Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit problems....


  • Please log in to reply
39 replies to this topic

#1 SteveHam

SteveHam

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 03 July 2010 - 08:51 AM

I've been beaten by this problem & need some help.

Inconsistancies started back in March this year, downloaded "Hijack This" & thought I'd sorted the problem, but was unable to remove some items marked as "file missing".

I run a piece of resident security softwear supplied free by my bank, called "Trusteer Report", This is enabled for sensative sites like ebanking & Paypal. It started to report attemted keyloging, password capture, screen shot capture & cookie access events from Internet explorer & Voipcheap . Fortunatly it seems to have been efective in blocking these attempts untill now.

I have had quite a bit of computer experiance from DOS in the early 1980's up to Windows 98SE, but unfortunatly I missed XP & I'm now more than a little lost with the Vista OS...

I've followed the Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help & have a back-up. Herre are the logs:

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Steve at 12:52:38.36 on 03/07/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.675 [GMT 3:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Steve\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://login.live.com/login.srf?id=2&s...=EN&lc=2057
mStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe
uRun: [HijackThis startup scan] c:\program files\hijackthis\HijackThis.exe /startupscan
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\play movie\PMVService.exe"
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6BB2089-163F-466B-812A-748096614DFD} - hxxp://cainternetsecurity.net/scanner/cascanner.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-10 64288]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-3-4 390528]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-6-7 59240]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-6-7 166632]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-3-4 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-2-5 51200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1352832]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-20 118784]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-6-7 840936]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-11-28 1153368]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-2-5 32256]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-6-18 42368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-20 98304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-2-5 180736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-5-16 3567]
S3 U6000ALL;U6000 TV Box(ALL);c:\windows\system32\drivers\U6000ALL.sys [2008-11-4 227072]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 BUML;BUML;c:\users\steve\appdata\local\temp\buml.exe --> c:\users\steve\appdata\local\temp\BUML.exe [?]
S4 gupdate1ca0965288838b4;Google Update Service (gupdate1ca0965288838b4);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
S4 HETT;HETT;c:\users\steve\appdata\local\temp\hett.exe --> c:\users\steve\appdata\local\temp\HETT.exe [?]
S4 JYBP;JYBP;c:\users\steve\appdata\local\temp\jybp.exe --> c:\users\steve\appdata\local\temp\JYBP.exe [?]
S4 LKZHOOQYDSWX;LKZHOOQYDSWX;c:\users\steve\appdata\local\temp\lkzhooqydswx.exe --> c:\users\steve\appdata\local\temp\LKZHOOQYDSWX.exe [?]
S4 OYPRHWOJAC;OYPRHWOJAC;c:\users\steve\appdata\local\temp\oyprhwojac.exe --> c:\users\steve\appdata\local\temp\OYPRHWOJAC.exe [?]
S4 QTJHPTC;QTJHPTC;c:\users\steve\appdata\local\temp\qtjhptc.exe --> c:\users\steve\appdata\local\temp\QTJHPTC.exe [?]
S4 QZDJBPB;QZDJBPB;c:\users\steve\appdata\local\temp\qzdjbpb.exe --> c:\users\steve\appdata\local\temp\QZDJBPB.exe [?]
S4 RSQKG;RSQKG;c:\users\steve\appdata\local\temp\rsqkg.exe --> c:\users\steve\appdata\local\temp\RSQKG.exe [?]
S4 WH;WH;c:\users\steve\appdata\local\temp\wh.exe --> c:\users\steve\appdata\local\temp\WH.exe [?]
S4 ZZSMWT;ZZSMWT;c:\users\steve\appdata\local\temp\zzsmwt.exe --> c:\users\steve\appdata\local\temp\ZZSMWT.exe [?]

=============== Created Last 30 ================

2010-07-03 07:45:59 4675 ----a-w- c:\windows\system32\wsmanconfig_schema.xml
2010-07-03 07:45:59 201184 ----a-w- c:\windows\system32\winrm.vbs
2010-07-03 07:45:57 252416 ----a-w- c:\windows\system32\WSManMigrationPlugin.dll
2010-07-03 07:45:57 246272 ----a-w- c:\windows\system32\WSManHTTPConfig.exe
2010-07-03 07:45:57 241152 ----a-w- c:\windows\system32\winrscmd.dll
2010-07-03 07:45:57 214016 ----a-w- c:\windows\system32\WsmWmiPl.dll
2010-07-03 07:45:57 145408 ----a-w- c:\windows\system32\WsmAuto.dll
2010-07-03 07:45:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-07-03 07:12:45 0 d-----w- c:\program files\Tap0901
2010-07-02 18:50:35 229697 ----a-w- C:\MGlogs.zip
2010-07-02 18:50:29 0 d-----w- C:\MGtools
2010-07-02 18:40:48 0 d-sh--w- C:\$RECYCLE.BIN
2010-07-02 18:26:13 98816 ----a-w- c:\windows\sed.exe
2010-07-02 18:26:13 77312 ----a-w- c:\windows\MBR.exe
2010-07-02 18:26:13 256512 ----a-w- c:\windows\PEV.exe
2010-07-02 18:26:13 161792 ----a-w- c:\windows\SWREG.exe
2010-07-02 18:26:02 0 d-----w- C:\ComboFix
2010-07-02 18:09:01 255596433 ----a-w- c:\windows\MEMORY.DMP
2010-07-02 17:31:24 0 d-----w- c:\users\steve\appdata\roaming\Malwarebytes
2010-07-02 17:29:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-02 17:29:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-02 17:29:50 0 d-----w- c:\programdata\Malwarebytes
2010-07-02 17:29:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-02 15:11:02 0 d-----w- c:\users\steve\appdata\roaming\SUPERAntiSpyware.com
2010-07-02 15:11:02 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-02 15:10:52 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-02 14:57:33 0 ----a-w- c:\users\steve\defogger_reenable
2010-07-02 14:21:49 2395131 ----a-w- C:\MGtools.exe
2010-07-02 12:15:23 0 d-----w- c:\program files\CCleaner
2010-07-02 11:20:39 0 d-----w- c:\programdata\SecTaskMan
2010-07-02 11:20:25 0 d-----w- c:\program files\Security Task Manager
2010-06-28 14:33:06 0 d-----w- c:\program files\PeerGuardian2
2010-06-28 13:46:18 0 ----a-w- c:\windows\system32\LIKRLG
2010-06-28 12:40:40 0 ----a-w- C:\KWHQPQHOCNY
2010-06-28 12:30:40 0 ----a-w- c:\windows\system32\OPHUGSLUMU
2010-06-28 12:21:12 0 ----a-w- c:\windows\system32\HEBT
2010-06-28 11:57:37 2335270 ----a-w- c:\windows\system32\a29F943.mht
2010-06-24 00:00:32 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-24 00:00:32 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 00:00:32 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 00:00:32 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 00:00:31 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 22:57:42 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 22:57:40 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-12 07:12:42 67072 ----a-w- c:\windows\system32\asycfilt.dll
2010-06-12 07:12:38 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-12 07:12:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-12 07:09:50 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-10 10:20:44 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

==================== Find3M ====================

2010-07-03 07:15:11 105248 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-07-03 07:12:46 51200 ----a-w- c:\windows\inf\infpub.dat
2010-07-03 07:12:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-02 14:39:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-02 11:55:26 47360 ----a-w- c:\users\steve\appdata\roaming\pcouffin.sys
2010-06-16 14:00:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-01 17:37:48 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-30 14:03:13 143360 ----a-w- c:\windows\inf\infstor.dat
2010-04-23 14:13:55 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-17 01:19:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-20 21:24:45 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat

============= FINISH: 12:54:45.55 ===============


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-03 14:04:53
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Steve\AppData\Local\Temp\kwroypob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8FD6AE26]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8FD6B704]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8FD6B864]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8FD6F086]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8FD6F0B8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8FD6F21A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8FD6B7C8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8FD6AF6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8FD6B15C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8FD6B28E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8FD6F190]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8FD6F0FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8FD6F12C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8FD6F15E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8FD6ADCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8FD6B8C4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8FD6F01E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8FD6AD68]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8FD0C620]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8FD6AD04]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!KeInsertQueue + 381 83CBF978 4 Bytes JMP 5A7A2000
.text ntoskrnl.exe!KeInsertQueue + 3C9 83CBF9C0 4 Bytes [04, B7, D6, 8F]
.text ntoskrnl.exe!KeInsertQueue + 4C1 83CBFAB8 8 Bytes [64, B8, D6, 8F, 86, F0, D6, ...]
.text ntoskrnl.exe!KeInsertQueue + 4D1 83CBFAC8 4 Bytes JMP 5ABCB350
.text ntoskrnl.exe!KeInsertQueue + 571 83CBFB68 4 Bytes [1A, F2, D6, 8F]
.text ...
C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl entry point in "" section [0x8FFB4000]
.clc C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl unknown last section [0x8FFB5000, 0x1000, 0x00000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] ntdll.dll!KiUserApcDispatcher 77D05D18 5 Bytes JMP 00414A50 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] USER32.dll!InSendMessageEx + 3B1 7636E6B0 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] WS2_32.dll!getaddrinfo 7688418A 5 Bytes JMP 71640022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1160] WS2_32.dll!gethostbyname 768962D4 5 Bytes JMP 71670022
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ntdll.dll!LdrLoadDll + 1 77CC9391 5 Bytes [22, 00, 67, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ntdll.dll!KiUserApcDispatcher 77D05D18 5 Bytes JMP 01F379B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 766FA84F 6 Bytes PUSH 71580022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateDialogParamW 763672A2 5 Bytes JMP 6BD1DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DdeInitializeW 76367921 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!GetAsyncKeyState 7636863C 5 Bytes JMP 6BC38EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!SetWindowsHookExW 763687AD 5 Bytes JMP 6BD19AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CallNextHookEx 76368E3B 5 Bytes JMP 6BD0D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!UnhookWindowsHookEx 763698DB 5 Bytes JMP 6BC8467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!EnableWindow 7636CD8B 5 Bytes JMP 6BD1DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!RegisterClassExW 7636DA30 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!RegisterClassA 7636DF42 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!RegisterClassW 7636E1AB 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateWindowExW 76371305 5 Bytes JMP 6BD1DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!GetKeyState 76378CB1 5 Bytes JMP 6BD1D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!TranslateMessage 763801AD 6 Bytes PUSH 714C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!IsDialogMessageW 76380745 5 Bytes JMP 6BC459D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateDialogParamA 763817AA 5 Bytes JMP 6BE1547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!IsDialogMessage 76381847 5 Bytes JMP 6BE14D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateDialogIndirectParamA 763826F1 5 Bytes JMP 6BE154B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!CreateDialogIndirectParamW 76389A62 5 Bytes JMP 6BE154E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!SetKeyboardState 76390987 5 Bytes JMP 6BE15086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamW 763910B0 3 Bytes JMP 6BC454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamW + 4 763910B4 1 Byte [F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamW 76392EF5 5 Bytes JMP 6BE1480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!SendInput 76392F75 5 Bytes JMP 6BE15C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!EndDialog 7639326E 3 Bytes JMP 6BC47E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!EndDialog + 4 76393272 1 Byte [F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!SetCursorPos 763A6FB2 5 Bytes JMP 6BE15C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!GetClipboardData 763A715A 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxParamA 763A8152 5 Bytes JMP 6BE147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!DialogBoxIndirectParamA 763A847D 5 Bytes JMP 6BE14872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectA 763BD4D9 5 Bytes JMP 6BE14741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxIndirectW 763BD5D3 5 Bytes JMP 6BE146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExA 763BD639 5 Bytes JMP 6BE14674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!MessageBoxExW 763BD65D 5 Bytes JMP 6BE14612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] USER32.dll!keybd_event 763BD972 5 Bytes JMP 6BE15FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] GDI32.dll!BitBlt 77EB70A6 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] SHELL32.dll!SHRestricted + D95 76A18988 4 Bytes [4D, 30, CF, 72]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] SHELL32.dll!SHRestricted + D9D 76A18990 8 Bytes [57, 2F, CF, 72, 9C, 5B, CE, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ole32.dll!OleLoadFromStream 76501E12 5 Bytes JMP 6BE14B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ole32.dll!CoCreateInstance 76539EA6 5 Bytes JMP 6BD1DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] ole32.dll!CoCreateInstanceEx 76539EE9 5 Bytes JMP 71550022
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WS2_32.dll!connect 768840D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WS2_32.dll!getaddrinfo 7688418A 5 Bytes JMP 710B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetCloseHandle 77BC9088 6 Bytes PUSH 71340022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetQueryDataAvailable 77BCBF7F 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpAddRequestHeadersA 77BCCF46 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpOpenRequestA 77BCD508 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetConnectA 77BCDEAE 6 Bytes PUSH 71310022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetConnectW 77BCF862 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpSendRequestW 77BCFABE 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpOpenRequestW 77BCFBFB 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetOpenA 77BDD690 6 Bytes PUSH 71250022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetOpenW 77BDDB09 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetSetStatusCallback 77BDDCC8 6 Bytes PUSH 71190022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpSendRequestA 77BDEE89 6 Bytes PUSH 71400022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetReadFileExA 77BE3381 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetGetCookieExA 77BE4BD0 6 Bytes PUSH 71280022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetWriteFile 77C260F6 6 Bytes PUSH 71160022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpSendRequestExA 77C3A70A 6 Bytes PUSH 713D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!HttpSendRequestExW 77C3A763 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1432] WININET.dll!InternetGetCookieA 77C3BDEC 6 Bytes PUSH 712B0022; RET
.text C:\Windows\Explorer.EXE[3812] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 769CB364 4 Bytes [F0, 1F, 00, 10]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3856] ntdll.dll!KiUserApcDispatcher 77D05D18 5 Bytes JMP 00438CE0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3856] WS2_32.dll!getaddrinfo 7688418A 5 Bytes JMP 71670022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[3856] WS2_32.dll!gethostbyname 768962D4 5 Bytes JMP 716E0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] ntdll.dll!LdrLoadDll + 1 77CC9391 5 Bytes [22, 00, 67, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] ntdll.dll!KiUserApcDispatcher 77D05D18 5 Bytes JMP 01EC79B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] kernel32.dll!SetUnhandledExceptionFilter 766FA84F 6 Bytes PUSH 71580022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateDialogParamW 763672A2 5 Bytes JMP 6BD1DEA8 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DdeInitializeW 76367921 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!GetAsyncKeyState 7636863C 5 Bytes JMP 6BC38EFF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!SetWindowsHookExW 763687AD 5 Bytes JMP 6BD19AC9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CallNextHookEx 76368E3B 5 Bytes JMP 6BD0D0ED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!UnhookWindowsHookEx 763698DB 5 Bytes JMP 6BC8467C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!EnableWindow 7636CD8B 5 Bytes JMP 6BD1DD35 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!RegisterClassExW 7636DA30 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!RegisterClassA 7636DF42 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!RegisterClassW 7636E1AB 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateWindowExW 76371305 5 Bytes JMP 6BD1DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!GetKeyState 76378CB1 5 Bytes JMP 6BD1D2E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!TranslateMessage 763801AD 6 Bytes PUSH 714C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!IsDialogMessageW 76380745 5 Bytes JMP 6BC459D7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateDialogParamA 763817AA 5 Bytes JMP 6BE1547B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!IsDialogMessage 76381847 5 Bytes JMP 6BE14D17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateDialogIndirectParamA 763826F1 5 Bytes JMP 6BE154B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!CreateDialogIndirectParamW 76389A62 5 Bytes JMP 6BE154E9 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!SetKeyboardState 76390987 5 Bytes JMP 6BE15086 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxParamW 763910B0 3 Bytes JMP 6BC454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxParamW + 4 763910B4 1 Byte [F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxIndirectParamW 76392EF5 5 Bytes JMP 6BE1480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!SendInput 76392F75 5 Bytes JMP 6BE15C43 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!EndDialog 7639326E 3 Bytes JMP 6BC47E7E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!EndDialog + 4 76393272 1 Byte [F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!SetCursorPos 763A6FB2 5 Bytes JMP 6BE15C97 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!GetClipboardData 763A715A 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxParamA 763A8152 5 Bytes JMP 6BE147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!DialogBoxIndirectParamA 763A847D 5 Bytes JMP 6BE14872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxIndirectA 763BD4D9 5 Bytes JMP 6BE14741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxIndirectW 763BD5D3 5 Bytes JMP 6BE146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxExA 763BD639 5 Bytes JMP 6BE14674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!MessageBoxExW 763BD65D 5 Bytes JMP 6BE14612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] USER32.dll!keybd_event 763BD972 5 Bytes JMP 6BE15FC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] GDI32.dll!BitBlt 77EB70A6 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] SHELL32.dll!SHRestricted + D95 76A18988 4 Bytes [4D, 30, CF, 72]
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] SHELL32.dll!SHRestricted + D9D 76A18990 8 Bytes [57, 2F, CF, 72, 9C, 5B, CE, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] ole32.dll!OleLoadFromStream 76501E12 5 Bytes JMP 6BE14B77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] ole32.dll!CoCreateInstance 76539EA6 5 Bytes JMP 6BD1DB78 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] ole32.dll!CoCreateInstanceEx 76539EE9 5 Bytes JMP 71550022
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WS2_32.dll!connect 768840D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WS2_32.dll!getaddrinfo 7688418A 5 Bytes JMP 710B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetCloseHandle 77BC9088 6 Bytes PUSH 71340022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetQueryDataAvailable 77BCBF7F 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpAddRequestHeadersA 77BCCF46 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpOpenRequestA 77BCD508 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetConnectA 77BCDEAE 6 Bytes PUSH 71310022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetConnectW 77BCF862 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpSendRequestW 77BCFABE 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpOpenRequestW 77BCFBFB 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetOpenA 77BDD690 6 Bytes PUSH 71250022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetOpenW 77BDDB09 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetSetStatusCallback 77BDDCC8 6 Bytes PUSH 71190022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpSendRequestA 77BDEE89 6 Bytes PUSH 71400022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetReadFileExA 77BE3381 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetGetCookieExA 77BE4BD0 6 Bytes PUSH 71280022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetWriteFile 77C260F6 6 Bytes PUSH 71160022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpSendRequestExA 77C3A70A 6 Bytes PUSH 713D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!HttpSendRequestExW 77C3A763 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5864] WININET.dll!InternetGetCookieA 77C3BDEC 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ntdll.dll!LdrLoadDll + 1 77CC9391 5 Bytes [22, 00, 67, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ntdll.dll!KiUserApcDispatcher 77D05D18 5 Bytes JMP 01E479B0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] kernel32.dll!SetUnhandledExceptionFilter 766FA84F 6 Bytes PUSH 71580022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DdeInitializeW 76367921 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!RegisterClassExW 7636DA30 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!RegisterClassA 7636DF42 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!RegisterClassW 7636E1AB 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!CreateWindowExW 76371305 5 Bytes JMP 6BD1DB1C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!TranslateMessage 763801AD 6 Bytes PUSH 714C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxParamW 763910B0 3 Bytes JMP 6BC454C5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxParamW + 4 763910B4 1 Byte [F5]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxIndirectParamW 76392EF5 5 Bytes JMP 6BE1480F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!GetClipboardData 763A715A 6 Bytes PUSH 714F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxParamA 763A8152 5 Bytes JMP 6BE147AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!DialogBoxIndirectParamA 763A847D 5 Bytes JMP 6BE14872 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxIndirectA 763BD4D9 5 Bytes JMP 6BE14741 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxIndirectW 763BD5D3 5 Bytes JMP 6BE146D6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxExA 763BD639 5 Bytes JMP 6BE14674 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] USER32.dll!MessageBoxExW 763BD65D 5 Bytes JMP 6BE14612 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] GDI32.dll!BitBlt 77EB70A6 6 Bytes PUSH 715B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C9 769CB364 4 Bytes [F0, 1F, DC, 02]
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ole32.dll!CoCreateInstance 76539EA6 5 Bytes JMP 71640022
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ole32.dll!CoCreateInstanceEx 76539EE9 5 Bytes JMP 71550022
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetCloseHandle 77BC9088 6 Bytes PUSH 71340022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetQueryDataAvailable 77BCBF7F 6 Bytes PUSH 711F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpAddRequestHeadersA 77BCCF46 6 Bytes PUSH 71490022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpOpenRequestA 77BCD508 6 Bytes PUSH 71460022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetConnectA 77BCDEAE 6 Bytes PUSH 71310022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetConnectW 77BCF862 6 Bytes PUSH 712E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpSendRequestW 77BCFABE 6 Bytes PUSH 71370022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpOpenRequestW 77BCFBFB 6 Bytes PUSH 71430022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetOpenA 77BDD690 6 Bytes PUSH 71250022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetOpenW 77BDDB09 6 Bytes PUSH 71220022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetSetStatusCallback 77BDDCC8 6 Bytes PUSH 71190022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpSendRequestA 77BDEE89 6 Bytes PUSH 71400022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetReadFileExA 77BE3381 6 Bytes PUSH 711C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetGetCookieExA 77BE4BD0 6 Bytes PUSH 71280022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetWriteFile 77C260F6 6 Bytes PUSH 71160022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpSendRequestExA 77C3A70A 6 Bytes PUSH 713D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!HttpSendRequestExW 77C3A763 6 Bytes PUSH 713A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] WININET.dll!InternetGetCookieA 77C3BDEC 6 Bytes PUSH 712B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ws2_32.dll!connect 768840D9 5 Bytes JMP 710F0022
.text C:\Program Files\Internet Explorer\iexplore.exe[5928] ws2_32.dll!getaddrinfo 7688418A 5 Bytes JMP 710B0022

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001167cc39ee
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001167cc39ee (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4PF5CIGF\json[2].txt 0 bytes

---- EOF - GMER 1.0.15 ----


-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 06 July 2010 - 07:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 07 July 2010 - 03:34 AM

Hello m0le,

Thank you for your help.

Steve...

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 07 July 2010 - 02:55 PM

No rootkit there, SteveHam.

What makes you think you have been attacked?

Please run MBAM for a good scan and removal of anything bad

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#5 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 09 July 2010 - 03:37 PM

[quote name='m0le' date='Jul 7 2010, 10:55 PM' post='1831836']
No rootkit there, SteveHam.

What makes you think you have been attacked?[quote]

Glad to here that there isn’t a rootkit M0le.

Over the last couple of Months, I have been having persistent reported screen, keystroke & session cookie capture attempts reported, by the software provided by one of my Banks. (Trusteer Rapport). I had none for 12 months before this.

Back in March this year, when the first attempted captures reports started. I attempted to check & fix my system with “Hijack This”. I’ve used this with a lot of success in the past… I’m afraid OS’s have moved on a lot since my last successes with Win98SE & having missed out on WinXP, I find Vista is more complex & beyond my comfort zone. The HT log still has “file missing” entries that I can’t delete….8^ (

Before asking for your help here M0le. I did attempt a system clean-up using info on “MajorGeeks” & looking back at the MBAM logs from this I think that might have removed the major infection. I’m just not confident enough that I have everything…?

I am still getting reported capture attempts, despite running IE without “Add-On’s” & through a VPN….

Will post additional info & logs tomorrow as domestic life is getting in the way ATM… hope that’s OK M0le…?

Steve…


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 09 July 2010 - 06:57 PM

QUOTE
hope that’s OK M0le…?


Yeah, that's fine. Thanks for the background on the problem. We can update your knowledge a bit with some newer tools than HijackThis if we need to. smile.gif
Posted Image
m0le is a proud member of UNITE

#7 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 11 July 2010 - 05:00 PM

Here is the latest MBAM log:
---------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4303

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

12/07/2010 00:13:07
mbam-log-2010-07-12 (00-13-07).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 225447
Time elapsed: 1 hour(s), 27 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
---------------------------------------------------------------------------------------------------------------------------------------------------------

This is the MBAM log from before I posted here:

----------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

02/07/2010 20:59:57
mbam-log-2010-07-02 (20-59-57).txt

Scan type: Quick scan
Objects scanned: 125864
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\reg.reg (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\reg.reg (Malware.Trace) -> Quarantined and deleted successfully.

---------------------------------------------------------------------------------------------------------------------------------------------------------



I'm still not happy that my machine isn't compramised...

Pear Gaurdian 2 keeps stoping responding... Seems to have at least 3 different start-up logos too...?

Adawear also picked-up a Win32.TrojanDropper.Agent Engine: at the end of last month.....

maybe I'm just paranoid...

Steve....

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 11 July 2010 - 05:03 PM

Paranoid is not a problem in malware removal smile.gif

MBAM removed trace malware items so something was there. It isn't now but we should take a look at an OTL log to check
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 11 July 2010 - 05:42 PM

OK M0le, here are the two "otl" logs...

--------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 12/07/2010 01:30:06 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 24.66 Gb Free Space | 35.85% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 49.71 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LT
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ZZSMWT) -- C:\Users\Steve\AppData\Local\Temp\ZZSMWT.exe File not found
SRV - (WH) -- C:\Users\Steve\AppData\Local\Temp\WH.exe File not found
SRV - (RSQKG) -- C:\Users\Steve\AppData\Local\Temp\RSQKG.exe File not found
SRV - (QZDJBPB) -- C:\Users\Steve\AppData\Local\Temp\QZDJBPB.exe File not found
SRV - (QTJHPTC) -- C:\Users\Steve\AppData\Local\Temp\QTJHPTC.exe File not found
SRV - (OYPRHWOJAC) -- C:\Users\Steve\AppData\Local\Temp\OYPRHWOJAC.exe File not found
SRV - (LKZHOOQYDSWX) -- C:\Users\Steve\AppData\Local\Temp\LKZHOOQYDSWX.exe File not found
SRV - (JYBP) -- C:\Users\Steve\AppData\Local\Temp\JYBP.exe File not found
SRV - (HETT) -- C:\Users\Steve\AppData\Local\Temp\HETT.exe File not found
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (BUML) -- C:\Users\Steve\AppData\Local\Temp\BUML.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\F630.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Steve\AppData\Local\Temp\catchme.sys File not found
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (U6000ALL) U6000 TV Box(ALL) -- C:\Windows\System32\drivers\U6000ALL.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PortTalk) -- C:\Windows\System32\drivers\PortTalk.sys (Beyond Logic http://www.beyondlogic.org)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?id=2&s...=EN&lc=2057
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 FB C0 5D 90 1A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 19:36:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/05 13:56:43 | 000,000,004 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe (Soeperman Enterprises Ltd.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.97.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 01:24:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/08 14:03:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:38 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/03 10:46:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/03 10:46:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/03 10:46:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/03 10:46:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/03 10:46:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/03 10:46:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/03 10:46:09 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/03 10:46:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/03 10:46:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/03 10:45:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/03 10:45:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/03 10:45:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/03 10:45:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/03 10:45:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/03 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tap0901
[2010/07/02 21:50:29 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/07/02 21:47:47 | 000,472,064 | ---- | C] ( ) -- C:\Users\Steve\Desktop\RootRepeal.exe
[2010/07/02 21:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/02 21:40:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/02 21:26:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/02 21:26:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/02 21:26:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/02 21:26:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/02 21:26:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/02 21:25:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 21:24:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/02 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2010/07/02 20:29:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/02 20:29:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/02 20:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/02 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/02 18:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/02 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/02 17:39:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/02 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Sun
[2010/07/02 16:56:22 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:28:02 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 15:52:41 | 016,529,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/02 15:12:27 | 001,154,616 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/07/02 14:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/06/29 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\OverPlay.net_LLP
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Deployment
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apps
[2010/06/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/06/28 17:32:24 | 001,958,450 | ---- | C] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:48 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 15:05:14 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Steve\Desktop\RootkitRevealer.exe
[2010/06/28 14:06:36 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/27 23:32:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Application Data
[2010/06/25 21:23:11 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\RootkitBuster.exe
[2010/06/25 21:02:03 | 001,869,952 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/24 03:00:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:00:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:00:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/24 01:57:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/24 01:57:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/20 18:15:06 | 000,231,888 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[2010/06/12 10:12:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/12 10:12:38 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/12 10:12:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/12 10:11:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/12 10:11:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/12 10:11:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/12 10:11:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/12 10:11:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/12 10:11:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/12 10:11:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/12 10:11:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/12 10:11:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/12 10:11:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/12 10:11:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/12 10:11:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/12 10:11:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/12 10:11:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/12 10:11:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/12 10:09:50 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 01:29:03 | 003,407,872 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/07/12 01:24:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/12 00:52:04 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/11 23:46:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/11 23:46:53 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/11 13:50:54 | 001,584,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/11 13:50:54 | 000,603,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/11 13:50:54 | 000,006,278 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/11 13:45:59 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/11 13:45:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/07/11 13:45:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/11 13:45:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/11 09:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 09:19:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TM.blf
[2010/07/11 08:50:13 | 000,006,756 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2010/07/11 01:14:51 | 003,972,321 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/07/10 19:46:03 | 000,131,857 | ---- | M] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 19:41:39 | 000,002,609 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/07/09 18:40:01 | 000,090,055 | ---- | M] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/08 17:04:55 | 000,105,248 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/07/08 14:04:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 14:03:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:43 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/06 19:22:36 | 000,023,265 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:32 | 000,064,495 | ---- | M] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/05 13:56:43 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:02:25 | 343,788,145 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/03 13:21:58 | 000,284,915 | ---- | M] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:22 | 000,525,824 | ---- | M] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:15:04 | 000,000,320 | ---- | M] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/03 00:15:45 | 000,000,750 | ---- | M] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/07/02 23:12:47 | 000,001,077 | ---- | M] () -- C:\Users\Steve\Desktop\cports.cfg
[2010/07/02 22:44:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/02 22:26:58 | 000,229,697 | ---- | M] () -- C:\MGlogs.zip
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/02 21:47:54 | 000,000,000 | ---- | M] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:37:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/02 21:24:33 | 003,725,496 | R--- | M] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 18:10:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:39:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/02 17:39:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:22:23 | 000,782,848 | ---- | M] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 17:13:06 | 000,464,491 | ---- | M] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:56:28 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:44:09 | 000,117,760 | ---- | M] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:28:06 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 16:00:48 | 000,050,477 | ---- | M] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:52:42 | 016,529,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | M] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 15:12:34 | 001,154,616 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:55:26 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys
[2010/07/02 14:55:26 | 000,007,887 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2010/07/02 14:55:26 | 000,001,144 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2010/07/02 14:19:42 | 001,709,408 | ---- | M] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | M] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:20 | 000,020,480 | ---- | M] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:57 | 000,477,088 | ---- | M] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/29 17:58:11 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 17:32:31 | 001,958,450 | ---- | M] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:49 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 16:46:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LIKRLG
[2010/06/28 16:07:30 | 001,376,832 | ---- | M] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2010/06/28 15:56:57 | 000,167,315 | ---- | M] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:40:40 | 000,000,000 | ---- | M] () -- C:\KWHQPQHOCNY
[2010/06/28 15:30:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\OPHUGSLUMU
[2010/06/28 15:21:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HEBT
[2010/06/28 15:15:41 | 000,231,390 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a29F943.mht
[2010/06/28 14:06:40 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/25 21:21:14 | 001,074,232 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitBuster_2.80.1077.zip
[2010/06/25 21:02:21 | 001,869,952 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/20 18:15:11 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[2010/06/16 17:00:47 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/06/15 12:57:34 | 000,030,720 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:15 | 000,031,232 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/06/13 08:49:44 | 000,392,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 19:46:03 | 000,131,857 | ---- | C] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 18:39:58 | 000,090,055 | ---- | C] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/06 19:22:36 | 000,023,265 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:30 | 000,064,495 | ---- | C] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/03 13:24:22 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.exe
[2010/07/03 13:21:54 | 000,284,915 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:13 | 000,525,824 | ---- | C] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:46:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/03 10:45:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/03 10:45:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/03 10:15:06 | 000,000,320 | ---- | C] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/02 22:44:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/02 21:50:35 | 000,229,697 | ---- | C] () -- C:\MGlogs.zip
[2010/07/02 21:47:54 | 000,000,000 | ---- | C] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:26:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/02 21:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/02 21:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/02 21:26:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/02 21:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/02 21:09:01 | 343,788,145 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/02 20:29:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 18:10:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:47:16 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/02 17:47:16 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/07/02 17:14:48 | 003,725,496 | R--- | C] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 17:12:04 | 000,464,491 | ---- | C] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:44:19 | 000,782,848 | ---- | C] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 16:42:32 | 000,117,760 | ---- | C] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:00:46 | 000,050,477 | ---- | C] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | C] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 14:19:41 | 001,709,408 | ---- | C] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | C] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:18 | 000,020,480 | ---- | C] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:52 | 000,477,088 | ---- | C] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/29 16:45:59 | 000,000,750 | ---- | C] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/06/28 16:46:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\LIKRLG
[2010/06/28 15:56:57 | 000,167,315 | ---- | C] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:40:40 | 000,000,000 | ---- | C] () -- C:\KWHQPQHOCNY
[2010/06/28 15:30:40 | 000,000,000 | ---- | C] () -- C:\Windows\System32\OPHUGSLUMU
[2010/06/28 15:21:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HEBT
[2010/06/28 15:05:14 | 000,102,160 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.chm
[2010/06/28 15:00:24 | 000,231,390 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a29F943.mht
[2010/06/15 12:57:32 | 000,030,720 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:13 | 000,031,232 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/01/20 16:29:16 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/01/06 13:31:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/28 12:13:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/10 23:15:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 23:00:56 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/11/04 13:36:16 | 000,227,072 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/04 15:36:20 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/03/04 15:36:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/05 11:49:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/05 11:15:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/05 11:09:26 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 10:37:51 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/05 09:08:18 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/02/05 09:07:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/05 09:07:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/05 09:07:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/05 09:07:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/28 19:43:54 | 000,270,336 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/06/16 19:44:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\GTWST.dll
[2007/06/11 12:32:48 | 000,126,976 | ---- | C] () -- C:\Windows\System32\RmCard.dll
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/06/28 17:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
[2001/12/27 03:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 10:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 03:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 09:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/01/15 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\111 Pix Ltd
[2008/10/24 15:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer
[2008/02/05 11:43:05 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer GameZone Console
[2010/02/08 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Any Video Converter
[2010/01/03 02:01:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/18 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2009/12/16 12:00:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FLVPlayer4Free
[2010/03/16 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2008/10/24 15:37:42 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2009/01/10 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\ScanSoft
[2009/02/22 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2010/01/03 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Uniblue
[2009/07/10 21:22:46 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\VoipCheapCom
[2010/07/02 14:55:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2010/07/11 09:19:34 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------------------------------------------------------------------------------
OTL Extras logfile created on: 12/07/2010 01:30:06 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 24.66 Gb Free Space | 35.85% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 49.71 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LT
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6131F5BF-C0C3-47A1-82E2-3BAA029158C4}" = lport=23917 | protocol=17 | dir=in | name=72.20.34.145 |
"{71CCE834-F956-47D6-88B3-C932FAC17C32}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE6C71A0-B3A1-423E-B77E-174BECA93BCF}" = lport=23917 | protocol=6 | dir=in | name=72.20.34.145 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A79D-EEEC-4B8E-806F-4E6A1F4BEE66}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{64D571A6-D294-4D9A-9E88-1F692360A237}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6517A3E3-700F-4A37-9E8C-1844B770E97A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{BDFF0BCA-E8D7-494A-BA27-BE91B513B0BD}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{D0CBD68C-3948-49D0-98C6-B542694E4356}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{338EA48F-395D-4358-87AF-9A6EE4AF918D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"TCP Query User{382F6287-A65D-490C-AAA0-6269D0EFEA54}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{393CAC32-7051-41A1-BE4F-4AB3259C01FE}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{4CC194D6-A470-4614-9402-B354D0B795F6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6C1BF709-47CD-4E94-90DA-D1EBAF7960AC}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"TCP Query User{6F9AC9F0-1970-4BA2-91A9-105453CC517B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{78546F91-85D6-42B3-851B-E2FDCC758209}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B5BE9302-F31A-4DDC-9640-84CBAF98F0C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BD51C547-BC50-4DFB-8990-6CABCB3F2CA9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{07FF5FC6-3CB4-46AF-9195-66B7D539924C}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{103E94B6-4E26-4089-A592-BA8AEBA1D5BB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1EA3C8B9-AE50-47C5-833F-BB5BB2F3DCC1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{46A968D8-9D6C-4EDB-BA34-AFDC62E3ED96}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"UDP Query User{4D0B7F89-8380-4E11-A979-99A2E48466DC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7A03A889-E496-4BEE-A1B5-E01316F6C170}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8A239FF9-5C79-4FB2-B8D7-7F6070860FB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CB8078FC-A70E-46A5-B36B-5BB0FF21DEB3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{FB2A3DEA-593C-4A1D-970A-D34C9E65B615}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4011515E-FF2B-4337-A95B-2E4AFC1923AE}" = MYGIC TV
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Any Video Converter_is1" = Any Video Converter 2.7.1
"Avira UnErase Personal" = Avira UnErase Personal
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Byki Express" = Byki Express
"Canon MP220 series User Registration" = Canon MP220 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dia" = Dia (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"get_iplayer" = get_iplayer 1.5+
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4011515E-FF2B-4337-A95B-2E4AFC1923AE}" = MYGIC TV
"Little Registry Cleaner" = Little Registry Cleaner
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OpenVPN Tap Adapter" = OpenVPN Tap Adapter 9.0
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PeerGuardian_is1" = PeerGuardian 2.0
"ProInst" = Intel PROSet Wireless
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Rapport_msi" = Rapport
"Security Task Manager" = Security Task Manager 1.7h
"Simplyzip" = Simplyzip (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel® TV Wizard
"VoipCheapCom_is1" = VoipCheapCom

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4f1f873ae9d5c649" = OverPlay VPN
"4XDealer" = 4XDealer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2009 02:24:17 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 28/09/2009 02:41:36 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:22:56 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:24:09 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:24:48 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:53:17 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:55:23 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 01/10/2009 03:46:00 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 01/10/2009 12:20:35 | Computer Name = Steve-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1664 Start Time: 01ca42b2cd6eee24 Termination Time: 78

Error - 01/10/2009 12:21:39 | Computer Name = Steve-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9f8 Start Time: 01ca42b31ea2b604 Termination Time: 0

[ Media Center Events ]
Error - 27/02/2009 02:41:10 | Computer Name = Steve-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/07/2010 18:09:36 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:10:06 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:16:16 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:16:24 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:18:56 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:19:04 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:21:53 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:22:18 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:24:06 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:24:08 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =


< End of report >

--------------------------------------------------------------------------------------------------------------------------------------------------------------------


I appreciate your help.....8^)

Steve...

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 11 July 2010 - 05:50 PM

Oh, here they are!! huh.gif

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
SRV - (ZZSMWT) -- C:\Users\Steve\AppData\Local\Temp\ZZSMWT.exe File not found
SRV - (WH) -- C:\Users\Steve\AppData\Local\Temp\WH.exe File not found
SRV - (RSQKG) -- C:\Users\Steve\AppData\Local\Temp\RSQKG.exe File not found
SRV - (QZDJBPB) -- C:\Users\Steve\AppData\Local\Temp\QZDJBPB.exe File not found
SRV - (QTJHPTC) -- C:\Users\Steve\AppData\Local\Temp\QTJHPTC.exe File not found
SRV - (OYPRHWOJAC) -- C:\Users\Steve\AppData\Local\Temp\OYPRHWOJAC.exe File not found
SRV - (LKZHOOQYDSWX) -- C:\Users\Steve\AppData\Local\Temp\LKZHOOQYDSWX.exe File not found
SRV - (JYBP) -- C:\Users\Steve\AppData\Local\Temp\JYBP.exe File not found
SRV - (HETT) -- C:\Users\Steve\AppData\Local\Temp\HETT.exe File not found
[2010/06/28 16:46:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LIKRLG
[2010/06/28 15:40:40 | 000,000,000 | ---- | M] () -- C:\KWHQPQHOCNY
[2010/06/28 15:30:40 | 000,000,000 | ---- | M] () -- C:\Windows\System32\OPHUGSLUMU
[2010/06/28 15:21:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HEBT
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#11 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 11 July 2010 - 05:57 PM

========== OTL ==========
Service ZZSMWT stopped successfully!
Service ZZSMWT deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\ZZSMWT.exe File not found not found.
Service WH stopped successfully!
Service WH deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\WH.exe File not found not found.
Service RSQKG stopped successfully!
Service RSQKG deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\RSQKG.exe File not found not found.
Service QZDJBPB stopped successfully!
Service QZDJBPB deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\QZDJBPB.exe File not found not found.
Service QTJHPTC stopped successfully!
Service QTJHPTC deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\QTJHPTC.exe File not found not found.
Service OYPRHWOJAC stopped successfully!
Service OYPRHWOJAC deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\OYPRHWOJAC.exe File not found not found.
Service LKZHOOQYDSWX stopped successfully!
Service LKZHOOQYDSWX deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\LKZHOOQYDSWX.exe File not found not found.
Service JYBP stopped successfully!
Service JYBP deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\JYBP.exe File not found not found.
Service HETT stopped successfully!
Service HETT deleted successfully!
File C:\Users\Steve\AppData\Local\Temp\HETT.exe File not found not found.
C:\Windows\System32\LIKRLG moved successfully.
C:\KWHQPQHOCNY moved successfully.
C:\Windows\System32\OPHUGSLUMU moved successfully.
C:\Windows\System32\HEBT moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.9.0 log created on 07122010_015409
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So what was it...? huh.gif

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 11 July 2010 - 06:02 PM

It's a random name trojan and without a sample it would be difficult to ID it. Be aware it may not be gone yet. huh.gif

Please rerun OTL and post the new log.
Posted Image
m0le is a proud member of UNITE

#13 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 11 July 2010 - 06:10 PM

OTL logfile created on: 12/07/2010 02:05:00 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 24.56 Gb Free Space | 35.71% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 49.71 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LT
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\System32\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\System32\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (BUML) -- C:\Users\Steve\AppData\Local\Temp\BUML.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\F630.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Steve\AppData\Local\Temp\catchme.sys File not found
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (U6000ALL) U6000 TV Box(ALL) -- C:\Windows\System32\drivers\U6000ALL.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PortTalk) -- C:\Windows\System32\drivers\PortTalk.sys (Beyond Logic http://www.beyondlogic.org)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?id=2&s...=EN&lc=2057
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 FB C0 5D 90 1A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 19:36:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/05 13:56:43 | 000,000,004 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe (Soeperman Enterprises Ltd.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.97.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 01:54:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/12 01:24:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/08 14:03:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:38 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/03 10:46:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/03 10:46:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/03 10:46:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/03 10:46:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/03 10:46:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/03 10:46:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/03 10:46:09 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/03 10:46:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/03 10:46:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/03 10:45:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/03 10:45:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/03 10:45:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/03 10:45:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/03 10:45:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/03 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tap0901
[2010/07/02 21:50:29 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/07/02 21:47:47 | 000,472,064 | ---- | C] ( ) -- C:\Users\Steve\Desktop\RootRepeal.exe
[2010/07/02 21:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/02 21:40:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/02 21:26:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/02 21:26:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/02 21:26:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/02 21:26:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/02 21:26:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/02 21:25:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 21:24:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/02 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2010/07/02 20:29:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/02 20:29:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/02 20:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/02 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/02 18:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/02 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/02 17:39:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/02 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Sun
[2010/07/02 16:56:22 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:28:02 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 15:52:41 | 016,529,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/02 15:12:27 | 001,154,616 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/07/02 14:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/06/29 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\OverPlay.net_LLP
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Deployment
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apps
[2010/06/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/06/28 17:32:24 | 001,958,450 | ---- | C] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:48 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 15:05:14 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Steve\Desktop\RootkitRevealer.exe
[2010/06/28 14:06:36 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/27 23:32:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Application Data
[2010/06/25 21:23:11 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\RootkitBuster.exe
[2010/06/25 21:02:03 | 001,869,952 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/24 03:00:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:00:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:00:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/24 01:57:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/24 01:57:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/20 18:15:06 | 000,231,888 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[2010/06/12 10:12:42 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/12 10:12:38 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/12 10:12:37 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/12 10:11:51 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/06/12 10:11:51 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/06/12 10:11:50 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/06/12 10:11:49 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/06/12 10:11:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/06/12 10:11:48 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/06/12 10:11:46 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/06/12 10:11:46 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/06/12 10:11:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/06/12 10:11:45 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/06/12 10:11:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/06/12 10:11:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/06/12 10:11:44 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/06/12 10:11:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/06/12 10:11:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/06/12 10:09:50 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/12 02:04:45 | 003,407,872 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/07/12 01:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/12 01:52:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 01:46:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 01:46:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 01:24:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/11 13:50:54 | 001,584,022 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/11 13:50:54 | 000,603,908 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/11 13:50:54 | 000,006,278 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/11 13:45:46 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/07/11 13:45:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/11 13:45:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/11 09:19:25 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TMContainer00000000000000000001.regtrans-ms
[2010/07/11 09:19:25 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TM.blf
[2010/07/11 08:50:13 | 000,006,756 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2010/07/11 01:14:51 | 003,972,321 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/07/10 19:46:03 | 000,131,857 | ---- | M] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 19:41:39 | 000,002,609 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/07/09 18:40:01 | 000,090,055 | ---- | M] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/08 17:04:55 | 000,105,248 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/07/08 14:04:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 14:03:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:43 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/06 19:22:36 | 000,023,265 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:32 | 000,064,495 | ---- | M] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/05 13:56:43 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:02:25 | 343,788,145 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/03 13:21:58 | 000,284,915 | ---- | M] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:22 | 000,525,824 | ---- | M] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:15:04 | 000,000,320 | ---- | M] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/03 00:15:45 | 000,000,750 | ---- | M] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/07/02 23:12:47 | 000,001,077 | ---- | M] () -- C:\Users\Steve\Desktop\cports.cfg
[2010/07/02 22:44:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/02 22:26:58 | 000,229,697 | ---- | M] () -- C:\MGlogs.zip
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/02 21:47:54 | 000,000,000 | ---- | M] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:37:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/02 21:24:33 | 003,725,496 | R--- | M] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 18:10:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:39:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/02 17:39:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:22:23 | 000,782,848 | ---- | M] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 17:13:06 | 000,464,491 | ---- | M] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:56:28 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:44:09 | 000,117,760 | ---- | M] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:28:06 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 16:00:48 | 000,050,477 | ---- | M] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:52:42 | 016,529,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | M] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 15:12:34 | 001,154,616 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:55:26 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys
[2010/07/02 14:55:26 | 000,007,887 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2010/07/02 14:55:26 | 000,001,144 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2010/07/02 14:19:42 | 001,709,408 | ---- | M] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | M] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:20 | 000,020,480 | ---- | M] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:57 | 000,477,088 | ---- | M] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/29 17:58:11 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/06/28 17:32:31 | 001,958,450 | ---- | M] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:49 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 16:07:30 | 001,376,832 | ---- | M] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2010/06/28 15:56:57 | 000,167,315 | ---- | M] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:15:41 | 000,231,390 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a29F943.mht
[2010/06/28 14:06:40 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/25 21:21:14 | 001,074,232 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitBuster_2.80.1077.zip
[2010/06/25 21:02:21 | 001,869,952 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/20 18:15:11 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[2010/06/16 17:00:47 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/06/15 12:57:34 | 000,030,720 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:15 | 000,031,232 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/06/13 08:49:44 | 000,392,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/10 19:46:03 | 000,131,857 | ---- | C] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 18:39:58 | 000,090,055 | ---- | C] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/06 19:22:36 | 000,023,265 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:30 | 000,064,495 | ---- | C] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/03 13:24:22 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.exe
[2010/07/03 13:21:54 | 000,284,915 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:13 | 000,525,824 | ---- | C] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:46:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/03 10:45:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/03 10:45:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/03 10:15:06 | 000,000,320 | ---- | C] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/02 22:44:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/02 21:50:35 | 000,229,697 | ---- | C] () -- C:\MGlogs.zip
[2010/07/02 21:47:54 | 000,000,000 | ---- | C] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:26:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/02 21:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/02 21:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/02 21:26:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/02 21:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/02 21:09:01 | 343,788,145 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/02 20:29:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 18:10:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:47:16 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/02 17:47:16 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/07/02 17:14:48 | 003,725,496 | R--- | C] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 17:12:04 | 000,464,491 | ---- | C] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:44:19 | 000,782,848 | ---- | C] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 16:42:32 | 000,117,760 | ---- | C] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:00:46 | 000,050,477 | ---- | C] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | C] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 14:19:41 | 001,709,408 | ---- | C] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | C] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:18 | 000,020,480 | ---- | C] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:52 | 000,477,088 | ---- | C] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/29 16:45:59 | 000,000,750 | ---- | C] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/06/28 15:56:57 | 000,167,315 | ---- | C] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:05:14 | 000,102,160 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.chm
[2010/06/28 15:00:24 | 000,231,390 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a29F943.mht
[2010/06/15 12:57:32 | 000,030,720 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:13 | 000,031,232 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/01/20 16:29:16 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/01/06 13:31:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/28 12:13:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/10 23:15:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 23:00:56 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/11/04 13:36:16 | 000,227,072 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/04 15:36:20 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/03/04 15:36:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/05 11:49:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/05 11:15:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/05 11:09:26 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 10:37:51 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/05 09:08:18 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/02/05 09:07:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/05 09:07:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/05 09:07:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/05 09:07:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/28 19:43:54 | 000,270,336 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/06/16 19:44:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\GTWST.dll
[2007/06/11 12:32:48 | 000,126,976 | ---- | C] () -- C:\Windows\System32\RmCard.dll
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/06/28 17:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
[2001/12/27 03:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 10:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 03:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 09:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/01/15 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\111 Pix Ltd
[2008/10/24 15:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer
[2008/02/05 11:43:05 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer GameZone Console
[2010/02/08 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Any Video Converter
[2010/01/03 02:01:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/18 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2009/12/16 12:00:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FLVPlayer4Free
[2010/03/16 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2008/10/24 15:37:42 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2009/01/10 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\ScanSoft
[2009/02/22 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2010/01/03 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Uniblue
[2009/07/10 21:22:46 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\VoipCheapCom
[2010/07/02 14:55:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2010/07/11 09:19:34 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >
------------------------------------------------------------------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------------------------------------------------------------------

OTL Extras logfile created on: 12/07/2010 02:05:00 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 59.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 24.56 Gb Free Space | 35.71% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 49.71 Gb Free Space | 72.50% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LT
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6131F5BF-C0C3-47A1-82E2-3BAA029158C4}" = lport=23917 | protocol=17 | dir=in | name=72.20.34.145 |
"{71CCE834-F956-47D6-88B3-C932FAC17C32}" = lport=445 | protocol=6 | dir=in | app=system |
"{AE6C71A0-B3A1-423E-B77E-174BECA93BCF}" = lport=23917 | protocol=6 | dir=in | name=72.20.34.145 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0FE9A79D-EEEC-4B8E-806F-4E6A1F4BEE66}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{64D571A6-D294-4D9A-9E88-1F692360A237}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{6517A3E3-700F-4A37-9E8C-1844B770E97A}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{BDFF0BCA-E8D7-494A-BA27-BE91B513B0BD}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleil_.exe |
"{D0CBD68C-3948-49D0-98C6-B542694E4356}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{338EA48F-395D-4358-87AF-9A6EE4AF918D}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"TCP Query User{382F6287-A65D-490C-AAA0-6269D0EFEA54}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{393CAC32-7051-41A1-BE4F-4AB3259C01FE}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{4CC194D6-A470-4614-9402-B354D0B795F6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{6C1BF709-47CD-4E94-90DA-D1EBAF7960AC}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=6 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"TCP Query User{6F9AC9F0-1970-4BA2-91A9-105453CC517B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{78546F91-85D6-42B3-851B-E2FDCC758209}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B5BE9302-F31A-4DDC-9640-84CBAF98F0C5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{BD51C547-BC50-4DFB-8990-6CABCB3F2CA9}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{07FF5FC6-3CB4-46AF-9195-66B7D539924C}C:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\steve\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{103E94B6-4E26-4089-A592-BA8AEBA1D5BB}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{1EA3C8B9-AE50-47C5-833F-BB5BB2F3DCC1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{46A968D8-9D6C-4EDB-BA34-AFDC62E3ED96}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |
"UDP Query User{4D0B7F89-8380-4E11-A979-99A2E48466DC}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{7A03A889-E496-4BEE-A1B5-E01316F6C170}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{8A239FF9-5C79-4FB2-B8D7-7F6070860FB5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CB8078FC-A70E-46A5-B36B-5BB0FF21DEB3}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{FB2A3DEA-593C-4A1D-970A-D34C9E65B615}C:\program files\voipcheapcom\voipcheapcom.exe" = protocol=17 | dir=in | app=c:\program files\voipcheapcom\voipcheapcom.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{35C0A1E4-D02A-412C-841F-266DBB116ABB}" = Intel® PROSet/Wireless WiFi Software
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4011515E-FF2B-4337-A95B-2E4AFC1923AE}" = MYGIC TV
"{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DA71A94B-3617-4935-8BBE-1566B2174C95}" = Drv
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
"7-Zip" = 7-Zip 4.65
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"Any Video Converter_is1" = Any Video Converter 2.7.1
"Avira UnErase Personal" = Avira UnErase Personal
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Byki Express" = Byki Express
"Canon MP220 series User Registration" = Canon MP220 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Dia" = Dia (remove only)
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FLVPlayer4Free Free FLV Player_is1" = FLVPlayer4Free Free FLV Player 3.8.0.0
"get_iplayer" = get_iplayer 1.5+
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 1.99.1
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"InstallShield_{4011515E-FF2B-4337-A95B-2E4AFC1923AE}" = MYGIC TV
"Little Registry Cleaner" = Little Registry Cleaner
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"OpenVPN Tap Adapter" = OpenVPN Tap Adapter 9.0
"PC Wizard 2008_is1" = PC Wizard 2008.1.871
"PeerGuardian_is1" = PeerGuardian 2.0
"ProInst" = Intel PROSet Wireless
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"Rapport_msi" = Rapport
"Security Task Manager" = Security Task Manager 1.7h
"Simplyzip" = Simplyzip (remove only)
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SystemRequirementsLab" = System Requirements Lab
"TVWiz" = Intel® TV Wizard
"VoipCheapCom_is1" = VoipCheapCom

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"4f1f873ae9d5c649" = OverPlay VPN
"4XDealer" = 4XDealer
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/09/2009 02:24:17 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 28/09/2009 02:41:36 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:22:56 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:24:09 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:24:48 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:53:17 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 29/09/2009 02:55:23 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 01/10/2009 03:46:00 | Computer Name = Steve-LT | Source = RasClient | ID = 20227
Description =

Error - 01/10/2009 12:20:35 | Computer Name = Steve-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1664 Start Time: 01ca42b2cd6eee24 Termination Time: 78

Error - 01/10/2009 12:21:39 | Computer Name = Steve-LT | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 9f8 Start Time: 01ca42b31ea2b604 Termination Time: 0

[ Media Center Events ]
Error - 27/02/2009 02:41:10 | Computer Name = Steve-LT | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/07/2010 18:18:56 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:19:04 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:21:53 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:22:18 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:24:06 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:24:08 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:34:45 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:54:43 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:56:28 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =

Error - 11/07/2010 18:56:53 | Computer Name = Steve-LT | Source = DCOM | ID = 10016
Description =


< End of report >


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:35 AM

Posted 12 July 2010 - 04:00 PM

One service has returned

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
SRV - (BUML) -- C:\Users\Steve\AppData\Local\Temp\BUML.exe File not found
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Now run ESET's online scanner

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.


Finally run a new OTL scan and post that log.
Posted Image
m0le is a proud member of UNITE

#15 SteveHam

SteveHam
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 12 July 2010 - 05:00 PM

I had a problem with MS security Esentials when I booted-up this morning. It said "Real time protection was Off" & despite pressing the big red start button it didn't want to start.

I know it's best not to install anything, but thought it best to, as I needed internet access today.....

I always boot with the WiFi disabled & at the moment Pear Gaurdean 2 is being diabled on start-up . So I went online & downloaded the installer from MS site & then went Offline, uninstalled MSSE & reinstalled the program. MSSE worked on startup.

I've done another OTL Scan just in case anything has changed. I set it up as you had it before but it only produced otl.txt

I'll wait for your reply before going ahead with the above instructions.

--------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 13/07/2010 00:52:41 - Run 2
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Users\Steve\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 38.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 62.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 68.77 Gb Total Space | 23.40 Gb Free Space | 34.02% Space Free | Partition Type: NTFS
Drive D: | 68.56 Gb Total Space | 49.48 Gb Free Space | 72.17% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LT
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Steve\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
PRC - C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Steve\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (BUML) -- C:\Users\Steve\AppData\Local\Temp\BUML.exe File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (MEMSWEEP2) -- C:\Windows\System32\F630.tmp File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Steve\AppData\Local\Temp\catchme.sys File not found
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys (Trusteer Ltd.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MpFilter) -- C:\Windows\System32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (RapportBuka) -- C:\Windows\System32\drivers\RapportBuka.sys (Trusteer Ltd.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows ® Codename Longhorn DDK provider)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
DRV - (pgfilter) -- C:\Program Files\PeerGuardian2\pgfilter.sys ()
DRV - (BlueletAudio) -- C:\Windows\System32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (Btcsrusb) -- C:\Windows\System32\drivers\btcusb.sys (IVT Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (U6000ALL) U6000 TV Box(ALL) -- C:\Windows\System32\drivers\U6000ALL.sys ()
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (BlueletSCOAudio) -- C:\Windows\System32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BT) -- C:\Windows\System32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\Windows\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\Windows\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\Windows\System32\drivers\VCommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\Windows\System32\drivers\VComm.sys (IVT Corporation.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Chic)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (DritekPortIO) -- C:\Program Files\Launch Manager\DPortIO.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (PortTalk) -- C:\Windows\System32\drivers\PortTalk.sys (Beyond Logic http://www.beyondlogic.org)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.live.com/login.srf?id=2&s...=EN&lc=2057
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 15 FB C0 5D 90 1A CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 19:36:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/05 13:56:43 | 000,000,004 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HijackThis startup scan] C:\Program Files\HijackThis\HijackThis.exe (Soeperman Enterprises Ltd.)
O4 - HKCU..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe (Phoenix Labs)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} http://intel-drv-cdn.systemrequirementslab...reqlab_srlx.cab (System Requirements Lab Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6BB2089-163F-466B-812A-748096614DFD} http://cainternetsecurity.net/scanner/cascanner.cab (CAScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.97.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img8.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 00:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/12 23:40:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\Desktop\pg2 logs
[2010/07/12 10:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/07/12 10:34:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/12 10:31:24 | 007,315,936 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/07/12 01:54:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/12 01:24:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/08 14:03:40 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:38 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/03 10:46:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/03 10:46:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/03 10:46:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/03 10:46:15 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/03 10:46:12 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/03 10:46:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/03 10:46:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/03 10:46:09 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/03 10:46:09 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/03 10:46:09 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/03 10:45:57 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/03 10:45:57 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/03 10:45:57 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/03 10:45:57 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/03 10:45:57 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/03 10:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/07/03 10:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Tap0901
[2010/07/02 21:50:29 | 000,000,000 | ---D | C] -- C:\MGtools
[2010/07/02 21:47:47 | 000,472,064 | ---- | C] ( ) -- C:\Users\Steve\Desktop\RootRepeal.exe
[2010/07/02 21:40:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/02 21:40:43 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/02 21:26:13 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/02 21:26:13 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/02 21:26:13 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/02 21:26:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/02 21:26:02 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/07/02 21:25:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/02 21:24:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/02 20:31:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Malwarebytes
[2010/07/02 20:29:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/02 20:29:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/02 20:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/02 20:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\SUPERAntiSpyware.com
[2010/07/02 18:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/07/02 18:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/02 17:40:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/02 17:39:51 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/02 17:31:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Sun
[2010/07/02 16:56:22 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:28:02 | 009,070,816 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 15:52:41 | 016,529,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/02 15:12:27 | 001,154,616 | ---- | C] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010/07/02 14:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010/06/29 18:17:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\OverPlay.net_LLP
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Deployment
[2010/06/29 18:14:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Apps
[2010/06/28 17:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\PeerGuardian2
[2010/06/28 17:32:24 | 001,958,450 | ---- | C] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:48 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 15:05:14 | 000,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\Steve\Desktop\RootkitRevealer.exe
[2010/06/28 14:06:36 | 010,341,832 | ---- | C] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/27 23:32:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Application Data
[2010/06/25 21:23:11 | 002,457,600 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\RootkitBuster.exe
[2010/06/25 21:02:03 | 001,869,952 | ---- | C] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/24 03:00:32 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/24 03:00:32 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/24 03:00:32 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/24 01:57:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/24 01:57:40 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/20 18:15:06 | 000,231,888 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/13 00:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/13 00:48:28 | 003,407,872 | -HS- | M] () -- C:\Users\Steve\ntuser.dat
[2010/07/13 00:39:25 | 000,001,077 | ---- | M] () -- C:\Users\Steve\Desktop\cports.cfg
[2010/07/12 23:34:56 | 001,620,594 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/12 23:34:56 | 000,622,900 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/12 23:34:56 | 000,006,278 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/12 23:30:57 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/12 23:30:57 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/12 23:29:40 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/07/12 23:29:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 23:29:38 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/12 23:29:37 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/12 23:29:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/12 23:26:52 | 000,065,536 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TM.blf
[2010/07/12 23:26:51 | 000,524,288 | -HS- | M] () -- C:\Users\Steve\ntuser.dat{09670aa8-3d0e-11df-b6ea-001b38d35a15}.TMContainer00000000000000000001.regtrans-ms
[2010/07/12 23:26:24 | 004,080,456 | -H-- | M] () -- C:\Users\Steve\AppData\Local\IconCache.db
[2010/07/12 22:51:24 | 000,021,024 | ---- | M] () -- C:\Users\Steve\Desktop\pg2Capture.JPG
[2010/07/12 15:59:35 | 000,644,433 | ---- | M] () -- C:\Users\Steve\Desktop\1G%20Toucan%20TLUD%20for%20Biochar%20Jan%202010%20-%20final_0.pdf
[2010/07/12 10:36:58 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/12 10:31:40 | 007,315,936 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\mssefullinstall-x86fre-en-us-vista-win7.exe
[2010/07/12 01:24:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\OTL.exe
[2010/07/11 08:50:13 | 000,006,756 | ---- | M] () -- C:\Users\Steve\AppData\Local\d3d9caps.dat
[2010/07/10 19:46:03 | 000,131,857 | ---- | M] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 19:41:39 | 000,002,609 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/07/09 18:40:01 | 000,090,055 | ---- | M] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/08 17:04:55 | 000,105,248 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/07/08 14:04:52 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/08 14:03:47 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mbam-setup-1.46.exe
[2010/07/08 00:25:43 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Users\Steve\Desktop\sdsetup.exe
[2010/07/06 19:22:36 | 000,023,265 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | M] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:32 | 000,064,495 | ---- | M] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/05 13:56:43 | 000,000,004 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/03 17:02:25 | 343,788,145 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/03 13:21:58 | 000,284,915 | ---- | M] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:22 | 000,525,824 | ---- | M] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:15:04 | 000,000,320 | ---- | M] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/03 00:15:45 | 000,000,750 | ---- | M] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/07/02 22:44:16 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/02 22:26:58 | 000,229,697 | ---- | M] () -- C:\MGlogs.zip
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/02 21:47:54 | 000,000,000 | ---- | M] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:37:56 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/02 21:24:33 | 003,725,496 | R--- | M] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 18:10:55 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | M] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:39:13 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/07/02 17:39:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/07/02 17:39:12 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/07/02 17:39:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/07/02 17:22:23 | 000,782,848 | ---- | M] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 17:13:06 | 000,464,491 | ---- | M] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:56:28 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Steve\Desktop\mb.exe
[2010/07/02 16:44:09 | 000,117,760 | ---- | M] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:28:06 | 009,070,816 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Steve\Desktop\SUPERAntiSpyware.exe
[2010/07/02 16:00:48 | 000,050,477 | ---- | M] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:52:42 | 016,529,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Steve\Desktop\jre-6u20-windows-i586-s.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | M] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 15:12:34 | 001,154,616 | ---- | M] (Piriform Ltd) -- C:\Users\Steve\Desktop\ccsetup233_slim.exe
[2010/07/02 14:55:26 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Steve\AppData\Roaming\pcouffin.sys
[2010/07/02 14:55:26 | 000,007,887 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.cat
[2010/07/02 14:55:26 | 000,001,144 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\pcouffin.inf
[2010/07/02 14:19:42 | 001,709,408 | ---- | M] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | M] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:20 | 000,020,480 | ---- | M] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:57 | 000,477,088 | ---- | M] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/28 17:32:31 | 001,958,450 | ---- | M] (Methlabs Productions ) -- C:\Users\Steve\Desktop\pg2-rc1-test2.exe
[2010/06/28 17:08:49 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Steve\Desktop\fsbl.exe
[2010/06/28 16:07:30 | 001,376,832 | ---- | M] () -- C:\Users\Steve\Desktop\sar_15_sfx.exe
[2010/06/28 15:56:57 | 000,167,315 | ---- | M] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:15:41 | 000,231,390 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | M] () -- C:\Windows\System32\a29F943.mht
[2010/06/28 14:06:40 | 010,341,832 | ---- | M] (Microsoft Corporation) -- C:\Users\Steve\Desktop\windows-kb890830-v3.8.exe
[2010/06/25 21:21:14 | 001,074,232 | ---- | M] () -- C:\Users\Steve\Desktop\RootkitBuster_2.80.1077.zip
[2010/06/25 21:02:21 | 001,869,952 | ---- | M] (Trend Micro Inc.) -- C:\Users\Steve\Desktop\HousecallLauncher.exe
[2010/06/20 18:15:11 | 000,231,888 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Steve\Desktop\uninstall_flash_player.exe
[2010/06/16 17:00:47 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/06/15 12:57:34 | 000,030,720 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:15 | 000,031,232 | ---- | M] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/06/13 08:49:44 | 000,392,816 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Users\Steve\Downloads\Documents\*.tmp files -> C:\Users\Steve\Downloads\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/12 23:30:45 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/07/12 22:51:22 | 000,021,024 | ---- | C] () -- C:\Users\Steve\Desktop\pg2Capture.JPG
[2010/07/12 15:59:35 | 000,644,433 | ---- | C] () -- C:\Users\Steve\Desktop\1G%20Toucan%20TLUD%20for%20Biochar%20Jan%202010%20-%20final_0.pdf
[2010/07/12 10:36:58 | 000,000,946 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/07/10 19:46:03 | 000,131,857 | ---- | C] () -- C:\Users\Steve\Desktop\LV.07.08.eng.pdf
[2010/07/09 18:39:58 | 000,090,055 | ---- | C] () -- C:\Users\Steve\Desktop\trusteerrapport.JPG
[2010/07/06 19:22:36 | 000,023,265 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.3.jpg
[2010/07/06 13:32:32 | 000,005,514 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.2.jpg
[2010/07/06 13:30:38 | 000,007,572 | ---- | C] () -- C:\Users\Steve\Desktop\pg2.1.jpg
[2010/07/06 13:14:09 | 000,000,983 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer (No Add-ons) (2).lnk
[2010/07/05 22:08:30 | 000,064,495 | ---- | C] () -- C:\Users\Steve\Desktop\pg2beforeIntConectCapture.JPG
[2010/07/03 13:24:22 | 000,293,376 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.exe
[2010/07/03 13:21:54 | 000,284,915 | ---- | C] () -- C:\Users\Steve\Desktop\gmer.zip
[2010/07/03 12:52:13 | 000,525,824 | ---- | C] () -- C:\Users\Steve\Desktop\dds.scr
[2010/07/03 10:46:00 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/03 10:45:59 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/03 10:45:59 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/03 10:15:06 | 000,000,320 | ---- | C] () -- C:\Users\Steve\Desktop\OverPlay VPN.appref-ms
[2010/07/02 22:44:16 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/02 21:50:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/02 21:50:35 | 000,229,697 | ---- | C] () -- C:\MGlogs.zip
[2010/07/02 21:47:54 | 000,000,000 | ---- | C] () -- C:\Users\Steve\Desktop\settings.dat
[2010/07/02 21:26:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/02 21:26:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/02 21:26:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/02 21:26:13 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/02 21:26:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/02 21:09:01 | 343,788,145 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/02 20:29:55 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/02 18:10:55 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/02 17:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Steve\defogger_reenable
[2010/07/02 17:47:16 | 000,001,875 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/07/02 17:47:16 | 000,001,058 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
[2010/07/02 17:14:48 | 003,725,496 | R--- | C] () -- C:\Users\Steve\Desktop\ComboFix.exe
[2010/07/02 17:12:04 | 000,464,491 | ---- | C] () -- C:\Users\Steve\Desktop\RootRepeal.zip
[2010/07/02 16:44:19 | 000,782,848 | ---- | C] () -- C:\Users\Steve\Desktop\majorgeeks.doc
[2010/07/02 16:42:32 | 000,117,760 | ---- | C] () -- C:\Users\Steve\Downloads\Documents\majorgeeks.doc
[2010/07/02 16:00:46 | 000,050,477 | ---- | C] () -- C:\Users\Steve\Desktop\Defogger.exe
[2010/07/02 15:15:28 | 000,000,808 | ---- | C] () -- C:\Users\Steve\Desktop\CCleaner.lnk
[2010/07/02 14:19:41 | 001,709,408 | ---- | C] () -- C:\Users\Steve\Desktop\taskmanager17.exe
[2010/07/01 15:12:32 | 000,110,628 | ---- | C] () -- C:\Users\Steve\Desktop\castlemain xxxx.jpg
[2010/06/30 17:41:18 | 000,020,480 | ---- | C] () -- C:\Users\Steve\Desktop\TRANSACTION NUMBER.doc
[2010/06/29 18:12:52 | 000,477,088 | ---- | C] () -- C:\Users\Steve\Desktop\setup.exe
[2010/06/29 16:45:59 | 000,000,750 | ---- | C] () -- C:\Users\Steve\Desktop\PeerGuardian.lnk
[2010/06/28 15:56:57 | 000,167,315 | ---- | C] () -- C:\Users\Steve\Desktop\RKRscreendump.jpg
[2010/06/28 15:05:14 | 000,102,160 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.chm
[2010/06/28 15:00:24 | 000,231,390 | ---- | C] () -- C:\Users\Steve\Desktop\RootkitRevealer.zip
[2010/06/28 14:57:37 | 002,335,270 | ---- | C] () -- C:\Windows\System32\a29F943.mht
[2010/06/15 12:57:32 | 000,030,720 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK2.doc
[2010/06/14 12:03:13 | 000,031,232 | ---- | C] () -- C:\Users\Steve\Desktop\FUNDS TRANSFER ORDERS TO ANOTHER BANK.doc
[2010/01/20 16:29:16 | 000,000,014 | ---- | C] () -- C:\Windows\System32\systeminfo3.dll
[2010/01/06 13:31:26 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009/05/28 12:13:31 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/01/10 23:15:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/01/10 23:00:56 | 000,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/11/04 13:36:16 | 000,227,072 | ---- | C] () -- C:\Windows\System32\drivers\U6000ALL.sys
[2008/09/12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008/03/04 15:36:20 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/03/04 15:36:14 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/02/05 11:49:19 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/02/05 11:15:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/05 11:09:26 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/05 10:37:51 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/05 09:08:18 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008/02/05 09:07:44 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/05 09:07:44 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/05 09:07:44 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/05 09:07:44 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/28 19:43:54 | 000,270,336 | ---- | C] () -- C:\Windows\System32\GTTunerCard.dll
[2007/06/16 19:44:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\GTWST.dll
[2007/06/11 12:32:48 | 000,126,976 | ---- | C] () -- C:\Windows\System32\RmCard.dll
[2006/11/02 15:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/06/28 17:34:20 | 000,069,707 | ---- | C] () -- C:\Windows\System32\DISP_OPT1.dll
[2001/12/27 03:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 10:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 03:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 09:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
[1998/01/12 11:00:00 | 000,040,448 | ---- | C] () -- C:\Windows\System32\REGOBJ.DLL

========== LOP Check ==========

[2010/01/15 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\111 Pix Ltd
[2008/10/24 15:37:43 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer
[2008/02/05 11:43:05 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Acer GameZone Console
[2010/02/08 18:58:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Any Video Converter
[2010/01/03 02:01:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2009/02/18 14:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Canon
[2009/12/16 12:00:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FLVPlayer4Free
[2010/03/16 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\gtk-2.0
[2008/10/24 15:37:42 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2009/01/10 23:00:47 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\ScanSoft
[2009/02/22 14:03:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trusteer
[2010/01/03 18:55:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Uniblue
[2009/07/10 21:22:46 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\VoipCheapCom
[2010/07/02 14:55:26 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Vso
[2010/07/12 23:30:57 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/07/12 23:27:10 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users