Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another Fake Antivirus Program


  • This topic is locked This topic is locked
19 replies to this topic

#1 CheckersMcGavern

CheckersMcGavern

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 20 July 2010 - 09:05 PM

My parents have somehow managed to get yet another fake anti-virus/malware program installed on their computer.

This thing has a complete lockdown on the system. No Browser Windows, just about any and all programs already installed are prevented from opening, and I can't even get it to go into Safe mode because the keyboard inexplicably refuses to work when the DOS 'Safe mode, regular mode' selection screen comes up.

So, remembering the solution for the problem last time, I have booted the computer with that REATOGO boot CD you all had me create. I went ahead and did an OTL scan and have the log ready for you.

Thanks for your time. I know you guys are really busy and I appreciate the work you do. =)

-----------------------------

OTL logfile created on: 7/20/2010 11:48:38 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 748.00 Mb Available Physical Memory | 73.00% Memory free
907.00 Mb Paging File | 748.00 Mb Available in Paging File | 82.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 125.52 Gb Free Space | 84.22% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/07/17 08:05:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- E:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/17 08:04:04 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- E:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () [Auto] -- E:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/06/08 08:40:50 | 000,782,336 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/07/17 08:05:13 | 000,243,024 | ---- | M] () [Kernel | System] -- E:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- E:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:19:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- E:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/18 06:10:48 | 000,031,264 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto] -- E:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2008/01/22 17:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/27 21:05:40 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/11/06 23:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/08/15 03:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 11:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/08/04 08:14:34 | 000,065,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/05/30 04:05:30 | 000,089,610 | R--- | M] (Silicon Image, Inc) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2003/05/12 12:59:24 | 000,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/05/12 12:59:10 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/05/12 12:58:55 | 000,102,912 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/05/12 12:58:02 | 000,062,464 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003/05/12 12:57:17 | 000,051,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003/05/12 12:54:15 | 000,038,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2003/04/21 02:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/04/11 01:32:36 | 000,502,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/04/02 22:59:46 | 000,850,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/04/01 08:07:58 | 000,142,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/03/27 00:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/25 08:13:30 | 000,144,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/03/25 08:13:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/25 08:13:02 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/03/25 08:12:54 | 000,190,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/25 08:11:24 | 000,134,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/03/19 03:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- E:\WINDOWS\system32\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 04:08:54 | 000,021,851 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2003/02/12 00:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Daniel_Bright_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Daniel_Bright_ON_E\..\URLSearchHook: *{03402F96-3DC7-4285-BC50-9E81FEFAFE43} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_E\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_E\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_E\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Daniel_Bright_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Daniel_Bright_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Daniel_Bright_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Program Files\AVG\AVG9\Firefox [2010/06/04 06:42:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: E:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/23 13:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: E:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/07/10 13:14:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/07/10 13:14:40 | 000,000,000 | ---D | M]

[2010/07/18 17:33:25 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2007/12/27 21:10:37 | 000,000,000 | ---D | M] (AdVantage) -- E:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/06/10 17:49:05 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Daniel_Bright_ON_E\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\Daniel_Bright_ON_E\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\Daniel_Bright_ON_E\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Daniel_Bright_ON_E\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] E:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] E:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
O4 - HKLM..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] E:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\Daniel_Bright_ON_E..\Run: [Messenger (Yahoo!)] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Daniel_Bright_ON_E..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
O4 - HKU\Daniel_Bright_ON_E..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Daniel_Bright_ON_E..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\Daniel_Bright_ON_E..\Run: [Yneyalegacu] E:\WINDOWS\MUICTDE.DLL (Dritek System Inc.)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Daniel_Bright_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Daniel_Bright_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Daniel_Bright_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Daniel_Bright_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_E\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - E:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - E:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - E:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - e:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/20 06:30:57 | 000,186,368 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- E:\WINDOWS\isewifuk.dll
[2010/07/20 06:28:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn
[2010/07/17 08:05:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/10 12:27:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens
[2010/06/27 15:42:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbdjpn.dll
[2010/06/27 15:42:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/06/27 15:42:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbdkor.dll
[2010/06/27 15:42:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/06/27 15:42:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd101c.dll
[2010/06/27 15:42:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/06/27 15:42:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd103.dll
[2010/06/27 15:42:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd103.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd106.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd106.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd101b.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/05/19 07:09:23 | 001,767,968 | ---- | C] (Sony Corporation ) -- E:\Program Files\PA_DRIVER.EXE
[2010/05/19 07:06:39 | 002,289,828 | ---- | C] (Sony Corporation ) -- E:\Program Files\UPDATE_MDSB2001U.EXE
[2007/10/27 11:40:46 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/07/20 19:59:53 | 004,990,228 | ---- | M] () -- E:\WINDOWS\{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF
[2010/07/20 19:59:22 | 000,013,694 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/07/20 19:59:11 | 000,000,868 | ---- | M] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2010/07/20 19:58:46 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/07/20 19:58:42 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/07/20 19:55:28 | 006,291,456 | -H-- | M] () -- E:\Documents and Settings\Daniel Bright\NTUSER.DAT
[2010/07/20 18:15:33 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\Daniel Bright\ntuser.ini
[2010/07/20 18:15:00 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job
[2010/07/20 18:12:39 | 000,001,010 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003UA.job
[2010/07/20 10:44:10 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/20 10:44:10 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/20 10:44:09 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settingsbkup.sfm
[2010/07/20 10:44:09 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settings.sfm
[2010/07/20 10:44:09 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/20 10:44:09 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/20 08:32:15 | 000,002,811 | ---- | M] () -- E:\WINDOWS\acoyeval.dll
[2010/07/20 06:49:58 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/07/20 06:30:58 | 000,186,368 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- E:\WINDOWS\isewifuk.dll
[2010/07/19 18:02:42 | 062,215,657 | ---- | M] () -- E:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 16:12:00 | 000,000,958 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003Core.job
[2010/07/17 08:05:13 | 000,243,024 | ---- | M] () -- E:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 08:05:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 16:47:18 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\ALCFDRTM.VER
[2010/07/14 14:14:04 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/10 12:12:55 | 283,100,236 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/07/03 19:12:37 | 000,043,520 | ---- | M] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/02 02:13:04 | 000,002,358 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/07/20 08:32:15 | 000,002,811 | ---- | C] () -- E:\WINDOWS\acoyeval.dll
[2010/07/10 12:09:20 | 283,100,236 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/06/14 19:23:30 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/05/20 10:52:45 | 000,532,480 | ---- | C] () -- E:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/04/29 15:23:31 | 000,027,475 | ---- | C] () -- E:\WINDOWS\CSTBox.INI
[2010/04/03 13:37:57 | 000,000,262 | ---- | C] () -- E:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/26 14:51:21 | 000,000,512 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2009/02/21 14:06:57 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 13:45:16 | 000,000,021 | ---- | C] () -- E:\WINDOWS\atid.ini
[2008/12/02 19:09:24 | 000,000,406 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2008/12/02 19:07:09 | 000,000,004 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Application Data\95E8F8
[2008/12/02 19:07:08 | 000,870,128 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Application Data\mcs.rma
[2008/10/16 14:10:27 | 000,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2008/08/02 13:50:22 | 000,243,024 | ---- | C] () -- E:\WINDOWS\System32\drivers\avgtdix.sys
[2008/04/16 12:15:59 | 001,445,456 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\ymjmsi.log
[2008/04/14 16:57:51 | 000,010,621 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\.recently-used.xbel
[2008/02/18 01:09:08 | 000,000,010 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2007/12/27 14:03:29 | 000,000,352 | ---- | C] () -- E:\WINDOWS\LEXSTAT.INI
[2007/10/28 12:48:16 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
[2007/10/28 12:47:40 | 000,068,908 | ---- | C] () -- E:\WINDOWS\System32\Emu10kx.ini
[2007/10/28 12:47:40 | 000,000,029 | ---- | C] () -- E:\WINDOWS\System32\ctzapxx.ini
[2007/10/28 12:47:35 | 000,005,515 | ---- | C] () -- E:\WINDOWS\System32\ENSDEF.INI
[2007/10/28 12:47:35 | 000,000,194 | ---- | C] () -- E:\WINDOWS\System32\KILL.INI
[2007/10/28 12:45:33 | 000,000,136 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
[2007/10/28 10:21:55 | 000,000,000 | ---- | C] () -- E:\WINDOWS\ATIMMC.INI
[2007/10/27 19:03:15 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2007/10/27 12:59:58 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini
[2007/10/27 12:11:20 | 000,207,360 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/27 11:40:47 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini
[2007/10/27 11:26:43 | 000,032,768 | R--- | C] () -- E:\WINDOWS\System32\idecoi.dll
[2007/10/26 19:22:33 | 000,057,344 | -H-- | C] () -- E:\Documents and Settings\Daniel Bright\ntuser.dat.LOG
[2007/10/26 19:22:33 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\Daniel Bright\ntuser.ini
[2007/10/26 19:22:32 | 006,291,456 | -H-- | C] () -- E:\Documents and Settings\Daniel Bright\NTUSER.DAT
[2007/10/26 19:21:20 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2007/10/26 19:21:20 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/10/26 19:21:20 | 000,000,020 | -HS- | C] () -- E:\Documents and Settings\LocalService\ntuser.ini
[2007/10/26 19:21:13 | 000,000,020 | -HS- | C] () -- E:\Documents and Settings\NetworkService\ntuser.ini
[2007/10/26 19:21:12 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/10/26 19:21:12 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\NetworkService\ntuser.dat.LOG

========== LOP Check ==========

[2007/12/10 18:39:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\.BitTornado
[2007/11/21 06:40:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\acccore
[2007/11/21 06:27:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Aim
[2009/04/27 22:12:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Amazon
[2009/02/21 14:07:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Atari
[2010/04/29 15:48:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Canon
[2008/04/19 11:36:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\CDBurnerXP_Soft
[2007/12/27 21:19:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\DAEMON Tools
[2008/04/01 19:30:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\gtk-2.0
[2009/02/21 14:06:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Leadertech
[2009/11/08 12:26:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\LimeWire
[2007/10/27 12:17:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Netscape
[2007/12/01 16:42:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Viewpoint
[2010/07/20 18:15:00 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job

========== Purity Check ==========


< End of report >


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 27 July 2010 - 06:27 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 July 2010 - 09:52 AM

Okay, here's the deal: I can't download anything from my regular Windows because of the virus (it blocks any and all sites) so I'm on my CD boot OS. I tried downloading it from there, but it gives me an error when I run it saying framedyn.dll was not found.

There's already a version of OTL on here, so I ran that instead. I hope that's alright. Here is the resulting log (although it didn't give me an extra.txt for some reason).

Oh, and ignore the C drive info. I had to change the C drive to E in order for it to give me the log file. For some reason the info for C is still there.
------------------------------
OTL logfile created on: 7/27/2010 1:38:44 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 739.00 Mb Available Physical Memory | 72.00% Memory free
907.00 Mb Paging File | 788.00 Mb Available in Paging File | 87.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
Drive C: | 149.04 Gb Total Space | 125.47 Gb Free Space | 84.19% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 125.47 Gb Free Space | 84.19% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/07/17 08:05:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- E:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/07/17 08:04:04 | 000,921,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- E:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2008/04/13 20:12:02 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll -- (helpsvc)
SRV - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () [Auto] -- E:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/06/08 08:40:50 | 000,782,336 | ---- | M] (Sony Corporation) [Auto] -- E:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Auto] -- -- (MCSTRM)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2010/07/17 08:05:13 | 000,243,024 | ---- | M] () [Kernel | System] -- E:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- E:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:19:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- E:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/18 06:10:48 | 000,031,264 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto] -- E:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2008/01/22 17:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/27 21:05:40 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/11/06 23:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/08/15 03:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 11:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/08/04 08:14:34 | 000,065,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/05/30 04:05:30 | 000,089,610 | R--- | M] (Silicon Image, Inc) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r)
DRV - [2003/05/12 12:59:24 | 000,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/05/12 12:59:10 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/05/12 12:58:55 | 000,102,912 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/05/12 12:58:02 | 000,062,464 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003/05/12 12:57:17 | 000,051,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003/05/12 12:54:15 | 000,038,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto] -- E:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2003/04/21 02:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2003/04/11 01:32:36 | 000,502,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/04/02 22:59:46 | 000,850,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/04/01 08:07:58 | 000,142,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/03/27 00:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/25 08:13:30 | 000,144,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/03/25 08:13:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/25 08:13:02 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/03/25 08:12:54 | 000,190,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/25 08:11:24 | 000,134,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/03/19 03:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto] -- E:\WINDOWS\system32\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 04:08:54 | 000,021,851 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2003/02/12 00:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot] -- E:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- E:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{03402F96-3DC7-4285-BC50-9E81FEFAFE43} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Program Files\AVG\AVG9\Firefox [2010/06/04 06:42:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: E:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/23 13:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: E:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/07/21 01:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/07/10 13:14:40 | 000,000,000 | ---D | M]

[2008/06/17 17:15:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Extensions
[2010/07/18 17:33:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions
[2010/04/28 10:30:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 14:28:50 | 000,000,000 | ---D | M] (Ad blocker) -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/06/20 00:12:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\DeviceDetection@logitech.com
[2009/07/01 04:36:34 | 000,004,207 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\aim-search.xml
[2009/11/08 11:59:51 | 000,002,168 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\inbox-search.xml
[2010/02/28 12:38:12 | 000,009,985 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\mywebsearch.xml
[2010/07/21 01:01:00 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2007/12/27 21:10:37 | 000,000,000 | ---D | M] (AdVantage) -- E:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/06/10 17:49:05 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Daniel_Bright_ON_C\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\Daniel_Bright_ON_C\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\Daniel_Bright_ON_C\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\Daniel_Bright_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] E:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] E:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
O4 - HKLM..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] E:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\Daniel_Bright_ON_C..\Run: [Messenger (Yahoo!)] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Daniel_Bright_ON_C..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
O4 - HKU\Daniel_Bright_ON_C..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Daniel_Bright_ON_C..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\Daniel_Bright_ON_C..\Run: [Yneyalegacu] E:\WINDOWS\MUICTDE.DLL (Dritek System Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = E:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Daniel_Bright_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Daniel_Bright_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Daniel_Bright_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Daniel_Bright_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AIM Toolbar Search - E:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - E:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - E:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - e:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WdfLoadGroup -
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - e:\WINDOWS\system32\Rundll32.exe e:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - E:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - E:\WINDOWS\system32\ias [2007/10/26 22:21:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - C:\WINDOWS\system32\wuauserv.dll (Microsoft Corporation)
NetSvcs: helpsvc - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/23 23:17:55 | 000,000,000 | ---D | C] -- E:\Program Files\PokerStars.NET
[2010/07/20 06:30:57 | 000,186,368 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- E:\WINDOWS\isewifuk.dll
[2010/07/20 06:28:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn
[2010/07/17 08:05:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/10 12:27:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens
[2010/06/27 15:42:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbdjpn.dll
[2010/06/27 15:42:30 | 000,008,704 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbdjpn.dll
[2010/06/27 15:42:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbdkor.dll
[2010/06/27 15:42:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbdkor.dll
[2010/06/27 15:42:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd101c.dll
[2010/06/27 15:42:30 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd101c.dll
[2010/06/27 15:42:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd103.dll
[2010/06/27 15:42:30 | 000,005,632 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd103.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd106.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd106.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\kbd101b.dll
[2010/06/27 15:42:24 | 000,006,144 | ---- | C] (Microsoft Corporation) -- E:\WINDOWS\System32\dllcache\kbd101b.dll
[2010/05/19 07:09:23 | 001,767,968 | ---- | C] (Sony Corporation ) -- E:\Program Files\PA_DRIVER.EXE
[2010/05/19 07:06:39 | 002,289,828 | ---- | C] (Sony Corporation ) -- E:\Program Files\UPDATE_MDSB2001U.EXE
[2007/10/27 11:40:46 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2010/07/21 00:18:24 | 006,291,456 | -H-- | M] () -- E:\Documents and Settings\Daniel Bright\NTUSER.DAT
[2010/07/20 19:59:53 | 004,990,228 | ---- | M] () -- E:\WINDOWS\{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF
[2010/07/20 19:59:22 | 000,013,694 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/07/20 19:59:11 | 000,000,868 | ---- | M] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2010/07/20 19:58:46 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/07/20 19:58:42 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/07/20 18:15:33 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\Daniel Bright\ntuser.ini
[2010/07/20 18:15:00 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job
[2010/07/20 18:12:39 | 000,001,010 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003UA.job
[2010/07/20 10:44:10 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/07/20 10:44:10 | 000,262,144 | -H-- | M] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2010/07/20 10:44:09 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/20 10:44:09 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settingsbkup.sfm
[2010/07/20 10:44:09 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settings.sfm
[2010/07/20 10:44:09 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/20 10:44:09 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/20 08:32:15 | 000,002,811 | ---- | M] () -- E:\WINDOWS\acoyeval.dll
[2010/07/20 06:49:58 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/07/20 06:30:58 | 000,186,368 | ---- | M] (Parallels Holdings, Ltd. and its affiliates.) -- E:\WINDOWS\isewifuk.dll
[2010/07/19 18:02:42 | 062,215,657 | ---- | M] () -- E:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/19 16:12:00 | 000,000,958 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003Core.job
[2010/07/17 08:05:13 | 000,243,024 | ---- | M] () -- E:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 08:05:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/15 16:47:18 | 000,060,416 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\ALCFDRTM.VER
[2010/07/14 14:14:04 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/10 12:12:55 | 283,100,236 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/07/03 19:12:37 | 000,043,520 | ---- | M] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2010/07/02 02:13:04 | 000,002,358 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2010/07/20 08:32:15 | 000,002,811 | ---- | C] () -- E:\WINDOWS\acoyeval.dll
[2010/07/10 12:09:20 | 283,100,236 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/06/14 19:23:30 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/05/20 10:52:45 | 000,532,480 | ---- | C] () -- E:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/04/29 15:23:31 | 000,027,475 | ---- | C] () -- E:\WINDOWS\CSTBox.INI
[2010/04/03 13:37:57 | 000,000,262 | ---- | C] () -- E:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/26 14:51:21 | 000,000,512 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2009/02/21 14:06:57 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 13:45:16 | 000,000,021 | ---- | C] () -- E:\WINDOWS\atid.ini
[2008/12/02 19:09:24 | 000,000,406 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2008/12/02 19:07:09 | 000,000,004 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Application Data\95E8F8
[2008/12/02 19:07:08 | 000,870,128 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Application Data\mcs.rma
[2008/10/16 14:10:27 | 000,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2008/08/02 13:50:22 | 000,243,024 | ---- | C] () -- E:\WINDOWS\System32\drivers\avgtdix.sys
[2008/04/16 12:15:59 | 001,445,456 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\ymjmsi.log
[2008/04/14 16:57:51 | 000,010,621 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\.recently-used.xbel
[2008/02/18 01:09:08 | 000,000,010 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2007/12/27 14:03:29 | 000,000,352 | ---- | C] () -- E:\WINDOWS\LEXSTAT.INI
[2007/10/28 12:48:16 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
[2007/10/28 12:47:40 | 000,068,908 | ---- | C] () -- E:\WINDOWS\System32\Emu10kx.ini
[2007/10/28 12:47:40 | 000,000,029 | ---- | C] () -- E:\WINDOWS\System32\ctzapxx.ini
[2007/10/28 12:47:35 | 000,005,515 | ---- | C] () -- E:\WINDOWS\System32\ENSDEF.INI
[2007/10/28 12:47:35 | 000,000,194 | ---- | C] () -- E:\WINDOWS\System32\KILL.INI
[2007/10/28 12:45:33 | 000,000,136 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
[2007/10/28 10:21:55 | 000,000,000 | ---- | C] () -- E:\WINDOWS\ATIMMC.INI
[2007/10/27 19:03:15 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2007/10/27 12:59:58 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini
[2007/10/27 12:11:20 | 000,207,360 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/27 11:40:47 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini
[2007/10/27 11:26:43 | 000,032,768 | R--- | C] () -- E:\WINDOWS\System32\idecoi.dll
[2007/10/26 19:22:33 | 000,020,480 | -H-- | C] () -- E:\Documents and Settings\Daniel Bright\ntuser.dat.LOG
[2007/10/26 19:22:33 | 000,000,178 | -HS- | C] () -- E:\Documents and Settings\Daniel Bright\ntuser.ini
[2007/10/26 19:22:32 | 006,291,456 | -H-- | C] () -- E:\Documents and Settings\Daniel Bright\NTUSER.DAT
[2007/10/26 19:21:20 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\LocalService\NTUSER.DAT
[2007/10/26 19:21:20 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\LocalService\ntuser.dat.LOG
[2007/10/26 19:21:20 | 000,000,020 | -HS- | C] () -- E:\Documents and Settings\LocalService\ntuser.ini
[2007/10/26 19:21:13 | 000,000,020 | -HS- | C] () -- E:\Documents and Settings\NetworkService\ntuser.ini
[2007/10/26 19:21:12 | 000,262,144 | -H-- | C] () -- E:\Documents and Settings\NetworkService\NTUSER.DAT
[2007/10/26 19:21:12 | 000,008,192 | -H-- | C] () -- E:\Documents and Settings\NetworkService\ntuser.dat.LOG

========== LOP Check ==========

[2007/12/10 18:39:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\.BitTornado
[2007/11/21 06:40:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\acccore
[2007/11/21 06:27:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Aim
[2009/04/27 22:12:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Amazon
[2009/02/21 14:07:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Atari
[2010/04/29 15:48:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Canon
[2008/04/19 11:36:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\CDBurnerXP_Soft
[2007/12/27 21:19:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\DAEMON Tools
[2008/04/01 19:30:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\gtk-2.0
[2009/02/21 14:06:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Leadertech
[2009/11/08 12:26:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\LimeWire
[2007/10/27 12:17:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Netscape
[2007/12/01 16:42:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Viewpoint
[2010/07/20 18:15:00 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/12/18 22:41:50 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/12/18 22:41:50 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/07/27 08:00:00 | 018,738,937 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/12/18 22:41:50 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/12/18 22:41:50 | 023,852,652 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2007/07/27 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2007/07/27 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- E:\WINDOWS\system32\eventlog.dll
[2007/07/27 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- E:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- E:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- E:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2007/07/27 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2003/04/21 02:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) MD5=F45FDCB8D45439459A6B738AEF45AA94 -- E:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2007/07/27 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- E:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 000,025,088 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\davclnt.dll
[2008/06/20 13:46:57 | 000,147,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\dnsapi.dll
[2008/04/13 20:11:52 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\drprov.dll
[2010/02/25 11:54:36 | 011,070,976 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\ieframe.dll
[2010/02/25 02:24:35 | 001,985,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\iertutil.dll
[2008/04/13 20:12:00 | 000,274,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\mstask.dll
[2008/04/13 20:12:01 | 000,011,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\netrap.dll
[2008/04/13 20:12:02 | 000,080,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\netui0.dll
[2008/04/13 20:12:02 | 000,245,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\netui1.dll
[2008/04/13 20:12:02 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\ntdsapi.dll
[2008/04/13 20:12:02 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\ntlanman.dll
[2008/06/17 15:02:19 | 008,461,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- E:\WINDOWS\system32\shell32.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/10/26 14:55:35 | 000,094,208 | ---- | M] () -- E:\WINDOWS\system32\config\default.sav
[2007/10/26 14:55:34 | 000,659,456 | ---- | M] () -- E:\WINDOWS\system32\config\software.sav
[2007/10/26 14:55:34 | 000,917,504 | ---- | M] () -- E:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\system32\drivers\avgldx86.sys
[2010/06/03 08:19:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\system32\drivers\avgmfx86.sys
[2010/07/17 08:05:13 | 000,243,024 | ---- | M] () -- E:\WINDOWS\system32\drivers\avgtdix.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- E:\WINDOWS\system32\drivers\mbamswissarmy.sys
< End of report >

Edited by CheckersMcGavern, 27 July 2010 - 09:55 AM.


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 27 July 2010 - 12:35 PM

Hi,

ok, please run this fix and let me know if you can then boot:

Run OTLPE
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    O4 - HKLM..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
    O4 - HKU\Daniel_Bright_ON_C..\Run: [pxgsgaad] E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe ()
    O4 - HKU\Daniel_Bright_ON_C..\Run: [Yneyalegacu] E:\WINDOWS\MUICTDE.DLL (Dritek System Inc.)
    IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{03402F96-3DC7-4285-BC50-9E81FEFAFE43} - Reg Error: Key error. File not found
    IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\Daniel_Bright_ON_C\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    [2010/07/20 06:30:57 | 000,186,368 | ---- | C] (Parallels Holdings, Ltd. and its affiliates.) -- E:\WINDOWS\isewifuk.dll
    [2010/07/20 06:28:16 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn
    [2010/07/20 08:32:15 | 000,002,811 | ---- | C] () -- E:\WINDOWS\acoyeval.dll
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Let me know if you can now boot.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 27 July 2010 - 05:38 PM

I did the fix and rebooted without the boot CD. Things are looking good so far. Had a little trouble with getting my browsers to access the internet (Had to change proxy settings), but that's taken care of now.

Here's the log from the fix. What's next? Shall we run MBAM?
----------

========== OTL ==========
Unable to set value : HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E!
Unable to set value : HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E!
Unable to set value : HKU\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pxgsgaad deleted successfully.
E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe moved successfully.
Registry key HKEY_USERS\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
File E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn\yxmlibqtssd.exe not found.
Registry key HKEY_USERS\Daniel_Bright_ON_C\Software\Microsoft\Windows\CurrentVersion\Run not found.
E:\WINDOWS\MUICTDE.dll moved successfully.
Registry key HKEY_USERS\Daniel_Bright_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{03402F96-3DC7-4285-BC50-9E81FEFAFE43}\ not found.
Registry key HKEY_USERS\Daniel_Bright_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.
Registry key HKEY_USERS\Daniel_Bright_ON_C\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
E:\WINDOWS\isewifuk.dll moved successfully.
E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\tuxvleuyn folder moved successfully.
E:\WINDOWS\acoyeval.dll moved successfully.
========== FILES ==========
File\Folder C:\Windows\tasks\at*.job not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Daniel Bright
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: LocalService
-> No Temporary Internet Files cache folder defined!

User: NetworkService
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 213803 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

Total Files Cleaned = 0.00 mb


OTLPE by OldTimer - Version 3.1.39.0 log created on 07272010_211630


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 28 July 2010 - 01:17 AM

Hi,
yes please run Malwarebytes. Please also run a scan with OTL from your working machine and not from the CD.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 30 July 2010 - 10:08 AM

Ran MBAM yesterday, found and removed 3 threats. Mom was on today and her Windows explorer window was inexplicably closed on her twice today... so I'm running MBAM again. I'm also going to download OTL and run it as soon as MBAM is done. I'll post the log once it's done.

*edit*
Okay, finished the OTL quickscan. Here are the logs.
------------------------------------------------------------------

OTL logfile created on: 7/30/2010 11:23:56 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Documents and Settings\Daniel Bright\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 539.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 125.45 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-70DB0853
Current User Name: Daniel Bright
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/30 11:20:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
PRC - [2010/07/27 18:39:23 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/07/17 08:05:15 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/17 08:05:09 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/17 08:05:09 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/17 08:05:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/17 08:04:04 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/17 08:04:01 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () -- E:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- E:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2003/08/15 03:34:50 | 000,057,344 | ---- | M] (Realtek Semiconductor Corp.) -- E:\WINDOWS\SOUNDMAN.EXE
PRC - [2003/04/10 04:36:52 | 000,028,672 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTHELPER.EXE
PRC - [2002/10/29 09:18:24 | 000,049,152 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
PRC - [2002/09/30 01:00:00 | 000,045,056 | ---- | M] (Creative Technology Ltd) -- E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe


========== Modules (SafeList) ==========

MOD - [2010/07/30 11:20:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
MOD - [2009/07/20 12:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 12:25:46 | 000,017,424 | ---- | M] (Logitech, Inc.) -- E:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\system32\msscript.ocx
MOD - [2003/03/25 08:39:22 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- E:\WINDOWS\system32\CTAGENT.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - [2010/07/27 18:39:23 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/17 08:05:04 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- E:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- E:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/03/09 11:20:26 | 000,071,096 | ---- | M] () [Auto | Running] -- E:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/04 17:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- E:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- E:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- E:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/06/08 08:40:50 | 000,782,336 | ---- | M] (Sony Corporation) [Auto | Stopped] -- E:\Program Files\Sony\MD Simple Burner\NetMDSB.exe -- (NetMDSB)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/27 18:39:34 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- E:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- E:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:19:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- E:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/03/18 06:10:48 | 000,031,264 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- E:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2008/01/22 17:38:03 | 002,845,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/27 21:05:40 | 000,715,248 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- E:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/11/06 23:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/09 10:56:22 | 000,021,248 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2007/04/09 10:55:08 | 000,022,912 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2007/04/09 10:53:24 | 000,012,672 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2003/08/15 03:53:12 | 000,462,684 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2003/08/14 11:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/08/04 08:14:34 | 000,065,152 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\Rtlnic51.sys -- (RTL8023)
DRV - [2003/05/30 04:05:30 | 000,089,610 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\SI3112r.sys -- (SI3112r)
DRV - [2003/05/12 12:59:24 | 000,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2003/05/12 12:59:10 | 000,013,824 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2003/05/12 12:58:55 | 000,102,912 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2003/05/12 12:58:02 | 000,062,464 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2003/05/12 12:57:17 | 000,051,200 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2003/05/12 12:54:15 | 000,038,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Auto | Stopped] -- E:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2003/04/21 02:18:00 | 000,052,608 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2003/04/11 01:32:36 | 000,502,160 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/04/02 22:59:46 | 000,850,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2003/04/01 08:07:58 | 000,142,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2003/03/27 00:58:56 | 000,287,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2003/03/25 08:13:30 | 000,144,736 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2003/03/25 08:13:20 | 000,135,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/03/25 08:13:02 | 000,006,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2003/03/25 08:12:54 | 000,190,176 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/03/25 08:11:24 | 000,134,656 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2003/03/19 03:51:00 | 000,018,688 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- E:\WINDOWS\system32\pfmodnt.sys -- (PfModNT)
DRV - [2003/02/20 04:08:54 | 000,021,851 | R--- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\iteraid.sys -- (iteraid)
DRV - [2003/02/12 00:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- E:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2002/08/08 15:51:32 | 000,038,951 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\NETMDUSB.sys -- (NETMDUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\URLSearchHook: *{03402F96-3DC7-4285-BC50-9E81FEFAFE43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\URLSearchHook: *{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: E:\Program Files\AVG\AVG9\Firefox [2010/07/27 20:06:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: E:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/05/23 13:40:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: E:\Program Files\MyWebSearch\bar\1.bin File not found
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: E:\Program Files\Mozilla Firefox\components [2010/07/21 01:00:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: E:\Program Files\Mozilla Firefox\plugins [2010/07/10 13:14:40 | 000,000,000 | ---D | M]

[2008/06/17 17:15:25 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Extensions
[2010/07/28 20:48:31 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions
[2010/04/28 10:30:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/14 14:28:50 | 000,000,000 | ---D | M] (Ad blocker) -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2010/06/20 00:12:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\DeviceDetection@logitech.com
[2009/07/01 04:36:34 | 000,004,207 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\aim-search.xml
[2009/11/08 11:59:51 | 000,002,168 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\inbox-search.xml
[2010/02/28 12:38:12 | 000,009,985 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\searchplugins\mywebsearch.xml
[2010/07/28 20:48:31 | 000,000,000 | ---D | M] -- E:\Program Files\Mozilla Firefox\extensions
[2007/12/27 21:10:37 | 000,000,000 | ---D | M] (AdVantage) -- E:\Program Files\Mozilla Firefox\extensions\{A89AED22-9133-424c-88E7-C8235C5FF302}
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- E:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/06/10 17:49:05 | 000,000,027 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {2787EA8E-8D87-48AF-88AD-B30246C917AB} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - E:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AppleSyncNotifier] E:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AsioReg] E:\WINDOWS\System32\CTASIO.DLL (Creative Technology Ltd)
O4 - HKLM..\Run: [CTDVDDet] E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [CTHelper] E:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SBDrvDet] E:\Program Files\Creative\SB Drive Det\SBDrvDet.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [SoundMan] E:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [UpdReg] E:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003..\Run: [Messenger (Yahoo!)] E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003..\Run: [updateMgr] E:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003..\Run: [Yneyalegacu] E:\WINDOWS\MUICTDE.DLL File not found
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = E:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: E:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = E:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &AIM Toolbar Search - E:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html ()
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - E:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - E:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - E:\Program Files\PokerStars.TEST\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-1500820517-725345543-1003\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} http://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} http://zone.msn.com/bingame/zpagames/zpa_pool.cab56649.cab (CBankshotZoneCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 76.85.229.110 76.85.229.111
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - E:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - E:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - e:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/30 11:20:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2010/07/27 21:16:30 | 000,000,000 | ---D | C] -- E:\_OTL
[2010/07/23 23:17:55 | 000,000,000 | ---D | C] -- E:\Program Files\PokerStars.NET
[2010/07/17 08:05:09 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/10 12:27:05 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens
[2010/06/20 00:18:24 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Application Data\Logitech
[2010/06/20 00:18:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/06/20 00:17:53 | 000,010,384 | ---- | C] (Logitech, Inc.) -- E:\WINDOWS\System32\drivers\LBeepKE.sys
[2010/06/20 00:17:00 | 000,170,512 | ---- | C] (Logitech, Inc.) -- E:\WINDOWS\System32\kemutb.dll
[2010/06/20 00:17:00 | 000,145,936 | ---- | C] (Logitech, Inc.) -- E:\WINDOWS\System32\KemUtil.dll
[2010/06/20 00:17:00 | 000,117,264 | ---- | C] (Logitech, Inc.) -- E:\WINDOWS\System32\KemWnd.dll
[2010/06/20 00:17:00 | 000,084,496 | ---- | C] (Logitech, Inc.) -- E:\WINDOWS\System32\KemXML.dll
[2010/06/20 00:16:47 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\Application Data\Logitech
[2010/06/20 00:16:43 | 000,000,000 | -HSD | C] -- E:\Config.Msi
[2010/06/20 00:16:40 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Logishrd
[2010/06/20 00:16:35 | 000,000,000 | ---D | C] -- E:\Program Files\Logitech
[2010/06/11 13:59:17 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2010/06/10 17:43:16 | 000,000,000 | RHSD | C] -- E:\cmdcons
[2010/06/10 17:36:24 | 000,000,000 | ---D | C] -- E:\WINDOWS\ERDNT
[2010/06/04 22:26:04 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/04 22:26:03 | 000,000,000 | ---D | C] -- E:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/04 21:41:04 | 000,000,000 | ---D | C] -- E:\Program Files\$NtUninstallWTF1012$
[2010/05/20 11:12:14 | 000,000,000 | ---D | C] -- E:\Documents and Settings\All Users\SonicStage
[2010/05/20 11:05:29 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Desktop\SBurner
[2010/05/20 10:52:45 | 000,770,048 | ---- | C] (Gracenote) -- E:\WINDOWS\System32\CDDBUISony.dll
[2010/05/20 10:52:45 | 000,655,360 | ---- | C] (Gracenote, Inc.) -- E:\WINDOWS\System32\CDDBControlSony.dll
[2010/05/20 10:52:45 | 000,589,824 | ---- | C] (Gracenote) -- E:\WINDOWS\System32\CddbMusicIDSony.dll
[2010/05/20 10:52:45 | 000,073,728 | ---- | C] (Gracenote) -- E:\WINDOWS\System32\CddbLinkSony.dll
[2010/05/20 10:51:10 | 000,000,000 | ---D | C] -- E:\Documents and Settings\Daniel Bright\Application Data\Sony Corporation
[2010/05/20 10:51:09 | 000,000,000 | ---D | C] -- E:\Program Files\Common Files\Sony Shared
[2010/05/19 07:09:50 | 000,000,000 | ---D | C] -- E:\Program Files\Sony
[2010/05/19 07:09:23 | 001,767,968 | ---- | C] (Sony Corporation ) -- E:\Program Files\PA_DRIVER.EXE
[2010/05/19 07:06:39 | 002,289,828 | ---- | C] (Sony Corporation ) -- E:\Program Files\UPDATE_MDSB2001U.EXE
[2007/10/27 11:40:46 | 000,065,536 | ---- | C] ( ) -- E:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 90 Days ==========

[2010/07/30 11:20:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Documents and Settings\Daniel Bright\Desktop\OTL.exe
[2010/07/30 11:12:01 | 000,001,010 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003UA.job
[2010/07/30 10:59:11 | 000,000,868 | ---- | M] () -- E:\WINDOWS\tasks\Google Software Updater.job
[2010/07/30 10:08:00 | 004,990,228 | ---- | M] () -- E:\WINDOWS\{00000001-00000000-0000000A-00001102-00000004-10071102}.CDF
[2010/07/30 10:07:59 | 000,013,694 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010/07/30 10:07:22 | 006,291,456 | -H-- | M] () -- E:\Documents and Settings\Daniel Bright\NTUSER.DAT
[2010/07/30 10:07:21 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010/07/30 10:07:17 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010/07/30 08:14:48 | 062,757,562 | ---- | M] () -- E:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/29 21:22:37 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job
[2010/07/29 16:12:00 | 000,000,958 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003Core.job
[2010/07/29 00:49:21 | 000,000,000 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/07/28 14:14:02 | 000,000,284 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/07/28 00:15:05 | 000,002,358 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Google Chrome.lnk
[2010/07/28 00:15:05 | 000,002,336 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/07/27 20:04:49 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/27 20:04:49 | 000,030,168 | ---- | M] () -- E:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/27 20:04:49 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/27 20:04:49 | 000,030,132 | ---- | M] () -- E:\WINDOWS\System32\BMXState-{00000001-00000000-0000000A-00001102-00000004-10071102}.rfx
[2010/07/27 20:04:49 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settingsbkup.sfm
[2010/07/27 20:04:49 | 000,002,064 | ---- | M] () -- E:\WINDOWS\System32\settings.sfm
[2010/07/27 20:04:49 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/27 20:04:49 | 000,000,292 | ---- | M] () -- E:\WINDOWS\System32\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
[2010/07/27 20:04:26 | 000,000,178 | -HS- | M] () -- E:\Documents and Settings\Daniel Bright\ntuser.ini
[2010/07/27 18:39:34 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/17 08:05:09 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\avgrsstx.dll
[2010/07/17 08:04:04 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/10 12:12:55 | 283,100,236 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/07/03 19:12:37 | 000,043,520 | ---- | M] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2010/06/20 00:17:42 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/06/20 00:17:42 | 000,000,000 | -H-- | M] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/06/20 00:17:05 | 000,001,701 | ---- | M] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/06/20 00:17:05 | 000,001,695 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/06/16 13:23:06 | 000,617,561 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\f5d7230-4_us_8.01.21.bin
[2010/06/10 17:49:16 | 000,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010/06/10 17:49:05 | 000,000,027 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\hosts
[2010/06/10 17:43:20 | 000,000,281 | RHS- | M] () -- E:\boot.ini
[2010/06/03 08:19:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- E:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/27 19:42:24 | 000,149,932 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\BatmanAsGreenLantern.jpg
[2010/05/21 18:57:49 | 000,014,012 | -H-- | M] () -- E:\WINDOWS\System32\mlfcache.dat
[2010/05/21 18:57:32 | 000,002,187 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010/05/21 00:38:54 | 000,090,389 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\Fringe.jpg
[2010/05/20 11:06:17 | 000,001,652 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\MD Simple Burner.lnk
[2010/05/20 10:52:47 | 000,001,612 | ---- | M] () -- E:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2010/05/17 22:38:13 | 000,207,360 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 03:00:46 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010/05/12 00:20:58 | 001,013,293 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\129167583988157915.gif
[2010/05/12 00:20:53 | 000,985,844 | ---- | M] () -- E:\Documents and Settings\Daniel Bright\Desktop\dramaticcatu.gif

========== Files Created - No Company Name ==========

[2010/07/10 12:09:20 | 283,100,236 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\Hirens.BootCD.10.6.zip
[2010/06/20 00:17:42 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/06/20 00:17:42 | 000,000,000 | -H-- | C] () -- E:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/06/20 00:17:05 | 000,001,701 | ---- | C] () -- E:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/06/20 00:17:05 | 000,001,695 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\Logitech Mouse and Keyboard Settings.lnk
[2010/06/16 13:23:04 | 000,617,561 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\f5d7230-4_us_8.01.21.bin
[2010/06/14 19:23:30 | 000,000,000 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
[2010/06/10 17:43:20 | 000,000,210 | ---- | C] () -- E:\Boot.bak
[2010/06/10 17:43:17 | 000,260,272 | ---- | C] () -- E:\cmldr
[2010/05/27 19:42:24 | 000,149,932 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\BatmanAsGreenLantern.jpg
[2010/05/21 18:57:49 | 000,014,012 | -H-- | C] () -- E:\WINDOWS\System32\mlfcache.dat
[2010/05/21 00:38:54 | 000,090,389 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\Fringe.jpg
[2010/05/20 11:06:16 | 000,001,652 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\MD Simple Burner.lnk
[2010/05/20 10:52:47 | 000,001,612 | ---- | C] () -- E:\Documents and Settings\All Users\Desktop\SonicStage.lnk
[2010/05/20 10:52:45 | 000,532,480 | ---- | C] () -- E:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2010/05/12 00:20:58 | 001,013,293 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\129167583988157915.gif
[2010/05/12 00:20:53 | 000,985,844 | ---- | C] () -- E:\Documents and Settings\Daniel Bright\Desktop\dramaticcatu.gif
[2010/04/29 15:23:31 | 000,027,475 | ---- | C] () -- E:\WINDOWS\CSTBox.INI
[2010/04/03 13:37:57 | 000,000,262 | ---- | C] () -- E:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/06/26 14:51:21 | 000,000,512 | ---- | C] () -- E:\WINDOWS\SIERRA.INI
[2009/02/21 14:06:57 | 000,043,520 | ---- | C] () -- E:\WINDOWS\System32\CmdLineExt03.dll
[2008/12/17 13:45:16 | 000,000,021 | ---- | C] () -- E:\WINDOWS\atid.ini
[2008/12/02 19:09:24 | 000,000,406 | ---- | C] () -- E:\WINDOWS\cdplayer.ini
[2008/10/16 14:10:27 | 000,000,754 | ---- | C] () -- E:\WINDOWS\WORDPAD.INI
[2008/02/18 01:09:08 | 000,000,010 | ---- | C] () -- E:\WINDOWS\WININIT.INI
[2007/12/27 14:03:29 | 000,000,352 | ---- | C] () -- E:\WINDOWS\LEXSTAT.INI
[2007/10/28 12:48:16 | 000,000,231 | ---- | C] () -- E:\WINDOWS\AC3API.INI
[2007/10/28 12:47:40 | 000,068,908 | ---- | C] () -- E:\WINDOWS\System32\Emu10kx.ini
[2007/10/28 12:47:40 | 000,000,029 | ---- | C] () -- E:\WINDOWS\System32\ctzapxx.ini
[2007/10/28 12:47:35 | 000,005,515 | ---- | C] () -- E:\WINDOWS\System32\ENSDEF.INI
[2007/10/28 12:47:35 | 000,000,194 | ---- | C] () -- E:\WINDOWS\System32\KILL.INI
[2007/10/28 12:45:33 | 000,000,136 | ---- | C] () -- E:\WINDOWS\SBWIN.INI
[2007/10/28 10:21:55 | 000,000,000 | ---- | C] () -- E:\WINDOWS\ATIMMC.INI
[2007/10/27 19:03:15 | 000,363,520 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2007/10/27 12:59:58 | 000,000,169 | ---- | C] () -- E:\WINDOWS\RtlRack.ini
[2007/10/27 11:40:47 | 000,000,164 | ---- | C] () -- E:\WINDOWS\avrack.ini
[2007/10/27 11:26:43 | 000,032,768 | R--- | C] () -- E:\WINDOWS\System32\idecoi.dll

========== LOP Check ==========

[2008/12/17 13:35:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\acccore
[2009/06/29 21:06:50 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/06/22 11:48:20 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/02/11 13:21:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\avg9
[2010/03/10 22:18:06 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Driver Whiz
[2008/03/30 13:18:42 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\GameTap
[2007/11/10 12:28:26 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Grisoft
[2009/10/13 19:28:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
[2009/04/01 20:45:19 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/29 21:06:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/01/01 17:00:57 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\YAHOO
[2009/12/29 20:00:32 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/15 20:57:34 | 000,000,000 | ---D | M] -- E:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/12/10 18:39:39 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\.BitTornado
[2007/11/21 06:40:23 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\acccore
[2007/11/21 06:27:22 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Aim
[2009/04/27 22:12:27 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Amazon
[2009/02/21 14:07:28 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Atari
[2010/04/29 15:48:40 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Canon
[2008/04/19 11:36:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\CDBurnerXP_Soft
[2007/12/27 21:19:35 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\DAEMON Tools
[2008/04/01 19:30:44 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\gtk-2.0
[2009/02/21 14:06:11 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Leadertech
[2009/11/08 12:26:02 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\LimeWire
[2007/10/27 12:17:14 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Netscape
[2007/12/01 16:42:58 | 000,000,000 | ---D | M] -- E:\Documents and Settings\Daniel Bright\Application Data\Viewpoint
[2010/07/29 21:22:37 | 000,000,438 | -H-- | M] () -- E:\WINDOWS\Tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job

========== Purity Check ==========


< End of report >



OTL Extras logfile created on: 7/30/2010 11:23:56 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = E:\Documents and Settings\Daniel Bright\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 539.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): E:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Program Files
C: Drive not present or media not loaded
D: Drive not present or media not loaded
Drive E: | 149.04 Gb Total Space | 125.45 Gb Free Space | 84.17% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DANIEL-70DB0853
Current User Name: Daniel Bright
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\Program Files\Common Files\AOL\Loader\aolload.exe" = E:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"E:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = E:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox -- (Yahoo! Inc.)
"E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"E:\Program Files\AIM6\aim6.exe" = E:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"E:\Program Files\AVG\AVG9\avgemc.exe" = E:\Program Files\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG9\avgupd.exe" = E:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\AVG\AVG9\avgnsx.exe" = E:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"E:\Program Files\iTunes\iTunes.exe" = E:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"E:\Program Files\Ventrilo\Ventrilo.exe" = E:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF1011$" = Street-Ads Browser Enhancer
"$NtUninstallWTF1012$" = Sky-Banners browser enhancer
"{02B05067-A6BD-443F-BC52-B0084122F4CD}" = musicshakeENG
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1319A9A7-C690-285F-FB22-FC6172DF3DB9}" = ccc-core-static
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{16105864-23F0-6242-A1D7-06DCB32244B6}" = Catalyst Control Center Graphics Full New
"{190772CB-88C3-BC16-D9F4-29ED96EA070F}" = Catalyst Control Center Graphics Previews Common
"{22944268-4375-294B-219A-08A9288142FC}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{42095863-98D1-4A49-BDF8-638DE8A5F316}" = Sound Blaster Audigy 2
"{47E09785-B2FB-11D5-B8EE-00B0D0D26B88}" = MD Simple Burner 2.0.04
"{4C9DC3EF-B9BA-B15E-5670-D6FA8762AEA8}" = Catalyst Control Center Graphics Full Existing
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{67E158AF-8856-4337-B483-EA21930786AF}" = GameTap
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E3CEC6E-D5CD-32E7-110E-F34EB5004D26}" = Skins
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7501D933-23C3-400F-92C7-0FAD97819B48}" = Catalyst Control Center Core Implementation
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}" = Google Earth
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CB0D4901-BF3B-4599-6148-642E17D748CF}" = ccc-utility
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D563054D-307E-45B6-D349-1F5BFE0380A0}" = ccc-core-preinstall
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E343CA30-9714-FA47-1D4F-D874B82D2404}" = Catalyst Control Center Graphics Light
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"All ATI Software" = ATI - Software Uninstall Utility
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG Free 9.0
"Caesar 3" = Caesar 3
"CCleaner" = CCleaner
"Chicken Invaders" = Chicken Invaders (remove only)
"Enable S3 for USB Device" = Enable S3 for USB Device
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"JEOPARDY!" = JEOPARDY! (remove only)
"Lexmark Z600 Series" = Lexmark Z600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nLite_is1" = nLite 1.4.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"oggcodecs" = oggcodecs 0.71.0946
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PokerStars" = PokerStars
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TestPokerStars.com" = TestPokerStars.com
"V CAST Music with Rhapsody" = V CAST Music with Rhapsody
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-1500820517-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/25/2010 3:15:58 PM | Computer Name = DANIEL-70DB0853 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18904, fault address 0x00331b8a.

Error - 7/20/2010 6:42:57 AM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 7/20/2010 6:42:57 AM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 7/27/2010 6:21:11 PM | Computer Name = DANIEL-70DB0853 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041F from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 7/27/2010 11:42:23 PM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/27/2010 11:42:23 PM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/27/2010 11:42:38 PM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 7/27/2010 11:42:38 PM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 7/27/2010 11:42:38 PM | Computer Name = DANIEL-70DB0853 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 7/30/2010 10:01:04 AM | Computer Name = DANIEL-70DB0853 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 7/30/2010 10:07:44 AM | Computer Name = DANIEL-70DB0853 | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 7/30/2010 10:07:44 AM | Computer Name = DANIEL-70DB0853 | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 7/30/2010 10:07:44 AM | Computer Name = DANIEL-70DB0853 | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 7/30/2010 10:07:44 AM | Computer Name = DANIEL-70DB0853 | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 7/30/2010 10:07:46 AM | Computer Name = DANIEL-70DB0853 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/30/2010 10:07:56 AM | Computer Name = DANIEL-70DB0853 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 7/30/2010 10:07:56 AM | Computer Name = DANIEL-70DB0853 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 7/30/2010 10:07:56 AM | Computer Name = DANIEL-70DB0853 | Source = DCOM | ID = 10005
Description = DCOM got error "%1055" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 7/30/2010 10:08:05 AM | Computer Name = DANIEL-70DB0853 | Source = ati2mtag | ID = 45062
Description = CRT invalid display type

Error - 7/30/2010 10:58:36 AM | Computer Name = DANIEL-70DB0853 | Source = Service Control Manager | ID = 7034
Description = The MD Simple Burner Service service terminated unexpectedly. It
has done this 1 time(s).


< End of report >

Edited by CheckersMcGavern, 30 July 2010 - 10:28 AM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 31 July 2010 - 08:40 AM

Hi,

please try running gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 31 July 2010 - 12:43 PM

Finally finished the scan. For some reason the computer decided it wanted to restart after it finished, though. Mom says the computer has restarted on her twice today for seemingly no reason at all...

------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-31 13:37:08
Windows 5.1.2600 Service Pack 3
Running: di4zslb2.exe; Driver: E:\DOCUME~1\DANIEL~1\LOCALS~1\Temp\kwpyyfog.sys


---- Kernel code sections - GMER 1.0.15 ----

? xqkfsn.sys The system cannot find the file specified. !
init E:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF650E870]
.text E:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF5DFA000, 0x17C940, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \FileSystem\Fastfat \Fat SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAF 0x71 0xB1 0x2F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAF 0x71 0xB1 0x2F ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAF 0x71 0xB1 0x2F ...

---- EOF - GMER 1.0.15 ----


#10 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 31 July 2010 - 05:20 PM

For the love of God, the fake program is back!

I managed to use rkill to stop it from preventing my antivirus programs from running, but the fact that it's back worries me greatly.
I don't understand how this could happen. Unless we didn't get rid of it completely with the other programs...

*sigh*

This is really frustrating. I've had so much trouble with this machine in the last several months. I've cleaned it and cleaned it and cleaned it.


#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 31 July 2010 - 05:41 PM

Hi,

please run ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#12 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 31 July 2010 - 07:37 PM

ComboFix 10-07-31.01 - Daniel Bright 07/31/2010 20:26:58.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.459 [GMT -4:00]
Running from: e:\documents and settings\Daniel Bright\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

e:\documents and settings\Daniel Bright\Local Settings\Application Data\angowlifq
e:\documents and settings\Daniel Bright\Local Settings\Application Data\angowlifq\tcbsqfdtssd.exe

.
((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-31 22:07 . 2010-07-31 22:07 503808 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\msvcp71.dll
2010-07-31 22:07 . 2010-07-31 22:07 499712 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\jmc.dll
2010-07-31 22:07 . 2010-07-31 22:07 348160 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\msvcr71.dll
2010-07-31 22:07 . 2010-07-31 22:07 61440 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-280dc528-n\decora-sse.dll
2010-07-31 22:07 . 2010-07-31 22:07 12800 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-280dc528-n\decora-d3d.dll
2010-07-31 22:06 . 2010-07-17 09:00 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-28 01:16 . 2010-07-28 01:16 -------- d-----w- E:\_OTL
2010-07-27 22:39 . 2010-07-27 22:39 243024 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-24 03:17 . 2010-07-25 01:53 -------- d-----w- e:\program files\PokerStars.NET
2010-07-17 12:05 . 2010-07-17 12:05 216200 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-17 12:05 . 2010-07-17 12:05 12536 ----a-w- e:\windows\system32\avgrsstx.dll
2010-07-17 12:03 . 2010-07-17 12:03 813336 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-17 12:03 . 2010-07-17 12:03 624920 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-17 12:03 . 2010-07-17 12:03 1690464 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-17 12:03 . 2010-07-17 12:03 1038688 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-31 23:50 . 2007-10-28 16:53 292 ----a-w- e:\windows\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
2010-07-31 23:50 . 2007-10-28 16:53 292 ----a-w- e:\windows\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
2010-07-31 22:49 . 2010-06-14 23:23 0 ----a-w- e:\documents and settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
2010-07-31 22:07 . 2008-02-12 14:23 -------- d-----w- e:\program files\Common Files\Java
2010-07-31 22:06 . 2008-02-12 14:23 -------- d-----w- e:\program files\Java
2010-07-31 19:43 . 2008-08-16 13:50 -------- d-----w- e:\program files\PokerStars
2010-07-31 14:16 . 2008-08-27 20:43 -------- d-----w- e:\program files\PokerStars.TEST
2010-07-31 03:09 . 2008-03-13 01:30 -------- d-----w- e:\documents and settings\All Users\Application Data\Google Updater
2010-07-30 15:34 . 2010-03-21 16:52 -------- d-----w- e:\program files\CCleaner
2010-07-27 22:39 . 2008-08-02 17:50 243024 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:04 . 2008-08-02 17:50 216400 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-07-03 23:12 . 2009-02-21 18:06 43520 ----a-w- e:\windows\system32\CmdLineExt03.dll
2010-06-20 04:18 . 2010-06-20 04:18 -------- d-----w- e:\documents and settings\All Users\Application Data\LogiShrd
2010-06-20 04:18 . 2010-06-20 04:18 -------- d-----w- e:\documents and settings\Daniel Bright\Application Data\Logitech
2010-06-20 04:18 . 2010-06-20 04:16 -------- d-----w- e:\program files\Common Files\Logishrd
2010-06-20 04:17 . 2010-06-20 04:17 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-20 04:17 . 2010-06-20 04:17 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- e:\documents and settings\All Users\Application Data\Logitech
2010-06-20 04:16 . 2007-10-27 15:40 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- e:\program files\Logitech
2010-06-11 15:34 . 2010-02-11 22:18 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-06-04 10:43 . 2009-10-10 19:13 -------- d-----w- e:\program files\Microsoft Silverlight
2010-06-03 12:19 . 2007-11-10 16:28 29584 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2010-05-21 22:57 . 2010-05-21 22:57 14012 ---ha-w- e:\windows\system32\mlfcache.dat
2010-05-19 11:09 . 2010-05-19 11:09 1767968 ----a-w- e:\program files\PA_DRIVER.EXE
2010-05-19 11:06 . 2010-05-19 11:06 2289828 ----a-w- e:\program files\UPDATE_MDSB2001U.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="e:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"Messenger (Yahoo!)"="e:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"CTSysVol"="e:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="e:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="e:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-20 813584]
ymetray.lnk - e:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:05 12536 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- e:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\WINDOWS\\system32\\sessmgr.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 iteraid;ITERAID_Service_Install;e:\windows\system32\drivers\iteraid.sys [10/27/2007 11:51 AM 21851]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;e:\windows\system32\drivers\SI3112r.sys [10/27/2007 11:44 AM 89610]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [8/2/2008 1:50 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [8/2/2008 1:50 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;e:\program files\AVG\AVG9\avgemc.exe [7/27/2010 6:39 PM 921952]
R2 avg9wd;AVG Free WatchDog;e:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 8:05 AM 308136]
R2 LBeepKE;LBeepKE;e:\windows\system32\drivers\LBeepKE.sys [6/20/2010 12:17 AM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [11/29/2007 9:06 PM 24652]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [12/27/2007 9:05 PM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-07-31 e:\windows\Tasks\Google Software Updater.job
- e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 04:22]

2010-07-31 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003Core.job
- e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 01:31]

2010-08-01 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003UA.job
- e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 01:31]

2010-07-31 e:\windows\Tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - e:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - e:\program files\PokerStars.TEST\PokerStarsUpdate.exe
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - e:\documents and settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: e:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: e:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: e:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-31 20:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
e:\windows\system32\Ati2evxx.dll
e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
e:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2010-07-31 20:34:39
ComboFix-quarantined-files.txt 2010-08-01 00:34
ComboFix2.txt 2010-06-10 21:51

Pre-Run: 134,896,148,480 bytes free
Post-Run: 134,903,197,696 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
e:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - FE4DE8A13E8D83EA79226FA5FAFD2E70


#13 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 01 August 2010 - 02:13 AM

Hi,

this is looking good. How is the PC doing?

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
DDS::

uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#14 CheckersMcGavern

CheckersMcGavern
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:01:44 PM

Posted 01 August 2010 - 10:20 AM

I haven't seen anything suspicious happen since the fake program came back... but we both know that doesn't mean much. Here's the latest log.
-------------------


ComboFix 10-07-31.04 - Daniel Bright 08/01/2010 11:05:28.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.475 [GMT -4:00]
Running from: e:\documents and settings\Daniel Bright\Desktop\ComboFix.exe
Command switches used :: e:\documents and settings\Daniel Bright\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-31 22:07 . 2010-07-31 22:07 503808 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\msvcp71.dll
2010-07-31 22:07 . 2010-07-31 22:07 499712 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\jmc.dll
2010-07-31 22:07 . 2010-07-31 22:07 348160 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-388deda2-n\msvcr71.dll
2010-07-31 22:07 . 2010-07-31 22:07 61440 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-280dc528-n\decora-sse.dll
2010-07-31 22:07 . 2010-07-31 22:07 12800 ----a-w- e:\documents and settings\Daniel Bright\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-280dc528-n\decora-d3d.dll
2010-07-31 22:06 . 2010-07-17 09:00 423656 ----a-w- e:\windows\system32\deployJava1.dll
2010-07-28 01:16 . 2010-07-28 01:16 -------- d-----w- E:\_OTL
2010-07-27 22:39 . 2010-07-27 22:39 243024 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-24 03:17 . 2010-07-25 01:53 -------- d-----w- e:\program files\PokerStars.NET
2010-07-17 12:05 . 2010-07-17 12:05 216200 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-17 12:05 . 2010-07-17 12:05 12536 ----a-w- e:\windows\system32\avgrsstx.dll
2010-07-17 12:03 . 2010-07-17 12:03 813336 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-17 12:03 . 2010-07-17 12:03 624920 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-17 12:03 . 2010-07-17 12:03 1690464 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-17 12:03 . 2010-07-17 12:03 1038688 ----a-w- e:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 14:04 . 2010-06-14 23:23 0 ----a-w- e:\documents and settings\Daniel Bright\Local Settings\Application Data\prvlcl.dat
2010-08-01 04:10 . 2008-03-13 01:30 -------- d-----w- e:\documents and settings\All Users\Application Data\Google Updater
2010-07-31 23:50 . 2007-10-28 16:53 292 ----a-w- e:\windows\system32\DVCStateBkp-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
2010-07-31 23:50 . 2007-10-28 16:53 292 ----a-w- e:\windows\system32\DVCState-{00000001-00000000-0000000A-00001102-00000004-10071102}.dat
2010-07-31 22:07 . 2008-02-12 14:23 -------- d-----w- e:\program files\Common Files\Java
2010-07-31 22:06 . 2008-02-12 14:23 -------- d-----w- e:\program files\Java
2010-07-31 19:43 . 2008-08-16 13:50 -------- d-----w- e:\program files\PokerStars
2010-07-31 14:16 . 2008-08-27 20:43 -------- d-----w- e:\program files\PokerStars.TEST
2010-07-30 15:34 . 2010-03-21 16:52 -------- d-----w- e:\program files\CCleaner
2010-07-27 22:39 . 2008-08-02 17:50 243024 ----a-w- e:\windows\system32\drivers\avgtdix.sys
2010-07-17 12:04 . 2008-08-02 17:50 216400 ----a-w- e:\windows\system32\drivers\avgldx86.sys
2010-07-03 23:12 . 2009-02-21 18:06 43520 ----a-w- e:\windows\system32\CmdLineExt03.dll
2010-06-20 04:18 . 2010-06-20 04:18 -------- d-----w- e:\documents and settings\All Users\Application Data\LogiShrd
2010-06-20 04:18 . 2010-06-20 04:18 -------- d-----w- e:\documents and settings\Daniel Bright\Application Data\Logitech
2010-06-20 04:18 . 2010-06-20 04:16 -------- d-----w- e:\program files\Common Files\Logishrd
2010-06-20 04:17 . 2010-06-20 04:17 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-20 04:17 . 2010-06-20 04:17 0 ---ha-w- e:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- e:\documents and settings\All Users\Application Data\Logitech
2010-06-20 04:16 . 2007-10-27 15:40 -------- d--h--w- e:\program files\InstallShield Installation Information
2010-06-20 04:16 . 2010-06-20 04:16 -------- d-----w- e:\program files\Logitech
2010-06-11 15:34 . 2010-02-11 22:18 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware
2010-06-04 10:43 . 2009-10-10 19:13 -------- d-----w- e:\program files\Microsoft Silverlight
2010-06-03 12:19 . 2007-11-10 16:28 29584 ----a-w- e:\windows\system32\drivers\avgmfx86.sys
2010-05-21 22:57 . 2010-05-21 22:57 14012 ---ha-w- e:\windows\system32\mlfcache.dat
2010-05-19 11:09 . 2010-05-19 11:09 1767968 ----a-w- e:\program files\PA_DRIVER.EXE
2010-05-19 11:06 . 2010-05-19 11:06 2289828 ----a-w- e:\program files\UPDATE_MDSB2001U.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "e:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="e:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Google Update"="e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"Messenger (Yahoo!)"="e:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
"swg"="e:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-13 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 57344]
"CTSysVol"="e:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 49152]
"CTDVDDet"="e:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 45056]
"CTHelper"="CTHELPER.EXE" [2003-04-10 28672]
"AsioReg"="CTASIO.DLL" [2003-04-11 118784]
"SBDrvDet"="e:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="e:\windows\UpdReg.EXE" [2000-05-11 90112]
"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"AppleSyncNotifier"="e:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="e:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="e:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

e:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\SetPoint.exe [2010-6-20 813584]
ymetray.lnk - e:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-17 12:05 12536 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 16:28 72208 ----a-w- e:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\WINDOWS\\system32\\sessmgr.exe"=
"e:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"e:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"e:\\Program Files\\AIM6\\aim6.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"e:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\Ventrilo\\Ventrilo.exe"=

R0 iteraid;ITERAID_Service_Install;e:\windows\system32\drivers\iteraid.sys [10/27/2007 11:51 AM 21851]
R0 SI3112r;Silicon Image SiI 3512 SATARaid Controller;e:\windows\system32\drivers\SI3112r.sys [10/27/2007 11:44 AM 89610]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [8/2/2008 1:50 PM 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [8/2/2008 1:50 PM 243024]
R2 avg9emc;AVG Free E-mail Scanner;e:\program files\AVG\AVG9\avgemc.exe [7/27/2010 6:39 PM 921952]
R2 avg9wd;AVG Free WatchDog;e:\program files\AVG\AVG9\avgwdsvc.exe [7/17/2010 8:05 AM 308136]
R2 LBeepKE;LBeepKE;e:\windows\system32\drivers\LBeepKE.sys [6/20/2010 12:17 AM 10384]
R2 Viewpoint Manager Service;Viewpoint Manager Service;e:\program files\Viewpoint\Common\ViewpointService.exe [11/29/2007 9:06 PM 24652]
S4 sptd;sptd;e:\windows\system32\drivers\sptd.sys [12/27/2007 9:05 PM 715248]
.
Contents of the 'Scheduled Tasks' folder

2010-07-28 e:\windows\Tasks\AppleSoftwareUpdate.job
- e:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-08-01 e:\windows\Tasks\Google Software Updater.job
- e:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-13 04:22]

2010-07-31 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003Core.job
- e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 01:31]

2010-08-01 e:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1500820517-725345543-1003UA.job
- e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 01:31]

2010-08-01 e:\windows\Tasks\User_Feed_Synchronization-{DA8277CF-BDF2-4FB2-AE41-259844296522}.job
- e:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &AIM Toolbar Search - e:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: {{809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - e:\program files\PokerStars.TEST\PokerStarsUpdate.exe
Trusted Zone: aol.com\free
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
FF - ProfilePath - e:\documents and settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb&type=yahoo_avg_hs2-tb-web_us&p=
FF - prefs.js: network.proxy.type - 4
FF - component: e:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: e:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: e:\documents and settings\Daniel Bright\Application Data\Mozilla\Firefox\Profiles\9pykbd9d.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: e:\documents and settings\Daniel Bright\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: e:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: e:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: e:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: e:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - e:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
e:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
e:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
e:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
e:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 11:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
e:\windows\system32\Ati2evxx.dll
e:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
e:\program files\common files\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1436)
e:\windows\system32\WININET.dll
e:\program files\Logitech\SetPoint\IMHook.dll
e:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
e:\program files\Logitech\SetPoint\lgscroll.dll
e:\windows\system32\ieframe.dll
e:\windows\system32\webcheck.dll
e:\windows\system32\WPDShServiceObj.dll
e:\windows\system32\PortableDeviceTypes.dll
e:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-01 11:16:06
ComboFix-quarantined-files.txt 2010-08-01 15:15
ComboFix2.txt 2010-08-01 00:34
ComboFix3.txt 2010-06-10 21:51

Pre-Run: 134,917,902,336 bytes free
Post-Run: 134,897,500,160 bytes free

- - End Of File - - 3326363818C038BC58D9F8176DCD9966


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:08:44 PM

Posted 04 August 2010 - 04:36 PM

Hi,

indeed. However the logs look promising, how is the PC doing?

To check for leftovers please run an online scan:
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users