabled:There -- File not found
"D:\uTorrent\uTorrent.exe" = D:\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Kali95\Kali.exe" = C:\Kali95\Kali.exe:*:Enabled:Kali II (Ver 2.613) -- File not found
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE" = C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\Dragonuv\Local Settings\temp\4000002d500070d45b7622\starcraft.exe" = C:\Documents and Settings\Dragonuv\Local Settings\temp\4000002d500070d45b7622\starcraft.exe:*:Enabled:starcraft -- File not found
"D:\Hamachi\hamachi.exe" = D:\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- File not found
"D:\Garena\Garena.exe" = D:\Garena\Garena.exe:*:Enabled:Garena -- File not found
"C:\Makena\There\ThereClient\There.exe" = C:\Makena\There\ThereClient\There.exe:*:Enabled:There -- File not found
"C:\ICQ6.5\ICQ.exe" = C:\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Makena\There-Green\ThereClient\There.exe" = C:\Makena\There-Green\ThereClient\There.exe:*:Enabled:There -- File not found
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe" = C:\Program Files\Electronic Arts\Burnout™ Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout™ Paradise The Ultimate Box -- (Electronic Arts)
"C:\IDA\idag.exe" = C:\IDA\idag.exe:*:Enabled:Interactive Disassembler (32-bit) -- (Datarescue sa/nv)
"C:\IDA\idag64.exe" = C:\IDA\idag64.exe:*:Enabled:Interactive Disassembler (64-bit) -- (Datarescue sa/nv)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Dragon Age\bin_ship\daorigins.exe" = C:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Dragon Age\DAOriginsLauncher.exe" = C:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\VMware\VMware Workstation\vmware-authd.exe" = C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd -- (VMware, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{07D00E73-7F67-4008-A33C-80C7D53F1857}" = Radmin Viewer 3.0
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{21742BF7-C002-40A7-9FF3-49D9A09DC3A8}" = AVRStudio4
"{2205E3A5-DCDC-461D-8ED6-D6F2341D3B64}" = Intel Audio Studio 2.0
"{2222B364-0854-4265-B32E-A142DB9DC7BB}" = Intel® PRO Network Connections 11.2.0.69
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0
"{255FC1CF-2620-4B64-BE02-79B9E609BB3D}" = Webzen Game Starter
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{34ACF0AB-D649-47DC-A90C-6DF34C270D78}" = Intel Audio Studio 2.0
"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48FE73F3-4C3A-4871-BCD0-A7726A08BD64}" = Hex Workshop v6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56BFAA6E-2BCC-4AED-9233-84731E66B205}" = Solid Converter PDF
"{5B09BD67-4C99-46A1-8161-B7208CE18121}" = QuickTime
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{7F831576-6246-42C7-B523-55B3F96509CC}" = LogMeIn
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{9111040D-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9509674F-3972-11DE-806D-005056806466}" = Google Earth
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981FAFFC-35E9-42E0-9C58-9AADE646F92A}" = Diskeeper 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD196DAC-F550-46C5-9D3A-FD04474C1FCC}" = Sound Blaster 5.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D4D909F1-7F12-4534-87B5-4CC7031A07D1}" = Oracle VM VirtualBox 3.2.4
"{D5D88F8F-FDA4-4CF4-9F3E-3F40118C2120}" = AVRStudio4
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DA2B455A-B0BE-4C5A-B73A-0615F37C81D5}" = Beowulf TM
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F57CEB84-3D22-4657-8EDA-F8CD5217B83E}" = Mu
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AviSynth" = AviSynth 2.5
"Babylon" = Babylon
"BeyondCompare3_is1" = Beyond Compare Version 3.1.11
"Boilsoft Video Joiner_is1" = Boilsoft Video Joiner 5.32
"Boilsoft Video Splitter_is1" = Boilsoft Video Splitter 5.16
"BSPlayer1" = BSPlayer
"Cain & Abel v4.9.35" = Cain & Abel v4.9.35
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"DirectVobSub" = DirectVobSub (remove only)
"EAGLE 5.7.0" = EAGLE 5.7.0
"EditPlus 3" = EditPlus 3
"eMule" = eMule
"Ext2Fsd_is1" = Ext2Fsd 0.48
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"FL Studio_is1" = FL Studio v7.0
"Foxit Reader" = Foxit Reader
"HECI" = Intel® Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"IDA Pro_is1" = IDA Pro Advanced v5.2 with WinCE v5.0 debugger
"ie8" = Windows Internet Explorer 8
"ImTOO 3GP Video Converter" = ImTOO 3GP Video Converter
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"mIRC" = mIRC
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Multisimsamplecircuits" = Multisim sample circuits
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NetLimiter" = NetLimiter 1.30 (remove only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"Ogg Codecs" = Xiph.Org Ogg Codecs 0.82.16930 32-bit
"PE Structure Viewer" = PE Structure Viewer 1.3
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.2.8
"RealPlayer 6.0" = RealPlayer
"RealVNC_is1" = VNC Personal Edition P4.5
"Recordpad" = Recordpad
"RM Converter_is1" = RM Converter 4.28
"SecondLife" = SecondLife (remove only)
"SmartCheck 6.2" = NuMega SmartCheck 6.2
"SpeedFan" = SpeedFan (remove only)
"Starcraft" = Starcraft
"Stellarium_is1" = Stellarium 0.10.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"VB Decompiler Lite_is1" = VB Decompiler Lite 3.4
"Visual Studio 6.0 Professional Edition" = Microsoft Visual Studio 6.0 Professional Edition
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VLC media player" = VideoLAN VLC media player 0.8.6c
"VMware_Workstation" = VMware Workstation
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Uninstall
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Winamp" = Winamp
"WinAVR-20090313" = WinAVR 20090313 (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9C
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR archiver
"Wireshark" = Wireshark 1.2.5
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1123561945-1844237615-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"Words That Follow" = Words That Follow

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19/06/2010 11:32:22 | Computer Name = NOAM-AA9432EBA6 | Source = Diskeeper | ID = 46
Description = Diskeeper service failed to start. Service Control Manager error code
1084.

Error - 19/06/2010 18:09:53 | Computer Name = NOAM-AA9432EBA6 | Source = Application Error | ID = 1000
Description = Faulting application cain.exe, version 4.9.3.5, faulting module cain.exe,
version 4.9.3.5, fault address 0x0024da6c.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/06/2010 17:01:04 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 29/06/2010 17:15:22 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 29/06/2010 17:28:09 | Computer Name = NOAM-AA9432EBA6 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ NetLimiter Events ]
Error - 30/09/2008 15:00:54 | Computer Name = NOAM-AA9432EBA6 | Source = NetLimiter 2 | ID = 1000
Description =

Error - 31/10/2008 07:17:06 | Computer Name = NOAM-AA9432EBA6 | Source = NetLimiter 2 | ID = 1000
Description =

[ System Events ]
Error - 29/06/2010 16:59:27 | Computer Name = NOAM-AA9432EBA6 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the VMware Authorization
Service service to connect.

Error - 29/06/2010 16:59:27 | Computer Name = NOAM-AA9432EBA6 | Source = Service Control Manager | ID = 7000
Description = The VMware Authorization Service service failed to start due to the
following error: %%1053

Error - 01/07/2010 17:14:25 | Computer Name = NOAM-AA9432EBA6 | Source = Service Control Manager | ID = 7023
Description = The VMware USB Arbitration Service service terminated with the following
error: %%31

Error - 02/07/2010 03:31:39 | Computer Name = NOAM-AA9432EBA6 | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{98C8516A-893B-44DB-9307-069E3A720A88}. The
backup browser is stopping.

Error - 02/07/2010 04:12:52 | Computer Name = NOAM-AA9432EBA6 | Source = Srv | ID = 2020
Description = The server was unable to allocate from the system paged pool because
the pool was empty.

Error - 02/07/2010 07:46:52 | Computer Name = NOAM-AA9432EBA6 | Source = Srv | ID = 2020
Description = The server was unable to allocate from the system paged pool because
the pool was empty.

Error - 02/07/2010 08:56:53 | Computer Name = NOAM-AA9432EBA6 | Source = SideBySide | ID = 16842810
Description = Syntax error in manifest or policy file "C:\WINDOWS\system32\comctl32.dll"
on line 0.

Error - 02/07/2010 08:56:53 | Computer Name = NOAM-AA9432EBA6 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\system32\comctl32.dll.
Reference
error message: The operation completed successfully. .

Error - 02/07/2010 08:57:16 | Computer Name = NOAM-AA9432EBA6 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 02/07/2010 09:13:48 | Computer Name = NOAM-AA9432EBA6 | Source = Service Control Manager | ID = 7023
Description = The VMware USB Arbitration Service service terminated with the following
error: %%31


< End of report >


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 06 July 2010 - 01:52 AM

Hello there,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#5 dragonuv

dragonuv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 08 July 2010 - 03:04 PM

c:\combofix.log:






ComboFix 10-07-07.02 - Dragonuv 07/08/2010 22:22:13.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.3326.2712 [GMT 2:00]
Running from: c:\documents and settings\Dragonuv\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\hpe6EC2.dll
c:\documents and settings\All Users\Application Data\hpeB3A.dll
c:\documents and settings\All Users\Application Data\hpeD8.dll
c:\windows\My.ini
c:\windows\system\ActivLogs
c:\windows\system\ActivLogs\2008-02-29
c:\windows\system\VI30AUT.DLL
c:\windows\system32\3304752304.dat
c:\windows\system32\Data
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\Thumbs.db
c:\windows\system32\W32PATCH.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\w32dasm8.ini
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((( Files Created from 2010-06-08 to 2010-07-08 )))))))))))))))))))))))))))))))
.

2010-06-24 22:36 . 2010-06-26 01:59 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\EditPlus 3
2010-06-24 22:36 . 2010-06-24 22:38 -------- d-----w- c:\program files\EditPlus 3
2010-06-19 03:54 . 2010-06-19 03:54 -------- d-----w- c:\windows\system32\recover
2010-06-15 20:00 . 2010-06-15 20:00 133648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-15 20:00 . 2010-06-15 20:00 133720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mmpprtc.dll
2010-06-12 19:00 . 2010-06-12 19:49 -------- d-----w- c:\documents and settings\Dragonuv\.VirtualBox
2010-06-12 18:57 . 2010-06-08 11:30 142928 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2010-06-12 18:57 . 2010-06-08 11:30 41744 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2010-06-11 02:22 . 2010-06-26 01:16 -------- d-----w- c:\documents and settings\Dragonuv\Local Settings\Application Data\VMware
2010-06-11 02:22 . 2010-06-26 01:16 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\VMware
2010-06-11 01:36 . 2010-06-11 01:36 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-06-11 01:36 . 2010-06-11 01:26 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-06-11 01:36 . 2010-06-11 01:26 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-06-11 01:36 . 2010-06-11 01:26 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-06-11 01:36 . 2010-06-11 01:36 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-06-11 01:36 . 2010-06-11 01:27 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-06-11 01:36 . 2010-06-11 01:27 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-06-11 01:36 . 2010-06-11 01:27 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-06-11 01:36 . 2010-06-11 01:26 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-06-11 01:36 . 2010-06-11 01:26 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-06-11 01:34 . 2010-05-20 22:56 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-06-11 01:34 . 2010-05-20 22:56 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-06-11 01:34 . 2010-05-20 22:53 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-06-11 01:33 . 2010-05-20 22:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-06-11 01:31 . 2010-05-20 22:55 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-06-11 01:31 . 2010-07-08 20:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-06-11 01:29 . 2010-06-11 01:29 -------- d-----w- c:\program files\Common Files\VMware
2010-06-11 01:28 . 2010-07-08 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-06-11 01:28 . 2010-06-11 01:28 -------- d-----w- c:\program files\VMware
2010-06-10 16:59 . 2010-06-10 17:03 -------- d-----w- c:\program files\CACE Technologies
2010-06-09 21:34 . 2010-06-09 21:34 -------- d-----w- c:\program files\IMMonitor

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-08 20:45 . 2010-03-06 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-07-08 19:41 . 2007-10-25 15:09 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\uTorrent
2010-07-08 06:11 . 2010-04-03 15:21 -------- d-----w- c:\program files\LogMeIn
2010-07-03 12:48 . 2008-06-06 10:16 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\SecondLife
2010-07-03 04:42 . 2007-10-25 15:09 -------- d-----w- c:\program files\uTorrent
2010-07-02 13:40 . 2008-10-12 12:54 -------- d-----w- c:\program files\Gomez
2010-06-26 03:11 . 2010-05-08 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-06-26 00:53 . 2010-05-28 22:23 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\mIRC
2010-06-26 00:52 . 2010-05-28 22:23 -------- d-----w- c:\program files\mIRC
2010-06-25 18:05 . 2010-05-12 19:35 -------- d-----w- c:\program files\CCleaner
2010-06-25 05:06 . 2007-10-25 18:21 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\DMCache
2010-06-16 21:35 . 2010-06-06 20:27 -------- d-----w- c:\program files\Cain
2010-06-11 11:15 . 2007-12-20 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-09 21:09 . 2008-08-11 10:40 13408 ----a-w- c:\windows\system32\drivers\radpms.sys
2010-06-09 21:08 . 2009-08-13 21:27 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2010-06-09 21:08 . 2009-08-13 21:27 29568 ----a-w- c:\windows\system32\LMIport.dll
2010-06-09 21:08 . 2009-08-13 21:27 87424 ----a-w- c:\windows\system32\LMIinit.dll
2010-06-08 11:30 . 2010-06-08 11:30 100496 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-06-07 21:09 . 2010-06-07 21:08 -------- d-----w- c:\program files\WinHTTrack
2010-06-05 13:07 . 2010-06-05 12:36 -------- d-----w- c:\program files\softnyx
2010-06-04 15:34 . 2010-06-04 15:34 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\Scooter Software
2010-06-04 15:34 . 2010-06-04 15:34 -------- d-----w- c:\program files\Beyond Compare 3
2010-05-29 14:58 . 2010-05-29 14:58 -------- d-----w- c:\program files\Ext2Fsd
2010-05-24 19:26 . 2007-10-25 18:21 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\IDM
2010-05-20 22:56 . 2010-05-20 22:56 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-05-20 22:56 . 2010-05-20 22:56 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-05-20 22:56 . 2010-05-20 22:56 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-05-20 22:54 . 2010-05-20 22:54 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-05-20 22:54 . 2010-05-20 22:54 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-05-20 21:40 . 2010-05-20 21:40 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-05-20 21:13 . 2010-05-20 21:13 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-05-20 19:19 . 2010-05-20 19:19 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-05-20 19:19 . 2010-05-20 19:19 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-05-20 19:19 . 2010-05-20 19:19 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-05-14 00:30 . 2010-05-14 00:30 454656 ----a-w- c:\windows\system32\putty.exe
2010-05-14 00:17 . 2010-05-08 03:12 -------- d-----w- c:\documents and settings\Dragonuv\Application Data\Babylon
2010-05-13 23:49 . 2010-03-26 11:06 -------- d-----w- c:\program files\EAGLE_PCB_Power_Tools
2010-05-09 20:56 . 2010-03-20 13:25 -------- d-----w- c:\program files\r2 Studios
2010-05-09 19:43 . 2010-05-09 19:43 61440 ----a-w- c:\documents and settings\Dragonuv\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28be975e-n\decora-sse.dll
2010-05-09 19:43 . 2010-05-09 19:43 12800 ----a-w- c:\documents and settings\Dragonuv\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-28be975e-n\decora-d3d.dll
2010-05-09 19:43 . 2010-05-09 19:43 503808 ----a-w- c:\documents and settings\Dragonuv\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35782ae0-n\msvcp71.dll
2010-05-09 19:43 . 2010-05-09 19:43 499712 ----a-w- c:\documents and settings\Dragonuv\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35782ae0-n\jmc.dll
2010-05-09 19:43 . 2010-05-09 19:43 348160 ----a-w- c:\documents and settings\Dragonuv\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-35782ae0-n\msvcr71.dll
2010-05-09 19:42 . 2010-05-09 19:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-08 19:18 . 2010-05-08 19:18 388096 ----a-r- c:\documents and settings\Dragonuv\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-05 08:40 . 2010-04-05 12:41 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-05-05 08:40 . 2010-04-05 12:41 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-04-29 13:39 . 2009-07-28 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2009-07-28 22:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 14:42 . 2010-04-27 14:42 64960 ----a-w- c:\windows\system32\drivers\stcp2v30.sys
2008-07-21 15:35 . 2008-07-21 15:35 5120 --sha-w- c:\program files\Thumbs.db
2009-07-01 19:45 . 2009-02-13 23:57 88 --sh--r- c:\windows\system32\B92B4B6AA9.sys
2010-04-09 17:50 . 2008-05-02 23:30 2620 --sha-w- c:\windows\system32\KGyGaAvL.sys
2008-08-23 19:16 . 2008-08-23 18:56 73 --sha-w- c:\windows\system32\SYSDRV004.SYS
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

c:\documents and settings\Dragonuv\Start Menu\Programs\Startup\
lol.exe [2010-3-28 20480]
n3tuse.bat [2010-6-7 70]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
gnotify.exe [2005-7-15 479232]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 21:08 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Push Client.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Push Client.LNK
backup=c:\windows\pss\Push Client.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Dragonuv^Start Menu^Programs^Startup^gnotify.exe]
path=c:\documents and settings\Dragonuv\Start Menu\Programs\Startup\gnotify.exe
backup=c:\windows\pss\gnotify.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Dragonuv^Start Menu^Programs^Startup^hamachi.lnk]
path=c:\documents and settings\Dragonuv\Start Menu\Programs\Startup\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
2010-04-26 09:28 3740088 ----a-w- c:\program files\Babylon\Babylon-Pro\Babylon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2007-08-16 10:00 531272 ----a-w- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-08-08 12:11 490952 ----a-w- c:\daemon tools lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-22 19:20 133104 ----atw- c:\documents and settings\Dragonuv\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
2009-11-12 16:46 3171760 ----a-w- d:\internet download manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 10:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 09:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetLimiter]
2004-03-31 13:23 823296 ----a-w- c:\program files\NetLimiter\NetLimiter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 17:25 81920 ----a-w- c:\nvidia corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-10-19 18:16 286720 ----a-w- c:\quicktime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recordpad]
2008-05-14 12:23 577540 ----a-w- c:\program files\NCH Swift Sound\Recordpad\recordpad.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 12:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-03-30 00:09 1217872 ----a-w- d:\steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2010-05-20 22:56 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\eMule\\emule.exe"=
"d:\\SecondLife\\SLVoice.exe"=
"c:\\VNC4\\winvnc4.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout™ Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\IDA\\idag.exe"=
"c:\\IDA\\idag64.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [10/14/2009 9:18 PM 36880]
R1 Ext2Fsd;Linux ext2 file system driver;c:\windows\system32\drivers\ext2fsd.sys [5/29/2010 4:58 PM 651264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/2/2009 3:19 PM 1181328]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [10/20/2009 8:19 PM 50704]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [4/23/2010 4:18 PM 90112]
R2 SCPDFReadSpool;SolidConverterPDFReadSpool;c:\windows\Installer\MSICE4F.tmp [6/28/2009 10:22 PM 189696]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [5/21/2010 12:56 AM 70704]
R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [4/23/2010 2:43 PM 41504]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [9/14/2009 2:42 PM 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [10/2/2009 7:39 PM 19472]
R3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [8/11/2008 12:40 PM 13408]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [4/23/2010 4:20 PM 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 9:24 PM 135664]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [5/20/2010 11:40 PM 539184]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\dragon age\bin_ship\daupdatersvc.service.exe [3/30/2010 11:35 PM 25832]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\Dragonuv\LOCALS~1\Temp\SAG632.tmp --> c:\docume~1\Dragonuv\LOCALS~1\Temp\SAG632.tmp [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [4/20/2009 7:54 AM 28672]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/29/2009 12:23 AM 38224]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [7/19/2009 8:15 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [7/19/2009 8:15 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [7/19/2009 8:15 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [7/19/2009 8:15 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [7/19/2009 8:15 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [7/19/2009 8:15 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [7/19/2009 8:15 PM 115752]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [6/8/2010 1:30 PM 100496]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/26/2007 4:52 PM 717296]
.
Contents of the 'Scheduled Tasks' folder

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:59]

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:59]

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:59]

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:59]

2010-07-08 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-12-02 23:59]

2010-07-08 c:\windows\Tasks\close media player.job
- c:\windows\system32\taskkill.exe [2004-08-04 03:42]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 23:37]

2010-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 23:37]

2010-07-08 c:\windows\Tasks\iexplore.job
- c:\progra~1\Intern~1\iexplore.exe [2007-10-25 12:09]

2010-07-08 c:\windows\Tasks\New Task.job
- d:\utorrent\uTorrent.exe [2009-03-29 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = socks=123.201.83.7:1080
IE: +Dynamic Download Solution: File - c:\documents and settings\Dragonuv\Desktop\Increases_2099811302008\accelget\accelget\UrlAdds.htm
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: Download All Links with IDM - d:\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - d:\internet download manager\IEGetVL.htm
IE: Download with IDM - d:\internet download manager\IEExt.htm
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.13\MediaManager\grab.html
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{9DCDE23F-B98A-4736-8EDE-543B57A11FFE} - d:\smsender\SMSender.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {98C8516A-893B-44DB-9307-069E3A720A88} = 192.117.235.237,8.8.8.8
FF - ProfilePath - c:\documents and settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - component: c:\documents and settings\Dragonuv\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\divx\DivX Web Player\npdivx32.dll
FF - plugin: c:\documents and settings\Dragonuv\Application Data\Mozilla\Firefox\Profiles\b3o74p8j.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\Dragonuv\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\WEBZEN\WebzenGameStarter\NPGameWebStarter.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin2.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin3.dll
FF - plugin: c:\quicktime\Plugins\npqtplugin4.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Accelget - c:\documents and settings\Dragonuv\Desktop\Increases_2099811302008\accelget\accelget\Accelget.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-iCall Internet Phone - c:\icall\iCall.exe
MSConfigStartUp-ICQ - c:\icq6\ICQ.exe
MSConfigStartUp-ISUSScheduler - c:\program files\Common Files\InstallShield\UpdateService\issch.exe
MSConfigStartUp-LogitechQuickCamRibbon - c:\quickcam\Quickcam.exe
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-RGSC - c:\rockstar games\Rockstar Games Social Club\RGSCLauncher.exe
MSConfigStartUp-StartupDelayer - c:\program files\r2 Studios\Startup Delayer\Startup Launcher.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe
MSConfigStartUp-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
MSConfigStartUp-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
MSConfigStartUp-WinampAgent - c:\winamp\winampa.exe
AddRemove-HijackThis - c:\hijackthis\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-08 22:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\Dragonuv\LOCALS~1\Temp\SAG632.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCPDFReadSpool]
"ImagePath"="c:\windows\Installer\MSICE4F.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WINIO]
"ImagePath"="p‎\13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1123561945-1844237615-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1123561945-1844237615-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:89,cf,dd,c0,54,f6,6d,61,70,f4,95,00,13,29,9a,10,ca,e2,55,3c,2d,
de,e5,c0,e9,fe,1a,ad,6c,dd,d6,83,d7,59,59,ca,21,cd,39,09,33,7e,9f,31,bd,d2,\
"rkeysecu"=hex:59,6a,97,63,b2,9b,8f,16,0a,80,5a,8a,77,28,da,e6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0f00b619-dcef-4e7b-bb74-651f99d99f56}]
@Denied: (Full) (Everyone)
"Model"=dword:00000146
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,1a,0d,14,5a,44,5b,8f,4c,c4,9f,27,cf,25,5d,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'explorer.exe'(9448)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\nvidia corporation\nTune\nTuneService.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\vmnat.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\gnotify.exe
c:\documents and settings\Dragonuv\Start Menu\Programs\Startup\lol.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2010-07-08 22:50:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-08 20:50

Pre-Run: 38,173,388,800 bytes free
Post-Run: 38,091,698,176 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - F0E958A240FB45BC8DC90F8641FB7BA8


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 08 July 2010 - 03:10 PM

Hello again,
How are things running now?

UPDATE JAVA
------------------
Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.



MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please launch MBAM and update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 dragonuv

dragonuv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 09 July 2010 - 09:30 AM

my computer is definitely working faster, but it is still relatively slower than it can be.
here is the malwarebytes log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4293

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

09/07/2010 00:41:38
mbam-log-2010-07-09 (00-41-38).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 330619
Time elapsed: 1 hour(s), 19 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\IMMonitor (PUP.KeyLogger) -> Quarantined and deleted successfully.
C:\Program Files\IMMonitor\MSN Messenger Monitor Sniffer (PUP.KeyLogger) -> Quarantined and deleted successfully.

Files Infected:
C:\Documents and Settings\Dragonuv\Desktop\VMware.Workstation.v7.1.0.Build.261024_3rabWarez.Com\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1CB35-1EC1-4F42-956B-70BA22AEECBD}\RP452\A0165581.exe (Backdoor.GF) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F4D1CB35-1EC1-4F42-956B-70BA22AEECBD}\RP452\A0165582.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 09 July 2010 - 12:18 PM

Hello again, please let me know how things are running after the following steps.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 21 July 2010 - 06:20 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 dragonuv

dragonuv
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:03:48 AM

Posted 23 July 2010 - 02:30 AM

Hey, I'm really sorry because I have not got your previous post, thinking that the topic has been abandoned.
I'm glad it's not so smile.gif

here are the eset scan results:

C:\Documents and Settings\Dragonuv\Desktop\A reversing tutorial for newbies by lena151\Part 21\Files\files.zip multiple threats deleted - quarantined
C:\Documents and Settings\Dragonuv\Desktop\A reversing tutorial for newbies by lena151\Part 32\Files\topo12_fixed.rar Win32/VirTool.Topo.12 application deleted - quarantined
C:\Documents and Settings\Dragonuv\Desktop\Cracks\myAutToExe2_07_src\samples\VanZande1 Obfuscated\AAST.au3 Win32/Packed.Autoit.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Dragonuv\Desktop\Cracks\myAutToExe2_07_src\samples\VanZande2 Obfuscated\VanZandeObfuscated-Protect_Obfuscated-tidy.au3 Win32/Packed.Autoit.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Dragonuv\Desktop\Cracks\myAutToExe2_07_src\samples\VanZande2 Obfuscated\VanZandeObfuscated-Protect_Obfuscated.au3 Win32/Packed.Autoit.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Dragonuv\Desktop\Cracks\myAutToExe2_07_src\samples\VanZande3 Obfuscated\newprep.au3 Win32/Packed.Autoit.Gen application cleaned by deleting - quarantined
D:\CS\DATOS.exe multiple threats deleted - quarantined
D:\CS\Portable_CS1.6.exe multiple threats deleted - quarantined


#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 23 July 2010 - 03:33 PM

Hi again,
As you can see also in the ESET scan results, using cracks and the like is definitely not a good idea; it will get you infected again in no time. If you want to keep your computer clean, I strongly recommend to stop using this kind of software.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:10:48 AM

Posted 16 August 2010 - 07:00 AM

Due to lack of feedback, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users