Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

analytics.google & yahoo hijack


  • This topic is locked This topic is locked
9 replies to this topic

#1 criggle

criggle

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 10 July 2010 - 11:37 AM

Any ways "analytics.google hijack" has hit my comp and I can't find the source. I first noticed by how slow my computer was going and that the internet explorer processes still ran afer exiting the program and two exes in the windows>temp folder were using a large amount of memory at idle (obk.exe and obl.exe) Any ways the analytics.google thing started opening when I searched, sometimes yahoo... i got the ob exe's to stop opening but the browser prob and occasional restart still happens.

Also I am getting sick of wasting several hours of my life, if not days fixing stupid security problems, I am especially bad with network security, so if there is a link, please link me.
And I was wondering if I should make a change from norton to avira free or avast free, the only problem being my passwords are in norton and I can't remember half of em. B/c I've heard it isnt as laggy or a mem hog.. which is good because I have way too many files to scan in a reasonable amount of time. I also use CCleaner, and Malwarebytes on a regular basis. and have "Super AD Blocker" for internet explorer. A friend told me that he sandboxes his system, to make it safe, is this hard to do? I will be completely separating my other files from the windows onto externals, I have a new 2tb. And looking into getting a more compact tower.. I dont think my laptop is good enough to use as a base system, and I would also be connecting 2 additional displays.

Gmer is really dogging it. Its been almost 30 mins and its not giving an indication of being done, but oh well here goes.

Thanks


DDS (Ver_10-03-17.01) - NTFSx86
Run by Cmassaker at 9:07:04.65 on Sat 07/10/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.385 [GMT -6:00]

AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\BlueSoleil\BlueSoleilCS.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\BlueSoleil\BsMobileCS.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\system32\Wacom_Tablet.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\BlueSoleil\BsHelpCS.exe
D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
D:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
D:\WINDOWS\system32\Wacom_Tablet.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
D:\Program Files\Cyberlink\Shared Files\brs.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\Program Files\IE New Window Maximizer\iemaximizer.exe
D:\Documents and Settings\Cmassaker\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\FinePixViewer\QuickDCF.exe
D:\PROGRA~1\MI3AA1~1\rapimgr.exe
D:\Program Files\Logitech\SetPoint\SetPoint.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
D:\Program Files\Digsby\lib\digsby-app.exe
D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\taskmgr.exe
D:\Program Files\BlueSoleil\BtTray.exe
D:\WINDOWS\system32\notepad.exe
D:\Documents and Settings\Cmassaker\Desktop\dds.scr

============== Pseudo HJT Report ===============

uLocal Page = d:\windows.0\system32\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyServer = 96.51.164.1:80
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - d:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - d:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - d:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - d:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - d:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - d:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - d:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "d:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IE New Window Maximizer] d:\program files\ie new window maximizer\iemaximizer.exe
uRun: [WeatherEye] d:\documents and settings\cmassaker\local settings\application data\theweathernetwork\weathereye\WeatherEye.exe
uRun: [H/PC Connection Agent] "d:\program files\microsoft activesync\wcescomm.exe"
mRun: [ATIPTA] d:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [REGSHAVE] d:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\\nTune.exe" clear
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SSBkgdUpdate] "d:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [LogitechQuickCamRibbon] "d:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RemoteControl9] "d:\program files\cyberlink\powerdvd9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "d:\program files\cyberlink\powerdvd9\language\Language.exe"
mRun: [BDRegion] d:\program files\cyberlink\shared files\brs.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "d:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [Google Quick Search Box] "d:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [PWRISOVM.EXE] d:\program files\poweriso\PWRISOVM.EXE
mRun: [HitmanPro35] "d:\program files\hitman pro 3.5\HitmanPro35.exe" /scan:boot
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [MMReminderService] d:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: d:\docume~1\cmassa~1\startm~1\programs\startup\digsby.lnk - d:\program files\digsby\digsby.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - d:\program files\finepixviewer\QuickDCF.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - d:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\ncprot~1.lnk - d:\program files\sec\natural color pro\NCProTray.exe
uPolicies-explorer: NoTaskGrouping = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - d:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send by Bluetooth - d:\program files\bluesoleil\transsend\ie\tsinfo.htm
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Send via &Message... - d:\program files\bluesoleil\transsend\ie\tssms.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - d:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - d:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\mi1933~1\office11\REFIEBAR.DLL
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: msn.com
Trusted Zone: msn.com\video
Trusted Zone: utorrent.com\www
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - d:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\windows\system32\skype4com.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau

============= SERVICES / DRIVERS ===============

R0 BtHidBus;Bluetooth HID Bus Service;d:\windows\system32\drivers\BtHidBus.sys [2008-7-31 20616]
R0 SymDS;Symantec Data Store;d:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;d:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20100619.001\BHDrvx86.sys [2010-6-22 691248]
R1 ccHP;Symantec Hash Provider;d:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;d:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/03/13 20:00:23];d:\program files\cyberlink\powerdvd9\000.fcl [2009-2-28 87536]
R2 BsMobileCS;BsMobileCS;d:\program files\bluesoleil\BsMobileCS.exe [2008-8-1 143467]
R2 NIS;Norton Internet Security;d:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;d:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-4-14 632792]
R2 TabletServiceWacom;TabletServiceWacom;d:\windows\system32\Wacom_Tablet.exe [2009-3-29 2749224]
R3 IDSxpx86;IDSxpx86;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20100709.001\IDSXpx86.sys [2010-7-9 331640]
R3 IvtBtBUs;IVT Bluetooth Bus Service;d:\windows\system32\drivers\IvtBtBus.sys [2008-7-2 26248]
R3 NAVENG;NAVENG;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100709.040\NAVENG.SYS [2010-7-10 85552]
R3 NAVEX15;NAVEX15;d:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\virusdefs\20100709.040\NAVEX15.SYS [2010-7-10 1347504]
R3 wacmoumonitor;Wacom Mode Helper;d:\windows\system32\drivers\wacmoumonitor.sys [2009-3-29 15656]
R4 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\d:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> d:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]
S0 TfFsMon;TfFsMon;d:\windows\system32\drivers\tffsmon.sys --> d:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;d:\windows\system32\drivers\tfsysmon.sys --> d:\windows\system32\drivers\TfSysMon.sys [?]
S1 SABKUTIL;SABKUTIL;\??\d:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> d:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S2 .1115479445;1115479445;d:\program files\1115479445\Cmassaker1115479445L.exe [2009-4-17 419552]
S2 gupdate1c9af2a904b0976;Google Update Service (gupdate1c9af2a904b0976);d:\program files\google\update\GoogleUpdate.exe [2009-3-27 133104]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;d:\windows\system32\drivers\ousbehci.sys [2009-3-28 44928]
S3 iteio;iteio;\??\d:\windows\system32\drivers\iteio.sys --> d:\windows\system32\drivers\iteio.sys [?]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;d:\windows\system32\drivers\ousb2hub.sys [2009-3-28 55936]
S3 pctplsg;pctplsg;\??\d:\windows\system32\drivers\pctplsg.sys --> d:\windows\system32\drivers\pctplsg.sys [?]
S3 TfNetMon;TfNetMon;\??\d:\windows\system32\drivers\tfnetmon.sys --> d:\windows\system32\drivers\TfNetMon.sys [?]

=============== Created Last 30 ================

2010-07-10 14:55:21 0 ----a-w- d:\documents and settings\cmassaker\defogger_reenable
2010-07-10 11:28:12 77312 ----a-w- d:\windows\MBR.exe
2010-07-10 11:28:12 256512 ----a-w- d:\windows\PEV.exe
2010-07-07 23:08:34 0 d-----w- d:\docume~1\alluse~1\applic~1\Mindjet
2010-07-07 23:08:26 0 d-----w- d:\program files\Mindjet
2010-07-07 22:27:52 12872 ----a-w- d:\windows\system32\bootdelete.exe
2010-07-07 22:01:38 880 ----a-w- d:\windows\system32\.crusader
2010-07-07 21:39:30 411368 ----a-w- d:\windows\system32\deployJava1.dll
2010-07-07 21:19:57 0 d-----w- d:\program files\iPod
2010-07-07 21:19:33 0 d-----w- d:\program files\iTunes
2010-07-07 21:10:57 0 d-----w- d:\program files\Bonjour
2010-07-07 20:57:05 16968 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys
2010-07-07 20:56:43 0 d-----w- d:\docume~1\alluse~1\applic~1\Hitman Pro
2010-07-07 20:56:39 0 d-----w- d:\program files\Hitman Pro 3.5
2010-07-06 20:02:38 664 ----a-w- d:\windows\system32\d3d9caps.dat
2010-07-05 19:59:15 0 d-----w- d:\windows\system32\wbem\Repository
2010-07-04 09:03:44 0 d-----w- d:\program files\Alchemy
2010-07-01 05:35:35 0 d-----w- d:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-07-01 00:05:58 0 d-----w- d:\program files\iPod(2)
2010-07-01 00:05:28 0 d-----w- d:\program files\iTunes(2)
2010-07-01 00:05:28 0 d-----w- d:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-30 23:59:35 0 d-----w- d:\program files\QuickTime(2)
2010-06-30 23:55:01 0 d-----w- d:\program files\Bonjour(2)
2010-06-27 20:26:26 0 d-----w- D:\GAMESAVE
2010-06-27 20:23:17 0 d-----w- D:\NDSSAVE
2010-06-20 19:55:00 0 d-----w- d:\documents and settings\cmassaker\Library
2010-06-20 19:55:00 0 d-----w- d:\docume~1\cmassa~1\applic~1\com.adobe.ExMan
2010-06-12 20:25:39 0 d-----w- d:\docume~1\cmassa~1\applic~1\FBAIR.596FB312AB4AF14A42BA76B7E8A07B54AC2BED3A.1

==================== Find3M ====================

2010-07-10 11:43:41 0 ----a-w- d:\windows\system32\drivers\lvuvc.hs
2010-05-18 22:35:16 91424 ----a-w- d:\windows\system32\dnssd.dll
2010-05-18 22:35:16 197920 ----a-w- d:\windows\system32\dnssdX.dll
2010-05-18 22:35:16 107808 ----a-w- d:\windows\system32\dns-sd.exe
2010-04-20 02:47:44 3062048 ----a-w- d:\windows\system32\usbaaplrc.dll

============= FINISH: 9:07:35.54 ===============




Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 13 July 2010 - 09:22 AM

Hello criggle, My names Syler and I will be helping you to solve your malware issues.

Please note we are very busy, so if I don't hear from you within 5 days the topic will be closed, If you have
since resolved your issues I would appreciate if you would let me no so I can close this topic.


We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
    Under the Custom Scans/Fixes box at the bottom, paste in the following bold text.
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\*. /mp /s
    %SYSTEMDRIVE%\*.exe
    netsvcs
    msconfig
    drivers32
    CREATERESTOREPOINT

  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized



Download and Run MBR Rootkit Scan
  • Please download MBR Rootkit Detector and save it on your desktop.
  • Go to Start >> Run then copy and paste the following line into the run box
    "%userprofile%\desktop\mbr.exe" -t

  • Select Run when you recieve a Security Warning
  • The process is automatic, a black DOS window will appear and disappear suddenly. This is normal.
  • A log file will the be created on your desktop where you ran mbr.exe from.
  • Copy and paste the contents of mbr.log on your next reply.


Then please post back here with the following logs:
  • OTL.txt
  • Extra.txt
  • mbr.log

Thanks

unite.jpg


#3 criggle

criggle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 14 July 2010 - 01:15 AM

Hi I havent had the hijacking happen for a bit now, but there is still system slowness etc.

OTL:

OTL logfile created on: 7/13/2010 11:58:56 PM - Run 2
OTL by OldTimer - Version 3.2.8.1 Folder = D:\Documents and Settings\Cmassaker\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 345.00 Mb Available Physical Memory | 34.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 186.30 Gb Total Space | 7.33 Gb Free Space | 3.93% Space Free | Partition Type: NTFS
Drive D: | 189.91 Gb Total Space | 162.89 Gb Free Space | 85.77% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.42 Gb Total Space | 1.33 Gb Free Space | 17.91% Space Free | Partition Type: FAT32
Drive M: | 298.09 Gb Total Space | 0.72 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: THEOS
Current User Name: Cmassaker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
PRC - [2010/06/17 13:24:13 | 000,121,576 | ---- | M] (dotSyntax, LLC) -- D:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/12/18 08:58:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- D:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2009/10/07 09:01:54 | 000,775,168 | ---- | M] () -- D:\Program Files\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/27 15:41:56 | 000,039,408 | ---- | M] (Google Inc.) -- D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/15 04:15:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- D:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/02/28 12:40:38 | 000,075,048 | ---- | M] (cyberlink) -- D:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/02/16 10:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- D:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- D:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/14 03:35:22 | 000,037,656 | ---- | M] (Mindjet) -- D:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2008/10/30 11:14:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- D:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- D:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2008/08/04 18:04:38 | 000,226,816 | ---- | M] () -- D:\Program Files\BlueSoleil\BtTray.exe
PRC - [2008/08/01 15:56:42 | 000,069,735 | ---- | M] () -- D:\Program Files\BlueSoleil\BsHelpCS.exe
PRC - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () -- D:\Program Files\BlueSoleil\BsMobileCS.exe
PRC - [2008/04/13 22:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2008/03/11 14:13:08 | 000,788,332 | ---- | M] () -- D:\Program Files\Digsby\lib\aspell\bin\aspell.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/22 15:00:10 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\soundman.exe
PRC - [2005/05/25 02:40:00 | 000,450,560 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/05/25 02:40:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/04/05 18:01:36 | 000,282,624 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- D:\Program Files\FinePixViewer\QuickDCF.exe
PRC - [2005/02/08 23:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- D:\Program Files\IE New Window Maximizer\iemaximizer.exe
PRC - [2001/08/23 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
MOD - [2010/05/13 23:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/08/08 00:51:14 | 005,812,560 | ---- | M] (Microsoft Corporation) -- d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/11/14 03:34:40 | 000,107,784 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mindjet\MindManager 8\msscript.ocx
MOD - [2008/07/25 11:16:58 | 000,018,936 | ---- | M] (Microsoft Corporation) -- d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
MOD - [2008/04/13 22:42:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msi.dll
MOD - [2005/05/25 02:40:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcp71.dll
MOD - [2005/05/25 02:40:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2005/05/25 02:40:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/07 09:01:54 | 000,775,168 | ---- | M] () [Auto | Running] -- D:\Program Files\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/06 06:26:09 | 000,419,552 | RH-- | M] () [Auto | Stopped] -- D:\Program Files\1115479445\Cmassaker1115479445L.exe -- (.1115479445)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- D:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/08/01 15:56:42 | 000,069,735 | ---- | M] () [On_Demand | Running] -- D:\Program Files\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () [Auto | Running] -- D:\Program Files\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/04/13 22:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 22:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2001/08/23 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | System | Stopped] -- D:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\iteio.sys -- (iteio)
DRV - File not found [Kernel | Disabled | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/07/13 18:38:30 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100713.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 18:38:29 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100713.023\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 13:49:47 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/28 13:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100713.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 12:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 22:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 22:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- D:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/25 12:29:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/08 15:34:22 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
DRV - [2009/10/08 15:34:22 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/10/08 15:34:22 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/10/08 15:34:22 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/10/08 15:34:22 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/10/08 15:34:22 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/08/29 18:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/03/15 04:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/28 20:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/13 20:00:23] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/04 01:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/17 00:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/07/11 11:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/02 14:59:06 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2008/07/02 14:59:02 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2008/07/02 14:58:28 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/06/20 05:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 17:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/05/11 17:31:48 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/22 13:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\Program Files\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/07/26 17:03:22 | 003,644,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/20 15:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 15:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/05/20 15:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/01/11 17:32:20 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/01/11 17:32:14 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/11 17:32:14 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/11 17:32:12 | 000,413,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/01/11 17:32:12 | 000,053,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/11/26 08:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/01 08:09:24 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/08/01 08:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 96.51.164.1:80

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/29 13:49:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/13 10:22:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/11 14:18:02 | 000,000,999 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - D:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] D:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] D:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HitmanPro35] D:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NVIDIA nTune] D:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [H/PC Connection Agent] D:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [IE New Window Maximizer] D:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)
O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [WeatherEye] D:\Documents and Settings\Cmassaker\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = D:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: D:\Documents and Settings\Cmassaker\Start Menu\Programs\Startup\digsby.lnk = D:\Program Files\Digsby\digsby.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send by Bluetooth - D:\Program Files\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send via &Message... - D:\Program Files\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - D:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: msn.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: msn.com ([video] https in Trusted sites)
O15 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003\..Trusted Domains: utorrent.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\Cmassaker\Desktop\misc\Random infos\greys.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Cmassaker\Desktop\misc\Random infos\greys.bmp
O30 - LSA: Authentication Packages - (nwprovau) - D:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/25 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - D:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll File not found

MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= - D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe File not found
MsConfig - StartUpReg: DNS7reminder - hkey= - key= - D:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe (Nuance Communications, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

Drivers32: msacm.ac3acm - D:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - D:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - D:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.siren - D:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - D:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - D:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - D:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - D:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - D:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - D:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - D:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/11 14:54:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/11 14:54:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\Adobe Mini Bridge CS5
[2010/07/11 14:17:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\ALM
[2010/07/11 12:59:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Adobe Illustrator CS5
[2010/07/10 14:18:50 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010/07/10 09:13:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Playlists
[2010/07/10 09:09:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Misc Text
[2010/07/09 14:28:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
[2010/07/07 17:08:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Mindjet
[2010/07/07 17:08:26 | 000,000,000 | ---D | C] -- D:\Program Files\Mindjet
[2010/07/07 16:53:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\{18494770-F03A-4F99-93F7-AE7D4080F8F8}
[2010/07/07 16:27:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- D:\WINDOWS\System32\bootdelete.exe
[2010/07/07 16:00:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/07/07 16:00:49 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/07/07 15:39:30 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/07/07 15:39:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/07/07 15:39:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/07/07 15:39:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/07/07 15:19:57 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2010/07/07 15:19:33 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2010/07/07 15:10:57 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/07/07 14:56:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/07 14:56:39 | 000,000,000 | ---D | C] -- D:\Program Files\Hitman Pro 3.5
[2010/07/07 02:49:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\My Documents\Adobe Scripts
[2010/07/06 17:13:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/06 14:02:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/05 13:56:25 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2010/07/04 03:03:44 | 000,000,000 | ---D | C] -- D:\Program Files\Alchemy
[2010/07/02 14:01:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/02 14:01:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 23:35:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/30 18:05:58 | 000,000,000 | ---D | C] -- D:\Program Files\iPod(2)
[2010/06/30 18:05:28 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes(2)
[2010/06/30 18:05:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/30 17:59:35 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime(2)
[2010/06/30 17:55:01 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour(2)
[2010/06/27 14:26:26 | 000,000,000 | ---D | C] -- D:\GAMESAVE
[2010/06/27 14:23:17 | 000,000,000 | ---D | C] -- D:\NDSSAVE
[2010/06/23 10:14:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\My Documents\Freelance
[2010/06/20 13:55:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Library
[2010/06/20 13:55:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\com.adobe.ExMan
[8 D:\*.tmp files -> D:\*.tmp -> ]
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\Documents and Settings\Cmassaker\Desktop\*.tmp files -> D:\Documents and Settings\Cmassaker\Desktop\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/14 00:01:05 | 000,000,242 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/14 00:01:01 | 000,077,312 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\mbr.exe
[2010/07/13 23:49:00 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/13 23:20:08 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2010/07/13 19:54:21 | 012,845,056 | ---- | M] () -- D:\Documents and Settings\Cmassaker\ntuser.dat
[2010/07/13 15:49:00 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/13 01:41:17 | 000,000,430 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{4161827A-C57C-4FD2-93F0-50E8C42BC252}.job
[2010/07/11 15:59:45 | 002,059,187 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\colorbleep.psd
[2010/07/11 14:43:16 | 000,054,768 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/11 14:18:02 | 000,000,999 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010/07/11 13:52:36 | 000,121,808 | ---- | M] () -- D:\WINDOWS\System32\ativvaxx.cap
[2010/07/11 13:51:11 | 000,000,959 | ---- | M] () -- D:\WINDOWS\System32\bscs.ini
[2010/07/11 13:50:26 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/11 13:50:20 | 000,002,228 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/11 13:50:12 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/11 13:49:37 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/11 13:48:10 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\Cmassaker\ntuser.ini
[2010/07/10 20:20:01 | 004,618,096 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ug1h.psd
[2010/07/10 19:42:22 | 004,550,390 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ugh.psd
[2010/07/10 14:43:31 | 000,001,734 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/07/10 13:59:44 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/10 13:58:04 | 000,000,454 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/07/10 13:57:09 | 000,000,263 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Application Data\Microsoft\Internet Explorer\Quick Launch\FACEBOOK.url
[2010/07/10 10:47:39 | 000,000,719 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/10 09:27:53 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.zip
[2010/07/10 08:55:21 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Cmassaker\defogger_reenable
[2010/07/10 08:54:57 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Defogger.exe
[2010/07/10 03:59:43 | 003,728,667 | R--- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ComboFix.exe
[2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
[2010/07/07 17:06:05 | 000,253,830 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\MMX8RegistryBackup_7-7-2010_17.06.04.reg
[2010/07/07 16:27:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- D:\WINDOWS\System32\bootdelete.exe
[2010/07/07 16:07:22 | 000,000,819 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/07/07 16:01:38 | 000,000,880 | ---- | M] () -- D:\WINDOWS\System32\.crusader
[2010/07/07 15:30:41 | 000,000,162 | -H-- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\~$rk on self.doc
[2010/07/07 14:38:06 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/07 13:39:17 | 003,645,484 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\july7.ifb
[2010/07/07 13:27:59 | 000,275,744 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Netdiag 07072010 132758.htm
[2010/07/06 18:50:33 | 002,121,440 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/06 14:02:38 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 17:06:37 | 000,001,712 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\cc_20100705_170613.reg
[2010/06/30 22:19:03 | 002,107,644 | -H-- | M] () -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\IconCache.db
[2010/06/30 12:03:30 | 000,375,984 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\transferpass.NPM
[2010/06/27 14:23:39 | 067,108,864 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\Call_of_Duty_Modern_Warfare_Mobilized.nds
[2010/06/23 02:26:47 | 000,231,025 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\wheee.pdf
[2010/06/19 01:22:49 | 001,271,178 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\extn_calendar_ss_10[1].pdf
[8 D:\*.tmp files -> D:\*.tmp -> ]
[3 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[3 D:\Documents and Settings\Cmassaker\Desktop\*.tmp files -> D:\Documents and Settings\Cmassaker\Desktop\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/14 00:01:00 | 000,077,312 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\mbr.exe
[2010/07/10 19:59:06 | 004,618,096 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ug1h.psd
[2010/07/10 18:50:02 | 004,550,390 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ugh.psd
[2010/07/10 14:43:31 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/07/10 09:28:26 | 000,293,376 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.exe
[2010/07/10 09:27:46 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.zip
[2010/07/10 08:55:21 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Cmassaker\defogger_reenable
[2010/07/10 08:54:50 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Defogger.exe
[2010/07/10 05:28:12 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010/07/10 05:28:12 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010/07/10 03:59:37 | 003,728,667 | R--- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ComboFix.exe
[2010/07/08 10:03:00 | 002,059,187 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\colorbleep.psd
[2010/07/07 17:06:05 | 000,253,830 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\MMX8RegistryBackup_7-7-2010_17.06.04.reg
[2010/07/07 16:01:38 | 000,000,880 | ---- | C] () -- D:\WINDOWS\System32\.crusader
[2010/07/07 15:30:41 | 000,000,162 | -H-- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\~$rk on self.doc
[2010/07/07 14:57:05 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/07 13:39:15 | 003,645,484 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\july7.ifb
[2010/07/07 13:27:59 | 000,275,744 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Netdiag 07072010 132758.htm
[2010/07/06 14:02:38 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 17:06:16 | 000,001,712 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\cc_20100705_170613.reg
[2010/06/29 12:41:45 | 012,845,056 | ---- | C] () -- D:\Documents and Settings\Cmassaker\ntuser.dat
[2010/06/27 14:23:37 | 067,108,864 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\Call_of_Duty_Modern_Warfare_Mobilized.nds
[2010/06/23 02:26:47 | 000,231,025 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\wheee.pdf
[2010/06/19 01:22:49 | 001,271,178 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\extn_calendar_ss_10[1].pdf
[2010/05/10 15:36:24 | 000,009,728 | ---- | C] () -- D:\WINDOWS\System32\BASSMOD.dll
[2009/11/28 20:28:08 | 000,000,084 | ---- | C] () -- D:\WINDOWS\netdet.ini
[2009/10/18 09:26:39 | 000,013,312 | ---- | C] () -- D:\WINDOWS\System32\drivers\MTictwl.sys
[2009/10/07 09:41:26 | 000,001,907 | ---- | C] () -- D:\WINDOWS\System32\SHORTCUT.INI
[2009/10/07 09:39:10 | 000,000,231 | ---- | C] () -- D:\WINDOWS\System32\REMOTEDEVICE.INI
[2009/10/07 09:25:03 | 000,004,535 | ---- | C] () -- D:\WINDOWS\System32\LOCALSERVICE.INI
[2009/10/07 09:23:20 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\LOCALDEVICE.INI
[2009/10/07 09:18:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\BSPRINT.INI
[2009/10/02 14:15:21 | 000,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll
[2009/10/02 14:15:21 | 000,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll
[2009/07/29 14:28:46 | 002,854,976 | ---- | C] () -- D:\WINDOWS\System32\btwicons.dll
[2009/05/09 21:55:25 | 004,874,240 | ---- | C] () -- D:\WINDOWS\System32\DSE2_DFT.dll
[2009/04/05 14:41:00 | 000,168,448 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2009/04/05 14:40:50 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/04/05 14:40:49 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2009/04/05 14:40:49 | 000,130,048 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/04/05 14:40:44 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/05 14:40:43 | 000,067,584 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009/04/04 01:05:55 | 000,000,114 | ---- | C] () -- D:\WINDOWS\NVProfileManager.INI
[2009/03/30 12:31:49 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/03/29 01:42:24 | 000,000,119 | ---- | C] () -- D:\WINDOWS\NVMonitor.INI
[2009/03/28 17:06:51 | 000,000,204 | ---- | C] () -- D:\WINDOWS\RtlRack.ini
[2009/03/28 16:07:47 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/28 11:07:03 | 000,000,105 | ---- | C] () -- D:\WINDOWS\nTune.INI
[2009/03/28 10:49:09 | 000,000,119 | ---- | C] () -- D:\WINDOWS\NVPerformance.INI
[2009/03/27 10:43:32 | 000,190,976 | ---- | C] () -- D:\WINDOWS\System32\wgalogon.dll.bak
[2009/03/27 10:43:32 | 000,190,976 | ---- | C] () -- D:\WINDOWS\System32\WgaLogon.dll
[2009/03/26 15:18:13 | 000,003,840 | ---- | C] () -- D:\WINDOWS\System32\drivers\BANTExt.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- D:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 18:04:44 | 000,000,959 | ---- | C] () -- D:\WINDOWS\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- D:\WINDOWS\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- D:\WINDOWS\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- D:\WINDOWS\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- D:\WINDOWS\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- D:\WINDOWS\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- D:\WINDOWS\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\BsVistaCommon.dll
[2008/03/20 19:06:36 | 001,481,728 | ---- | C] () -- D:\WINDOWS\System32\LegitCheckControl.dll
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\FlashSys.sys
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- D:\WINDOWS\System32\drivers\n558.sys
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2005/10/23 03:55:02 | 000,000,527 | ---- | C] () -- D:\WINDOWS\GBAMedia.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- D:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- D:\WINDOWS\System32\btcss.dll.manifest
[2004/10/15 10:10:04 | 000,217,088 | ---- | C] () -- D:\WINDOWS\NVGfxOgl.dll
[2004/08/04 03:07:00 | 000,002,000 | ---- | C] () -- D:\WINDOWS\System32\netcache32.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- D:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/02/03 22:56:22 | 000,442,368 | R--- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- D:\WINDOWS\system32\ATIDEMGX.dll
[2009/03/08 05:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\WINDOWS\system32\dxtrans.dll
[1 D:\WINDOWS\system32\*.tmp files -> D:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/03/25 08:42:48 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/03/25 08:42:48 | 001,089,536 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/03/25 08:42:48 | 000,917,504 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %systemroot%\*. /mp /s >

< %SYSTEMDRIVE%\*.exe >

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 181 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 148 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >

Extras:

OTL Extras logfile created on: 7/9/2010 2:33:09 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = M:\New Folder
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 301.00 Mb Available Physical Memory | 29.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 186.30 Gb Total Space | 8.04 Gb Free Space | 4.32% Space Free | Partition Type: NTFS
Drive D: | 189.91 Gb Total Space | 160.20 Gb Free Space | 84.36% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 7.42 Gb Total Space | 1.48 Gb Free Space | 19.99% Space Free | Partition Type: FAT32
Drive M: | 298.09 Gb Total Space | 0.99 Gb Free Space | 0.33% Space Free | Partition Type: NTFS

Computer Name: THEOS
Current User Name: Cmassaker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "D:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [Winamp.Bookmark] -- "D:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe" = D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = D:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\wlcsdk.exe" = D:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"D:\WINDOWS\system32\dpvsetup.exe" = D:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"D:\WINDOWS\system32\dxdiag.exe" = D:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool -- (Microsoft Corporation)
"D:\Program Files\Wacom\TabUserW.exe" = D:\Program Files\Wacom\TabUserW.exe:*:Enabled:TabUserW.exe -- File not found
"D:\WINDOWS\system32\mmc.exe" = D:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"D:\WINDOWS\system32\wacom.dat" = D:\WINDOWS\system32\wacom.dat:*:Enabled:wacom.dat -- ()
"D:\WINDOWS\system32\usmt\migwiz.exe" = D:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"D:\WINDOWS\system32\rundll32.exe" = D:\WINDOWS\system32\rundll32.exe:*:Disabled:Run a DLL as an App -- (Microsoft Corporation)
"D:\Documents and Settings\Cmassaker\Local Settings\Temp\7zSD.tmp\SymNRT.exe" = D:\Documents and Settings\Cmassaker\Local Settings\Temp\7zSD.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"D:\Documents and Settings\Cmassaker\Local Settings\Temp\7zSE.tmp\SymNRT.exe" = D:\Documents and Settings\Cmassaker\Local Settings\Temp\7zSE.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"D:\WINDOWS\system32\dpnsvr.exe" = D:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Program Files\Avast4\ashAvast.exe" = D:\Program Files\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus -- File not found
"D:\Program Files\Microsoft ActiveSync\rapimgr.exe" = D:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\wcescomm.exe" = D:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = D:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"D:\Program Files\Windows Live\Messenger\msnmsgr.exe" = D:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"D:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe" = D:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe:*:Enabled:CyberLink PowerDVD 9.0 -- (CyberLink Corp.)
"D:\WINDOWS\system32\sessmgr.exe" = D:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"D:\Program Files\BlueSoleil\BlueSoleilCS.exe" = D:\Program Files\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
"D:\WINDOWS\system32\spoolsv.exe" = D:\WINDOWS\system32\spoolsv.exe:*:Enabled:spoolsv.exe -- (Microsoft Corporation)
"D:\Program Files\Bonjour\mDNSResponder.exe" = D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0137A953-443D-3864-BFF7-0E7557908E1A}" = Catalyst Control Center Localization All
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP460" = Canon MP460
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2334740B-61D5-3AC3-B0D7-E0BDA32B8367}" = Catalyst Control Center Graphics Light
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.1
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3FC19F-3D9E-B64B-14CF-EC9BFCE8BF4D}" = CCC Help English
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows Journal Viewer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9A47-9999FBE60C9F}" = Visual C++ Runtime for Dragon NaturallySpeaking
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57C4F1A9-FC5E-CB1C-8ACA-E8BB142307C4}" = CCC Help Japanese
"{586BE0D1-6175-4F0F-A072-951CFE0D7AF6}" = NDS GBM GBA Movie Player(M3) Converter Crystal Ver1.22
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6752C3B1-EA8F-E74C-FE3F-A05B8E953C80}" = CCC Help Chinese Standard
"{679068CA-C9E9-4C22-A90D-2C4F2881EF9C}" = Bluesoleil 6.2.227.11
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70A3EC33-4F1B-AEFF-459C-898E78F635DD}" = ccc-utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74323745-D6EB-74DB-D4AD-6C6471482548}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9539EE2D-8BAF-A65C-2CC0-504B9BC1516B}" = CCC Help Thai
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A736138D-904A-66DF-A156-32049A24D40D}" = Skins
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95FF0B9-5CFB-497E-8872-3A5F41AD9D4F}" = VOCALOID2 VSTi V2.0.2.0
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B123B3B1-C2A0-47E7-AAAB-D1E2DBE259CB}" = VOCALOID Editor V1.1.1.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}" = VOCALOID2 Voice DB (Miku)
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE32F4CE-E1BC-E31E-0B0E-192266F6016D}" = ccc-core-static
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2591EB4-FE40-16FD-CF86-028A17A8B18D}" = Catalyst Control Center Graphics Previews Common
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCFFF923-9B10-4568-A437-B2D6E6E46C3B}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE940250-1DF7-87E1-10B0-DADCDECF0053}" = ccc-core-preinstall
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D579FFC2-9345-B62A-489D-82844AE58C1E}" = Catalyst Control Center Core Implementation
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{D78E21DE-3CBD-EDA9-AE71-DC03D9754B8E}" = Catalyst Control Center HydraVision Full
"{D7FD752A-DDB9-4685-83FD-E20C7C59BD84}" = Mindjet MindManager 8
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7712E53-7A7F-46EB-AA13-70D5987D30F2}" = Dragon NaturallySpeaking 10
"{EE5A6ACC-5437-4974-03C4-8707DDB7D77C}" = Catalyst Control Center Graphics Full New
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.4J
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAC611DA-E445-4D7A-8311-7389C627FA32}" = VOCALOID VSTi V1.1.1.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBED3E35-40DB-98A6-0661-0C54C124D7B5}" = CCC Help Chinese Traditional
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Album Art Downloader XUI" = Album Art Downloader XUI 0.25
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Belarc Advisor" = Belarc Advisor 7.2
"CCleaner" = CCleaner (remove only)
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DFX for Winamp" = DFX for Winamp
"Digsby" = Digsby
"EarMaster Pro 5_is1" = EarMaster Pro 5
"Easy Screen Capture 2_is1" = Easy Screen Capture 2
"File Renamer - Basic" = File Renamer - Basic
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"IE New Window Maximizer_is1" = IE New Window Maximizer 2.4
"ie8" = Windows Internet Explorer 8
"IFB_is1" = IFB 1.0
"InstallShield_{291A772C-FFB9-4681-B720-AB2A0A620896}" = Adobe Reader for Pocket PC 2.0
"InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA nTune
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.5
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"M3 GAME Manager" = M3 GAME Manager Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"PC Metronome" = PC Metronome 1.0 (remove only)
"PDF-XChange 3_is1" = PDF-XChange 3
"PocketPicture" = PocketPicture
"PowerISO" = PowerISO
"Registry Mechanic_is1" = Registry Mechanic 9.0
"uTorrent" = µTorrent
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent
"WeatherEye" = WeatherEye

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/9/2010 6:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 7:49:06 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 8:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 9:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 10:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 11:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 12:49:06 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 1:49:05 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 2:49:05 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 4:06:12 PM | Computer Name = THEOS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module pwrisosh.dll, version 4.4.0.0, fault address 0x000069d7.

[ Application Events ]
Error - 7/9/2010 6:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 7:49:06 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 8:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 9:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 10:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 11:49:05 AM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 12:49:06 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 1:49:05 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 2:49:05 PM | Computer Name = THEOS | Source = Google Update | ID = 20
Description =

Error - 7/9/2010 4:06:12 PM | Computer Name = THEOS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module pwrisosh.dll, version 4.4.0.0, fault address 0x000069d7.

[ System Events ]
Error - 7/9/2010 4:43:31 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:34 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:37 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:40 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:42 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:45 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:48 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:52 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:55 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 7/9/2010 4:43:58 PM | Computer Name = THEOS | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.


< End of report >

MBR:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK

Edited by criggle, 14 July 2010 - 01:19 AM.


#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 14 July 2010 - 10:37 AM

That doesn't look to bad, just a few things that need to be dealt with.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    SRV - [2009/04/06 06:26:09 | 000,419,552 | RH-- | M] () [Auto | Stopped] -- D:\Program Files\1115479445\Cmassaker1115479445L.exe -- (.1115479445)
    DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\drivers\TfSysMon.sys -- (TfSysMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\TfNetMon.sys -- (TfNetMon)
    DRV - File not found [Kernel | Boot | Stopped] -- D:\WINDOWS\System32\drivers\TfFsMon.sys -- (TfFsMon)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABProcEnum.sys -- (SABProcEnum)
    DRV - File not found [Kernel | System | Stopped] -- D:\Program Files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys -- (SABKUTIL)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\pctplsg.sys -- (pctplsg)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\WINDOWS\System32\drivers\iteio.sys -- (iteio)
    DRV - File not found [Kernel | Disabled | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- D:\ComboFix\catchme.sys -- (catchme)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKU\S-1-5-21-1957994488-1078145449-1417001333-1003..\Run: [AdobeBridge] File not found
    O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win...fbootloader.cab (Reg Error: Key error.)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    [8 D:\*.tmp files -> D:\*.tmp -> ]
    [3 D:\Documents and Settings\Cmassaker\Desktop\*.tmp files -> D:\Documents and Settings\Cmassaker\Desktop\*.tmp -> ]
    :Files
    D:\Program Files\1115479445
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run a new OTL scan without the bold text, and post the new OTL log.



Then please run OTL again with the following code and click the "Run Scan" button:

CODE
%SYSTEMDRIVE%\wuauserv.dll /s /md5



Then please post back with both logs, thanks.

unite.jpg


#5 criggle

criggle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 18 July 2010 - 04:32 AM

OTL logfile created on: 7/18/2010 3:23:54 AM - Run 4
OTL by OldTimer - Version 3.2.8.1 Folder = D:\Documents and Settings\Cmassaker\Desktop
I don't know if the rest of the settings were right but here goes:

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 122.00 Mb Available Physical Memory | 12.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 186.30 Gb Total Space | 9.07 Gb Free Space | 4.87% Space Free | Partition Type: NTFS
Drive D: | 189.91 Gb Total Space | 161.69 Gb Free Space | 85.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 298.09 Gb Total Space | 0.72 Gb Free Space | 0.24% Space Free | Partition Type: NTFS

Computer Name: THEOS
Current User Name: Cmassaker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
PRC - [2010/06/17 13:24:13 | 000,121,576 | ---- | M] (dotSyntax, LLC) -- D:\Program Files\Digsby\lib\digsby-app.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) -- D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PRC - [2009/10/26 21:42:42 | 000,718,232 | ---- | M] (Pelmorex Media Inc.) -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe
PRC - [2009/10/07 09:01:54 | 000,775,168 | ---- | M] () -- D:\Program Files\BlueSoleil\BlueSoleilCS.exe
PRC - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/03/27 15:41:56 | 000,039,408 | ---- | M] (Google Inc.) -- D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/28 12:40:38 | 000,075,048 | ---- | M] (cyberlink) -- D:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/02/16 10:55:38 | 000,087,336 | ---- | M] (CyberLink Corp.) -- D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2008/12/20 07:50:34 | 002,656,528 | ---- | M] () -- D:\Program Files\Logitech\QuickCam\Quickcam.exe
PRC - [2008/12/20 07:46:58 | 000,558,864 | ---- | M] () -- D:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2008/11/14 03:35:22 | 000,037,656 | ---- | M] (Mindjet) -- D:\Program Files\Mindjet\MindManager 8\MmReminderService.exe
PRC - [2008/10/30 11:14:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- D:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
PRC - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- D:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2008/08/04 18:04:38 | 000,226,816 | ---- | M] () -- D:\Program Files\BlueSoleil\BtTray.exe
PRC - [2008/08/01 15:56:42 | 000,069,735 | ---- | M] () -- D:\Program Files\BlueSoleil\BsHelpCS.exe
PRC - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () -- D:\Program Files\BlueSoleil\BsMobileCS.exe
PRC - [2008/04/13 22:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\snmp.exe
PRC - [2008/04/13 22:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2007/12/13 16:36:46 | 000,049,220 | ---- | M] (Samsung) -- D:\Program Files\SEC\Natural Color Pro\NCProTray.exe
PRC - [2006/11/13 13:39:52 | 001,289,000 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2006/11/13 13:39:34 | 000,199,464 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/07/22 15:00:10 | 000,081,920 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\soundman.exe
PRC - [2005/05/25 02:40:00 | 000,450,560 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2005/05/25 02:40:00 | 000,028,160 | ---- | M] (Logitech Inc.) -- D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2005/04/05 18:01:36 | 000,282,624 | ---- | M] (FUJI PHOTO FILM CO., LTD.) -- D:\Program Files\FinePixViewer\QuickDCF.exe
PRC - [2005/02/08 23:06:40 | 000,356,352 | ---- | M] (jiiSoft) -- D:\Program Files\IE New Window Maximizer\iemaximizer.exe
PRC - [2001/08/23 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\tcpsvcs.exe


========== Modules (SafeList) ==========

MOD - [2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
MOD - [2010/05/13 23:35:01 | 000,415,088 | R--- | M] (Symantec Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\asoehook.dll
MOD - [2009/08/08 00:51:14 | 005,812,560 | ---- | M] (Microsoft Corporation) -- d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 01:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\microsoft.vc90.crt\msvcp90.dll
MOD - [2008/11/14 03:34:40 | 000,107,784 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Mindjet\MindManager 8\msscript.ocx
MOD - [2008/07/25 11:16:58 | 000,018,936 | ---- | M] (Microsoft Corporation) -- d:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
MOD - [2008/04/13 22:42:00 | 002,843,136 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msi.dll
MOD - [2005/05/25 02:40:00 | 000,499,712 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcp71.dll
MOD - [2005/05/25 02:40:00 | 000,348,160 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msvcr71.dll
MOD - [2005/05/25 02:40:00 | 000,057,344 | ---- | M] (Logitech Inc.) -- D:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/08 09:14:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010/02/25 18:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe -- (NIS)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/07 09:01:54 | 000,775,168 | ---- | M] () [Auto | Running] -- D:\Program Files\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2009/05/19 11:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/12/16 21:59:50 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- D:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2008/08/01 15:56:42 | 000,069,735 | ---- | M] () [On_Demand | Running] -- D:\Program Files\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/08/01 15:55:28 | 000,143,467 | ---- | M] () [Auto | Running] -- D:\Program Files\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/04/13 22:42:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008/04/13 22:42:04 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2001/08/23 05:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)


========== Driver Services (SafeList) ==========

DRV - [2010/07/13 18:38:30 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100717.005\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/13 18:38:29 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100717.005\NAVENG.SYS -- (NAVENG)
DRV - [2010/05/29 13:49:47 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/05/29 13:49:47 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/28 13:33:19 | 000,331,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100716.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2010/05/22 12:16:04 | 000,691,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100709.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2010/05/05 22:01:59 | 000,361,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/05/05 22:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2010/05/05 22:01:43 | 000,047,408 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2010/04/28 23:03:51 | 000,116,784 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS -- (SymIRON)
DRV - [2010/04/21 21:02:20 | 000,173,104 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMEFA.SYS -- (SymEFA)
DRV - [2010/04/21 20:29:50 | 000,325,680 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- D:\WINDOWS\System32\Drivers\NIS\1107000.00C\SRTSP.SYS -- (SRTSP)
DRV - [2010/04/21 20:29:50 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2010/02/25 18:22:57 | 000,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys -- (ccHP)
DRV - [2010/02/25 12:29:16 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/08 15:34:22 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl)
DRV - [2009/10/08 15:34:22 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009/10/08 15:34:22 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2009/10/08 15:34:22 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009/10/08 15:34:22 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2009/10/08 15:34:22 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2009/08/29 18:17:18 | 000,328,752 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\NIS\1107000.00C\SYMDS.SYS -- (SymDS)
DRV - [2009/03/15 04:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/02/28 20:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/03/13 20:00:23] [Kernel | Auto | Running] -- D:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/02/04 01:27:20 | 003,488,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/12/17 00:01:20 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008/12/16 21:58:54 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- D:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/07/11 11:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2008/07/02 14:59:06 | 000,027,528 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio)
DRV - [2008/07/02 14:59:02 | 000,033,800 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr)
DRV - [2008/07/02 14:58:28 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/06/20 05:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 17:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 15:06:06 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\VComm.sys -- (VComm)
DRV - [2007/08/15 07:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/05/11 17:31:48 | 000,022,560 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2007/05/11 17:31:36 | 003,580,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Fusion(UVC)
DRV - [2007/05/11 17:30:04 | 001,921,184 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- D:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/22 13:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- D:\Program Files\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2006/08/28 17:12:04 | 000,013,312 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune)
DRV - [2005/07/26 17:03:22 | 003,644,032 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/20 15:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/05/20 15:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2005/05/20 15:00:36 | 000,013,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2005/01/11 17:32:20 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2005/01/11 17:32:14 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/01/11 17:32:14 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/01/11 17:32:12 | 000,413,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2005/01/11 17:32:12 | 000,053,376 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/11/26 08:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/08/01 08:09:24 | 000,055,936 | ---- | M] (OrangeWare Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2004/08/01 08:09:24 | 000,044,928 | ---- | M] (OrangeWare Corporation) [Kernel | Auto | Stopped] -- D:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2004/05/08 10:21:44 | 000,035,840 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- D:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2001/08/23 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/23 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\WINDOWS.0\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 96.51.164.1:80

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2010/05/29 13:49:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: D:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/03/13 10:22:55 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/11 14:18:02 | 000,000,999 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - D:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\17.7.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] D:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDRegion] D:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] D:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Google Quick Search Box] D:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HitmanPro35] D:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] D:\Program Files\Logitech\QuickCam\Quickcam.exe ()
O4 - HKLM..\Run: [MMReminderService] D:\Program Files\Mindjet\MindManager 8\MmReminderService.exe (Mindjet)
O4 - HKLM..\Run: [NVIDIA nTune] D:\Program Files\NVIDIA Corporation\nTune\nTune.exe (NVIDIA)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] D:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [REGSHAVE] D:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [RemoteControl9] D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] D:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [H/PC Connection Agent] D:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
O4 - HKCU..\Run: [IE New Window Maximizer] D:\Program Files\IE New Window Maximizer\iemaximizer.exe (jiiSoft)
O4 - HKCU..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WeatherEye] D:\Documents and Settings\Cmassaker\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (Pelmorex Media Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk = D:\Program Files\FinePixViewer\QuickDCF.exe (FUJI PHOTO FILM CO., LTD.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: D:\Documents and Settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk = D:\Program Files\SEC\Natural Color Pro\NCProTray.exe (Samsung)
O4 - Startup: D:\Documents and Settings\Cmassaker\Start Menu\Programs\Startup\digsby.lnk = D:\Program Files\Digsby\digsby.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTaskGrouping = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send by Bluetooth - D:\Program Files\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send via &Message... - D:\Program Files\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - D:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: msn.com ([video] https in Trusted sites)
O15 - HKCU\..Trusted Domains: utorrent.com ([www] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownlo.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.135.143 64.59.135.145 64.59.128.121
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - D:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\WINDOWS\system32\skype4com.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: D:\Documents and Settings\Cmassaker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\Cmassaker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - D:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/25 15:58:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/18 02:28:49 | 000,000,000 | ---D | C] -- D:\_OTL
[2010/07/16 10:11:57 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\ViceVersa PRO 2
[2010/07/16 10:09:44 | 000,000,000 | ---D | C] -- D:\Program Files\ViceVersa Pro 2
[2010/07/11 14:54:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/07/11 14:54:47 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\Adobe Mini Bridge CS5
[2010/07/11 14:17:27 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\ALM
[2010/07/11 12:59:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Adobe Illustrator CS5
[2010/07/10 14:18:50 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2010/07/10 09:13:44 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Playlists
[2010/07/10 09:09:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Desktop\Misc Text
[2010/07/09 14:28:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
[2010/07/07 17:08:34 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Mindjet
[2010/07/07 17:08:26 | 000,000,000 | ---D | C] -- D:\Program Files\Mindjet
[2010/07/07 16:53:11 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\{18494770-F03A-4F99-93F7-AE7D4080F8F8}
[2010/07/07 16:27:52 | 000,012,872 | ---- | C] (SurfRight B.V.) -- D:\WINDOWS\System32\bootdelete.exe
[2010/07/07 16:00:56 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Sun
[2010/07/07 16:00:49 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Java
[2010/07/07 15:39:30 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\deployJava1.dll
[2010/07/07 15:39:30 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaws.exe
[2010/07/07 15:39:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\javaw.exe
[2010/07/07 15:39:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- D:\WINDOWS\System32\java.exe
[2010/07/07 15:19:57 | 000,000,000 | ---D | C] -- D:\Program Files\iPod
[2010/07/07 15:19:33 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes
[2010/07/07 15:10:57 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2010/07/07 14:56:43 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/07 14:56:39 | 000,000,000 | ---D | C] -- D:\Program Files\Hitman Pro 3.5
[2010/07/07 02:49:23 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\My Documents\Adobe Scripts
[2010/07/06 17:13:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Real
[2010/07/06 14:02:39 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/05 13:56:25 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime
[2010/07/04 03:03:44 | 000,000,000 | ---D | C] -- D:\Program Files\Alchemy
[2010/07/02 14:01:20 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/02 14:01:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/30 23:35:35 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/30 18:05:58 | 000,000,000 | ---D | C] -- D:\Program Files\iPod(2)
[2010/06/30 18:05:28 | 000,000,000 | ---D | C] -- D:\Program Files\iTunes(2)
[2010/06/30 18:05:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/30 17:59:35 | 000,000,000 | ---D | C] -- D:\Program Files\QuickTime(2)
[2010/06/30 17:55:01 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour(2)
[2010/06/27 14:26:26 | 000,000,000 | ---D | C] -- D:\GAMESAVE
[2010/06/27 14:23:17 | 000,000,000 | ---D | C] -- D:\NDSSAVE
[2010/06/23 10:14:03 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\My Documents\Freelance
[2010/06/20 13:55:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Library
[2010/06/20 13:55:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\Cmassaker\Application Data\com.adobe.ExMan

========== Files - Modified Within 30 Days ==========

[2010/07/18 03:01:00 | 000,000,242 | ---- | M] () -- D:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/07/18 02:49:01 | 000,000,886 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/18 02:43:38 | 000,016,968 | ---- | M] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/18 02:40:46 | 000,121,808 | ---- | M] () -- D:\WINDOWS\System32\ativvaxx.cap
[2010/07/18 02:37:41 | 000,000,882 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/18 02:37:37 | 003,557,712 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/18 02:37:20 | 000,000,868 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job
[2010/07/18 02:37:08 | 000,000,959 | ---- | M] () -- D:\WINDOWS\System32\bscs.ini
[2010/07/18 02:36:58 | 000,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT
[2010/07/18 02:36:54 | 000,002,228 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2010/07/18 02:36:49 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2010/07/18 02:36:12 | 000,000,000 | ---- | M] () -- D:\WINDOWS\System32\drivers\lvuvc.hs
[2010/07/18 02:31:32 | 000,000,278 | -HS- | M] () -- D:\Documents and Settings\Cmassaker\ntuser.ini
[2010/07/18 02:31:31 | 012,845,056 | ---- | M] () -- D:\Documents and Settings\Cmassaker\ntuser.dat
[2010/07/17 08:16:04 | 006,342,320 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Untitled-2.psd
[2010/07/17 04:25:18 | 000,000,430 | -H-- | M] () -- D:\WINDOWS\tasks\User_Feed_Synchronization-{4161827A-C57C-4FD2-93F0-50E8C42BC252}.job
[2010/07/16 15:46:36 | 009,609,972 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\random canvas.psd
[2010/07/16 11:04:23 | 000,525,946 | ---- | M] () -- D:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/16 11:04:23 | 000,444,358 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2010/07/16 11:04:23 | 000,072,108 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[2010/07/15 17:16:25 | 001,082,015 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Untitled-1.ai
[2010/07/15 15:31:51 | 002,401,106 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\uh.psd
[2010/07/14 22:34:49 | 000,123,416 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Christie NoA.pdf
[2010/07/14 14:38:07 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/14 00:01:01 | 000,077,312 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\mbr.exe
[2010/07/11 15:59:45 | 002,059,187 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\colorbleep.psd
[2010/07/11 14:43:16 | 000,054,768 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/11 14:18:02 | 000,000,999 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2010/07/10 20:20:01 | 004,618,096 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ug1h.psd
[2010/07/10 19:42:22 | 004,550,390 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ugh.psd
[2010/07/10 14:43:31 | 000,001,734 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/07/10 13:58:04 | 000,000,454 | ---- | M] () -- D:\WINDOWS\system.ini
[2010/07/10 13:57:09 | 000,000,263 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Application Data\Microsoft\Internet Explorer\Quick Launch\FACEBOOK.url
[2010/07/10 10:47:39 | 000,000,719 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/07/10 09:27:53 | 000,284,915 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.zip
[2010/07/10 08:55:21 | 000,000,000 | ---- | M] () -- D:\Documents and Settings\Cmassaker\defogger_reenable
[2010/07/10 08:54:57 | 000,050,477 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Defogger.exe
[2010/07/10 03:59:43 | 003,728,667 | R--- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\ComboFix.exe
[2010/07/09 14:28:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Cmassaker\Desktop\OTL.exe
[2010/07/07 17:06:05 | 000,253,830 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\MMX8RegistryBackup_7-7-2010_17.06.04.reg
[2010/07/07 16:27:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- D:\WINDOWS\System32\bootdelete.exe
[2010/07/07 16:07:22 | 000,000,819 | ---- | M] () -- D:\WINDOWS\win.ini
[2010/07/07 16:01:38 | 000,000,880 | ---- | M] () -- D:\WINDOWS\System32\.crusader
[2010/07/07 15:30:41 | 000,000,162 | -H-- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\~$rk on self.doc
[2010/07/07 13:39:17 | 003,645,484 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\july7.ifb
[2010/07/07 13:27:59 | 000,275,744 | ---- | M] () -- D:\Documents and Settings\Cmassaker\Desktop\Netdiag 07072010 132758.htm
[2010/07/06 14:02:38 | 000,000,664 | ---- | M] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 17:06:37 | 000,001,712 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\cc_20100705_170613.reg
[2010/06/30 22:19:03 | 002,107,644 | -H-- | M] () -- D:\Documents and Settings\Cmassaker\Local Settings\Application Data\IconCache.db
[2010/06/30 12:03:30 | 000,375,984 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\transferpass.NPM
[2010/06/27 14:23:39 | 067,108,864 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\Call_of_Duty_Modern_Warfare_Mobilized.nds
[2010/06/23 02:26:47 | 000,231,025 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\wheee.pdf
[2010/06/19 01:22:49 | 001,271,178 | ---- | M] () -- D:\Documents and Settings\Cmassaker\My Documents\extn_calendar_ss_10[1].pdf

========== Files Created - No Company Name ==========

[2010/07/16 15:50:33 | 006,342,320 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Untitled-2.psd
[2010/07/16 15:46:35 | 009,609,972 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\random canvas.psd
[2010/07/15 16:17:00 | 001,082,015 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Untitled-1.ai
[2010/07/15 15:31:23 | 002,401,106 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\uh.psd
[2010/07/14 22:34:46 | 000,123,416 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Christie NoA.pdf
[2010/07/14 00:01:00 | 000,077,312 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\mbr.exe
[2010/07/10 19:59:06 | 004,618,096 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ug1h.psd
[2010/07/10 18:50:02 | 004,550,390 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ugh.psd
[2010/07/10 14:43:31 | 000,001,734 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2010/07/10 09:28:26 | 000,293,376 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.exe
[2010/07/10 09:27:46 | 000,284,915 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\gmer.zip
[2010/07/10 08:55:21 | 000,000,000 | ---- | C] () -- D:\Documents and Settings\Cmassaker\defogger_reenable
[2010/07/10 08:54:50 | 000,050,477 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Defogger.exe
[2010/07/10 05:28:12 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010/07/10 05:28:12 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010/07/10 03:59:37 | 003,728,667 | R--- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\ComboFix.exe
[2010/07/08 10:03:00 | 002,059,187 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\colorbleep.psd
[2010/07/07 17:06:05 | 000,253,830 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\MMX8RegistryBackup_7-7-2010_17.06.04.reg
[2010/07/07 16:01:38 | 000,000,880 | ---- | C] () -- D:\WINDOWS\System32\.crusader
[2010/07/07 15:30:41 | 000,000,162 | -H-- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\~$rk on self.doc
[2010/07/07 14:57:05 | 000,016,968 | ---- | C] () -- D:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/07/07 13:39:15 | 003,645,484 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\july7.ifb
[2010/07/07 13:27:59 | 000,275,744 | ---- | C] () -- D:\Documents and Settings\Cmassaker\Desktop\Netdiag 07072010 132758.htm
[2010/07/06 14:02:38 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat
[2010/07/05 17:06:16 | 000,001,712 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\cc_20100705_170613.reg
[2010/06/29 12:41:45 | 012,845,056 | ---- | C] () -- D:\Documents and Settings\Cmassaker\ntuser.dat
[2010/06/27 14:23:37 | 067,108,864 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\Call_of_Duty_Modern_Warfare_Mobilized.nds
[2010/06/23 02:26:47 | 000,231,025 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\wheee.pdf
[2010/06/19 01:22:49 | 001,271,178 | ---- | C] () -- D:\Documents and Settings\Cmassaker\My Documents\extn_calendar_ss_10[1].pdf
[2010/05/10 15:36:24 | 000,009,728 | ---- | C] () -- D:\WINDOWS\System32\BASSMOD.dll
[2009/11/28 20:28:08 | 000,000,084 | ---- | C] () -- D:\WINDOWS\netdet.ini
[2009/10/18 09:26:39 | 000,013,312 | ---- | C] () -- D:\WINDOWS\System32\drivers\MTictwl.sys
[2009/10/07 09:41:26 | 000,001,907 | ---- | C] () -- D:\WINDOWS\System32\SHORTCUT.INI
[2009/10/07 09:39:10 | 000,000,231 | ---- | C] () -- D:\WINDOWS\System32\REMOTEDEVICE.INI
[2009/10/07 09:25:03 | 000,004,535 | ---- | C] () -- D:\WINDOWS\System32\LOCALSERVICE.INI
[2009/10/07 09:23:20 | 000,000,097 | ---- | C] () -- D:\WINDOWS\System32\LOCALDEVICE.INI
[2009/10/07 09:18:15 | 000,000,000 | ---- | C] () -- D:\WINDOWS\System32\BSPRINT.INI
[2009/10/02 14:15:21 | 000,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll
[2009/10/02 14:15:21 | 000,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll
[2009/07/29 14:28:46 | 002,854,976 | ---- | C] () -- D:\WINDOWS\System32\btwicons.dll
[2009/05/09 21:55:25 | 004,874,240 | ---- | C] () -- D:\WINDOWS\System32\DSE2_DFT.dll
[2009/04/05 14:41:00 | 000,168,448 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2009/04/05 14:40:50 | 000,795,648 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2009/04/05 14:40:49 | 003,596,288 | ---- | C] () -- D:\WINDOWS\System32\qt-dx331.dll
[2009/04/05 14:40:49 | 000,130,048 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2009/04/05 14:40:44 | 000,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/04/05 14:40:43 | 000,067,584 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll
[2009/04/04 01:05:55 | 000,000,114 | ---- | C] () -- D:\WINDOWS\NVProfileManager.INI
[2009/03/30 12:31:49 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/03/29 01:42:24 | 000,000,119 | ---- | C] () -- D:\WINDOWS\NVMonitor.INI
[2009/03/28 17:06:51 | 000,000,204 | ---- | C] () -- D:\WINDOWS\RtlRack.ini
[2009/03/28 16:07:47 | 000,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll
[2009/03/28 11:07:03 | 000,000,105 | ---- | C] () -- D:\WINDOWS\nTune.INI
[2009/03/28 10:49:09 | 000,000,119 | ---- | C] () -- D:\WINDOWS\NVPerformance.INI
[2009/03/27 10:43:32 | 000,190,976 | ---- | C] () -- D:\WINDOWS\System32\wgalogon.dll.bak
[2009/03/27 10:43:32 | 000,190,976 | ---- | C] () -- D:\WINDOWS\System32\WgaLogon.dll
[2009/03/26 15:18:13 | 000,003,840 | ---- | C] () -- D:\WINDOWS\System32\drivers\BANTExt.sys
[2008/12/16 21:58:54 | 000,025,624 | ---- | C] () -- D:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 21:50:56 | 000,013,584 | ---- | C] () -- D:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/08/04 18:04:44 | 000,000,959 | ---- | C] () -- D:\WINDOWS\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- D:\WINDOWS\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- D:\WINDOWS\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- D:\WINDOWS\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- D:\WINDOWS\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- D:\WINDOWS\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- D:\WINDOWS\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- D:\WINDOWS\System32\BsVistaCommon.dll
[2008/03/20 19:06:36 | 001,481,728 | ---- | C] () -- D:\WINDOWS\System32\LegitCheckControl.dll
[2008/01/31 17:18:14 | 000,009,216 | ---- | C] () -- D:\WINDOWS\System32\drivers\FlashSys.sys
[2007/08/15 07:27:18 | 000,009,600 | ---- | C] () -- D:\WINDOWS\System32\drivers\n558.sys
[2007/05/11 16:12:54 | 000,057,126 | ---- | C] () -- D:\WINDOWS\System32\lvcoinst.ini
[2005/10/23 03:55:02 | 000,000,527 | ---- | C] () -- D:\WINDOWS\GBAMedia.ini
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- D:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- D:\WINDOWS\System32\btcss.dll.manifest
[2004/10/15 10:10:04 | 000,217,088 | ---- | C] () -- D:\WINDOWS\NVGfxOgl.dll
[2004/08/04 03:07:00 | 000,002,000 | ---- | C] () -- D:\WINDOWS\System32\netcache32.sys
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- D:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\wuauserv.dll /s /md5 >
[2008/04/13 22:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- D:\WINDOWS\system32\wuauserv.dll
[2008/04/13 22:42:12 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- D:\WINDOWS\system32\dllcache\wuauserv.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 235 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 181 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 148 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 123 bytes -> D:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
< End of report >


#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 18 July 2010 - 08:40 AM

Hi,
  • Go to Start >> Run, and type Notepad into the run box, then click Ok.
  • Copy and paste the following code into Notepad. ( Do not include the word "CODE")
CODE
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv\Parameters]
"ServiceDll"=hex(2):44,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,00,53,\
  00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,75,00,\
  61,00,75,00,73,00,65,00,72,00,76,00,2e,00,64,00,6c,00,6c,00,00,00
  • Click on the File tab, and select Save.
  • In the box that opens type fix.reg for the File name.
  • Change the Save as type to All Files, then save it to your Desktop. (It should look like this )
  • Double click fix.reg, Select yes when it prompts you, then Ok.



Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning.
  • At the main control page, please click the green button.
  • It will now begin to scan, please be paitent. The scan should not take more than 3 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter$\Rooter_1.txt
  • Now push the button to close Rooter.
  • Please post the contents of that log file here in your next reply.



Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, Aclick on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Then please post back here with the following logs:
  • Rooter_1.txt
  • Kaspersky report

Thanks

unite.jpg


#7 criggle

criggle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 18 July 2010 - 02:13 PM

Kaspersky wont work for me it says that I need a consistent internet connection(which I have) and just doesn't download... (I disabled norton)
My computer seems to be running more slow, or just as slow... The programs I close tend to lag afterwards in task manager and increase in memory usage, mainly internet explorer

Rooter:

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 47 Stepping 0, AuthenticAMD
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:186 Go - Free:9 Go )
D:\ [Fixed-NTFS] .. ( Total:189 Go - Free:161 Go )
E:\ [CD_Rom]
G:\ [Removable]
M:\ [Fixed-NTFS] .. ( Total:298 Go - Free:0 Go )
.
Scan : 12:23.13
Path : D:\Documents and Settings\Cmassaker\Desktop\Rooter.exe
User : Cmassaker ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (1748)
______ \??\D:\WINDOWS\system32\csrss.exe (1804)
______ \??\D:\WINDOWS\system32\winlogon.exe (1860)
______ D:\WINDOWS\system32\services.exe (1904)
______ D:\WINDOWS\system32\lsass.exe (1916)
______ D:\WINDOWS\system32\Ati2evxx.exe (212)
______ D:\WINDOWS\system32\svchost.exe (236)
______ D:\WINDOWS\system32\svchost.exe (296)
______ D:\WINDOWS\System32\svchost.exe (496)
______ D:\WINDOWS\system32\Ati2evxx.exe (576)
______ D:\WINDOWS\system32\svchost.exe (868)
______ D:\WINDOWS\system32\svchost.exe (1128)
______ D:\WINDOWS\system32\spoolsv.exe (1300)
______ D:\WINDOWS\system32\svchost.exe (1480)
______ D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (1712)
______ D:\Program Files\BlueSoleil\BlueSoleilCS.exe (1744)
______ D:\Program Files\Bonjour\mDNSResponder.exe (1800)
______ D:\Program Files\BlueSoleil\BsMobileCS.exe (1880)
______ D:\Program Files\Java\jre6\bin\jqs.exe (764)
______ D:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (956)
______ D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (1148)
______ D:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe (1396)
______ D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (1516)
______ D:\WINDOWS\system32\tcpsvcs.exe (468)
______ D:\WINDOWS\System32\snmp.exe (724)
______ D:\WINDOWS\system32\Wacom_Tablet.exe (1836)
______ D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe (2960)
______ D:\Program Files\BlueSoleil\BsHelpCS.exe (3316)
______ D:\WINDOWS\System32\alg.exe (3636)
______ D:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe (2088)
______ D:\WINDOWS\Explorer.EXE (2412)
______ D:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (2548)
______ D:\WINDOWS\system32\Wacom_Tablet.exe (2656)
______ D:\WINDOWS\system32\wscntfy.exe (2704)
______ D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (3388)
______ D:\WINDOWS\SOUNDMAN.EXE (1344)
______ D:\Program Files\Logitech\QuickCam\Quickcam.exe (3572)
______ D:\Program Files\Common Files\Java\Java Update\jusched.exe (3728)
______ D:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (3784)
______ D:\Program Files\Cyberlink\Shared Files\brs.exe (3888)
______ D:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe (2248)
______ D:\Program Files\iTunes\iTunesHelper.exe (2224)
______ D:\Program Files\Mindjet\MindManager 8\MMReminderService.exe (2064)
______ D:\Program Files\Windows Live\Messenger\msnmsgr.exe (3716)
______ D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (332)
______ D:\Program Files\IE New Window Maximizer\iemaximizer.exe (120)
______ D:\Documents and Settings\Cmassaker\Local Settings\Application Data\TheWeatherNetwork\WeatherEye\WeatherEye.exe (732)
______ D:\Program Files\Microsoft ActiveSync\wcescomm.exe (2452)
______ D:\Program Files\iPod\bin\iPodService.exe (2156)
______ D:\Program Files\FinePixViewer\QuickDCF.exe (3136)
______ D:\PROGRA~1\MI3AA1~1\rapimgr.exe (2908)
______ D:\Program Files\Logitech\SetPoint\SetPoint.exe (648)
______ D:\Program Files\SEC\Natural Color Pro\NCProTray.exe (4032)
______ D:\Program Files\Digsby\lib\digsby-app.exe (3024)
______ D:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE (3708)
______ D:\Program Files\Windows Live\Contacts\wlcomm.exe (5900)
______ D:\Program Files\BlueSoleil\BtTray.exe (3276)
______ D:\Program Files\Adobe\Adobe Photoshop CS5\Photoshop.exe (5224)
______ D:\Program Files\Internet Explorer\iexplore.exe (5168)
______ D:\Program Files\Internet Explorer\iexplore.exe (4904)
______ D:\Program Files\Internet Explorer\iexplore.exe (5912)
______ D:\Documents and Settings\Cmassaker\Desktop\Rooter.exe (1432)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:200038777344)
.
----------------------\\ Scheduled Tasks
.
D:\WINDOWS\Tasks\AppleSoftwareUpdate.job
D:\WINDOWS\Tasks\desktop.ini
D:\WINDOWS\Tasks\Google Software Updater.job
D:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\Tasks\SA.DAT
D:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
D:\WINDOWS\Tasks\User_Feed_Synchronization-{4161827A-C57C-4FD2-93F0-50E8C42BC252}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 12:23.35
.
D:\Rooter$\Rooter_1.txt - (18/07/2010 | 12:23.35)


#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 18 July 2010 - 05:07 PM

Can you try this scanner instead please, then please post a new OTL log with the results.

Please do a scan with ESET OnlineScan

Note: If you run this in a browser other than IE you will be asked to download and install esetsmartinstaller_enu.exe
  • Click the button.
  • Check
  • Click the button.
  • Accept any security warnings from your browser and allow it to install the ActiveX control.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push

unite.jpg


#9 criggle

criggle
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:46 AM

Posted 21 July 2010 - 08:35 AM

dry.gif I ran this scan for about 9 hours, and it doesnt seem to be moving after 72%.... it managed to detect hirens boot CD as a trojan though... (did you want me to try just scanning the windows drive?)

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:11:46 AM

Posted 26 July 2010 - 11:06 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users