Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RON Tool Agadoo and Log


  • This topic is locked This topic is locked
24 replies to this topic

#1 Rtvanderam

Rtvanderam

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 11 August 2010 - 07:08 PM

Hi,

If anybody could help me with this it would be so much appreciated,

Recently, my pc has been loosing Hard Drive Disk space (Free Space) continuously, i.e it has been loosing about 100 mb every 2 or so minutes, non stop,

my Hard Drive (my internal pc hard drive) is 40GB, but it's Free Space is currently at about 4gb (though this is only because i had to delete loads of my large files, such as videos and large programs etc, because before that, my HDD's Free Space had gone down to about 24mb as a result of the continuous loss of HDD space)

I found RON Tool Agadoo in Add/Remove Progams, at pretty much the same time that i noticed this was happening to the HD, and also a program called Carbonite, which i'm not sure what that is, but i have heard other people have had problems with RON Tool Agadoo.

I tried to uninstall RON Tool Agadoo on Add/Remove Programs, but it came up with a message saying something like "if you remove this then your pc won't run as before", but i chose to remove it anyway, however, it then came up with a box where you had to enter a code in order to remove RON Tool Agadoo, so i couldn't remove it, but after clicking uninstall many times it seemed to eventually disapear from the Add/Remove window, but there was no uninstall process that followed, so i'm not sure if it is still on my pc but hidden somewhere and has left malware somewhere on my pc or something to that extent.

I used ComboFix about a day ago, and i'm not sure if it fixed the problem or got rid of the malware or whatever is causing the problem - well i don't think it did because the same problem is still happening with my HDD -

but i have a Log from ComboFix after it did a scan and restarted the pc,

here is the log, and the quarantined files below it,









ComboFix 10-08-10.03 - Owner 11/08/2010 5:52.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.57 [GMT 1:00]
Running from: c:\documents and settings\Owner\My Documents\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Application Data\gadcom
c:\documents and settings\Owner\Application Data\IUpd721
c:\documents and settings\Owner\Application Data\IUpd721\Logs\scns.log
c:\documents and settings\Owner\Application Data\NI.GSCNS
c:\documents and settings\Owner\Application Data\NI.GSCNS\dl.ini
c:\documents and settings\Owner\Application Data\NI.GSCNS\settings.ini
c:\documents and settings\Owner\Recent\MIDI TO MP3 1.0 DEMO.url
c:\program files\Mjcore
c:\temp\1cb
c:\temp\1cb\syscheck.log
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\system32\ex
c:\windows\system32\mcrh.tmp
c:\windows\system32\wvyyaGgh.ini
c:\windows\system32\wvyyaGgh.ini2

.
((((((((((((((((((((((((( Files Created from 2010-07-11 to 2010-08-11 )))))))))))))))))))))))))))))))
.

2010-08-11 02:29 . 2010-01-27 12:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-11 02:29 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-11 02:29 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-08-11 02:29 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-11 02:29 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-11 02:29 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-11 02:25 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-11 02:25 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-11 02:25 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-11 02:24 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-11 02:23 . 2010-08-11 03:42 -------- d-----w- c:\program files\Spyware Doctor
2010-08-11 02:23 . 2010-08-11 02:25 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-10 13:17 . 2010-08-10 13:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-08-10 13:17 . 2010-08-10 22:49 -------- d-----w- c:\program files\Carbonite
2010-08-10 12:34 . 2010-08-10 12:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-08-08 14:23 . 2009-12-16 02:30 65776 ----a-w- c:\windows\UnDeploy.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-11 04:00 . 2008-05-31 16:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-10 22:49 . 2008-11-10 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-10 11:32 . 2008-05-20 00:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 11:01 . 2008-11-10 14:52 -------- d-----w- c:\program files\Norton SystemWorks Premier
2010-07-31 01:33 . 2008-07-21 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-29 22:41 . 2008-11-10 02:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-15 13:45 . 2010-07-15 13:45 187128 ----a-w- c:\documents and settings\Owner\Application Data\Virgin Broadband\advisor\downloads\VirginDetectionScriptsBundle.41.zip.dir\tools\NetworkFinder.signed.exe
2010-06-14 14:31 . 2008-05-19 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-10 22:33 . 2010-06-10 22:33 784 ----a-w- c:\documents and settings\Owner\Application Data\mpauth.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-06-15 86016]
"EPSON Stylus C82 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-03 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-09 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks Premier\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 2037088]
"First Principle Group"="c:\program files\First Principle Group\fpg.exe" [2007-08-15 1802240]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"AVG8_TRAY"="c:\progra~1\AVG\AVGLS\avgtray.exe" [2010-02-09 1950488]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-03-16 300992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Seagate 2GE6SQF3 Product Registration.lnk - c:\documents and settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GE6SQF3 Product Registration.exe [2010-8-10 1731736]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-5-20 169472]
Norton GoBack.lnk - c:\program files\Norton SystemWorks Premier\Norton GoBack\GBTray.exe [2006-7-19 861872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-3-25 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=xgusb.cpl
"midi5"=xgusb.cpl
"midi6"=xgusb.cpl
"midi7"=xgusb.cpl
"midi8"=xgusb.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Anyplace Control 4\\apc_host.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVGLS\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVGLS\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10374:TCP"= 10374:TCP:BitComet 10374 TCP
"10374:UDP"= 10374:UDP:BitComet 10374 UDP

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/08/2010 03:25 218592]
R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/02/2010 06:49 253576]
R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/02/2010 06:49 108296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/08/2010 20:38 102448]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys --> c:\windows\system32\Drivers\athwpn.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 21:55 23888]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [06/09/2009 15:48 42432]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [20/05/2008 00:46 17149]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/11/2008 02:46 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2010-08-09 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2010-08-09 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Premier\OBC.exe [2007-09-18 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: amaena.com
Trusted Zone: antispyexpert.com
Trusted Zone: avsystemcare.com
Trusted Zone: imageservr.com
Trusted Zone: imagesrvr.com
Trusted Zone: onerateld.com
Trusted Zone: safetydownload.com
Trusted Zone: spyguardpro.com
Trusted Zone: storageguardsoft.com
Trusted Zone: trustedantivirus.com
Trusted Zone: virusremover2008.com
Trusted Zone: virusschlacht.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7bgre7z4.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{68E9E6D2-E138-FAD2-D7AB-D6E521543C69} - (no file)
BHO-{a52b554f-b825-452c-aea9-e9193cc9b77d} - (no file)
HKCU-Run-WebCamRT.exe - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-11 06:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1248)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2010-08-11 06:46:58
ComboFix-quarantined-files.txt 2010-08-11 05:46

Pre-Run: 674,590,720 bytes free
Post-Run: 6,133,133,312 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 9CA6B61EE0E06983E6E3FE7D980D0FB3

















Quarantined Files - Qoobox



2010-08-11 05:42:22 . 2010-08-11 05:42:23 98 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-WebCamRT.exe.reg.dat
2010-08-11 05:42:15 . 2010-08-11 05:42:15 201 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{a52b554f-b825-452c-aea9-e9193cc9b77d}.reg.dat
2010-08-11 05:42:14 . 2010-08-11 05:42:14 186 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{68E9E6D2-E138-FAD2-D7AB-D6E521543C69}.reg.dat
2010-08-11 05:07:50 . 2010-08-11 05:07:50 3,630 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-08-11 03:59:18 . 2010-08-11 03:59:21 51 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-01-17 13:11:45 . 2009-01-17 13:11:45 53 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Recent\MIDI TO MP3 1.0 DEMO.url.vir
2008-11-25 16:45:57 . 2008-11-25 16:45:57 143 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\mcrh.tmp.vir
2008-11-24 00:26:45 . 2008-11-25 14:21:44 6,517 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\IUpd721\Logs\scns.log.vir
2008-11-24 00:26:45 . 2008-11-25 18:39:43 751,176 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wvyyaGgh.ini2.vir
2008-11-24 00:26:45 . 2008-11-25 18:41:57 751,176 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wvyyaGgh.ini.vir
2008-11-24 00:21:44 . 2008-11-24 00:21:44 1,858 -c--a-w- C:\Qoobox\Quarantine\C\Temp\FT62\teTU.log.vir
2008-11-24 00:21:22 . 2008-11-24 00:21:33 222 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\NI.GSCNS\dl.ini.vir
2008-11-24 00:21:22 . 2008-11-24 00:28:43 23 -c--a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\NI.GSCNS\settings.ini.vir
2008-07-05 23:56:54 . 2008-07-05 23:56:54 49,375 -c--a-w- C:\Qoobox\Quarantine\C\Temp\1cb\syscheck.log.vir











BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 13 August 2010 - 11:50 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

***************************************************

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.log" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and copy/paste its contents in your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try unchecking the Devices box in addition to the others previously requested. Also, try running GMER in Safe Mode.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt
Gmer.log

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#3 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 August 2010 - 08:55 PM

Hi Blade,

Just to say thanks a lot for your help, here is first of all the OTL.Txt,

OTL.Txt -


OTL logfile created on: 15/08/2010 05:08:22 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)

511.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.04 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/15 03:44:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
PRC - [2010/07/12 09:55:38 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/07/12 09:55:38 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/04/29 15:39:32 | 000,437,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/02/09 06:49:04 | 000,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgnsx.exe
PRC - [2010/02/09 06:48:53 | 001,950,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgtray.exe
PRC - [2010/02/09 06:48:44 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe
PRC - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009/05/19 19:10:18 | 000,112,128 | ---- | M] () -- C:\WINDOWS\svcadmin.exe
PRC - [2008/11/20 22:03:28 | 003,581,736 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2008/11/10 16:08:40 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
PRC - [2008/06/10 05:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/06/03 19:48:41 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008/05/07 17:12:54 | 003,425,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
PRC - [2008/05/07 17:12:54 | 002,037,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
PRC - [2008/04/14 01:12:36 | 000,131,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndrec32.exe
PRC - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/18 16:25:45 | 000,181,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe
PRC - [2007/08/23 21:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/15 16:23:20 | 001,802,240 | ---- | M] (First Principle Group) -- C:\Program Files\First Principle Group\fpg.exe
PRC - [2006/07/19 12:45:12 | 000,861,872 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBTray.exe
PRC - [2006/07/19 12:45:12 | 000,595,632 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBPoll.exe
PRC - [2005/11/04 04:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE
PRC - [2002/08/29 13:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe
PRC - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
PRC - [2002/04/10 16:44:04 | 000,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2001/07/11 08:59:00 | 001,077,248 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\NMSSvc.Exe


========== Modules (SafeList) ==========

MOD - [2010/08/15 03:44:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/07/12 09:55:38 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/29 15:39:34 | 000,304,464 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/09 06:48:44 | 000,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVGLS\avgwdsvc.exe -- (avg8wd)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/01/22 08:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/05/19 19:10:18 | 000,112,128 | ---- | M] () [Auto | Running] -- C:\WINDOWS\svcadmin.exe -- (Anyplace Control Security)
SRV - [2008/11/10 16:08:40 | 001,251,720 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/10/17 16:52:10 | 000,149,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/05/07 17:12:54 | 003,425,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe -- (Norton Save and Restore)
SRV - [2008/04/14 01:12:36 | 000,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2007/09/18 16:25:45 | 000,181,672 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)
SRV - [2007/08/23 21:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 21:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2006/07/19 12:45:12 | 000,595,632 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBPoll.exe -- (GBPoll)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/11/04 04:08:02 | 000,095,832 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks Premier\Norton Utilities\NPROTECT.EXE -- (NProtectService)
SRV - [2002/08/29 13:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2002/07/17 02:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2002/01/29 13:33:14 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2001/07/11 08:59:00 | 001,077,248 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\WPN111.sys -- (WPN111)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\athwpn.sys -- (ATHFMWDL)
DRV - [2010/07/15 09:00:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100814.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 09:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 09:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:00:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100814.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/07/12 09:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/23 20:37:11 | 000,264,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20100810.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/02/09 06:49:48 | 000,253,576 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/09 06:49:47 | 000,108,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2009/02/19 12:31:42 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2009/02/19 12:31:16 | 000,184,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/02/19 12:31:16 | 000,096,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/02/19 12:31:16 | 000,038,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/02/19 12:31:16 | 000,037,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/02/19 12:31:16 | 000,022,320 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/02/19 12:31:16 | 000,013,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/01/09 01:52:10 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/11/10 02:46:39 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/09/05 15:31:42 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/05/22 23:22:16 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/05/22 23:22:16 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/05/20 00:47:23 | 000,015,890 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2008/05/07 16:59:20 | 000,137,952 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/01 00:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 00:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 00:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/07 12:25:14 | 000,018,048 | ---- | M] (Yamaha Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ymidusb.sys -- (YMIDUSB)
DRV - [2007/06/27 19:53:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/06/27 19:33:48 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2007/06/27 19:31:26 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2006/10/10 14:17:57 | 000,081,780 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NPDRIVER.SYS -- (NPDriver)
DRV - [2006/07/19 12:45:12 | 000,117,760 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GoBack2k.sys -- (GoBack2K)
DRV - [2006/07/19 12:45:12 | 000,015,360 | R--- | M] (Symantec Corporation) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\GBFSHook.sys -- (GBFSHook)
DRV - [2006/07/19 12:45:12 | 000,005,632 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GBDevice.sys -- (GBDevice)
DRV - [2005/11/04 03:43:42 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SdDriver.SYS -- (SDdriver)
DRV - [2005/06/15 16:20:00 | 003,200,256 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/08/04 06:41:35 | 000,606,684 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/07/24 12:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)
DRV - [2002/09/20 15:15:42 | 000,472,396 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2002/08/29 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2002/08/29 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2002/04/10 17:01:12 | 000,024,554 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/04/10 17:01:00 | 000,029,638 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/04/10 17:00:44 | 000,117,898 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/04/10 16:48:04 | 000,236,032 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/04/10 16:45:16 | 000,206,336 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/02/28 17:23:30 | 000,088,592 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1000nt5.sys -- (E1000) Intel®
DRV - [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:11:02 | 000,153,631 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90xnd5.sys -- (EL90X)
DRV - [2001/08/17 12:17:44 | 000,042,432 | ---- | M] (Digi International, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\digirlpt.sys -- (DIGIRPS)
DRV - [2001/07/11 08:59:16 | 000,009,644 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NMSCFG.SYS -- (NMSCFG)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.msn.com/spbasic.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1844237615-854245398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/02/11 17:40:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVGLS\Firefox [2010/02/09 09:06:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVGLS\Toolbar\Firefox\avg@igeared [2010/02/09 06:49:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/04/23 06:29:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/31 19:13:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/19 04:02:18 | 000,000,000 | ---D | M]

[2009/07/31 19:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/07/31 19:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/31 19:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\7bgre7z4.default\extensions
[2010/04/23 06:32:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/31 19:09:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/23 06:32:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/07/15 21:30:53 | 000,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009/07/15 21:30:54 | 000,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/23 06:29:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/09/28 18:53:46 | 000,717,312 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2007/09/28 18:54:22 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/07/15 21:30:55 | 000,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010/01/25 11:01:22 | 000,031,936 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
[2009/07/15 19:10:00 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/07/15 19:10:00 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009/09/02 03:27:08 | 000,002,295 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009/07/15 19:10:00 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/07/15 19:10:00 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009/07/15 19:10:00 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009/07/15 19:10:00 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

O1 HOSTS File: ([2010/08/11 06:34:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVGLS\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVGLS\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVGLS\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [B2C_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [Broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON Stylus C82 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [First Principle Group] C:\Program Files\First Principle Group\fpg.exe (First Principle Group)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Norton Save and Restore 2.0] C:\Program Files\Norton Save and Restore\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NSWosCheck] C:\Program Files\Norton SystemWorks Premier\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton AntiVirus\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-854245398-682003330-1003..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1844237615-854245398-682003330-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1844237615-854245398-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1844237615-854245398-682003330-1003..\Run: [V Stuff Backup] C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe (Steek)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk = C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBTray.exe (Symantec Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Seagate 2GE6SQF3 Product Registration.lnk = C:\Documents and Settings\Owner\Application Data\Leadertech\PowerRegister\Seagate 2GE6SQF3 Product Registration.exe (Leader Technologies/Seagate)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk ()
O9 - Extra 'Tools' menuitem : Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks Premier\Norton Cleanup\WCQuick.lnk ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..Trusted Domains: antispyexpert.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1844237615-854245398-682003330-1003\..Trusted Domains: imageservr.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} https://plugins.valueactive.eu/flashax/iefax.cab (Flash Casino Helper Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVGLS\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/05/20 00:26:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 03:36:38 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
[2010/08/15 00:47:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/15 00:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010/08/15 00:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/14 23:48:34 | 009,242,584 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpywarePro-1.exe
[2010/08/14 23:33:22 | 009,242,584 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpywarePro.exe
[2010/08/14 12:40:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2010/08/14 11:56:50 | 000,610,800 | ---- | C] (Duplex Secure Ltd.) -- C:\Documents and Settings\Owner\My Documents\SPTDinst-v172-x86.exe
[2010/08/14 11:49:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/14 11:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/14 11:49:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/14 11:49:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 11:45:24 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/08/13 11:00:30 | 036,600,008 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\My Documents\sdasetup.exe
[2010/08/13 04:41:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 254
[2010/08/13 04:32:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 253
[2010/08/13 02:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\OneNote Notebooks
[2010/08/11 23:38:01 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/11 23:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Sunbelt Software
[2010/08/11 23:29:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/11 23:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/11 23:23:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/11 07:18:49 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/08/11 07:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/08/11 07:07:16 | 011,862,384 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\mssefullinstall-x86fre-en-us-xp.exe
[2010/08/11 06:54:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2010/08/11 05:44:52 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/11 05:04:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/11 05:04:17 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/11 05:04:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/11 05:04:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/11 04:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/11 04:49:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/11 03:48:25 | 128,750,008 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Owner\My Documents\Ad-AwareInstall.exe
[2010/08/11 03:29:14 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010/08/11 03:29:13 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010/08/11 03:29:13 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010/08/11 03:25:47 | 000,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010/08/11 03:25:01 | 000,218,592 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010/08/11 03:25:01 | 000,088,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010/08/11 03:24:27 | 000,063,360 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010/08/11 03:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/08/11 03:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/08/11 03:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010/08/11 03:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/08/11 03:19:52 | 036,598,544 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Owner\My Documents\sdsetup.exe
[2010/08/10 19:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Copy of New Funk Song 226
[2010/08/10 14:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Downloaded Installations
[2010/08/10 14:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/08/10 13:34:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/08/09 21:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 252
[2010/08/09 21:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 251
[2010/08/09 21:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 250
[2010/08/08 15:23:38 | 000,065,776 | ---- | C] (JGsoft - Just Great Software) -- C:\WINDOWS\UnDeploy.exe
[2010/08/07 16:54:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 249
[2010/08/07 10:45:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 248
[2010/08/06 00:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 247
[2010/08/05 14:39:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 246
[2010/08/05 14:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 245
[2010/08/05 14:20:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 244
[2010/08/05 13:55:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 243
[2010/08/05 11:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 242
[2010/08/04 22:05:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 241
[2010/08/03 20:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 41
[2010/08/03 20:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 240
[2010/08/03 19:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 239
[2010/08/03 12:26:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Funk Song 238
[2010/07/30 19:54:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\LG phone - k910i - j f
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 14:11:57 | 000,000,254 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/08/15 13:51:48 | 000,180,224 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 03:44:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\OTL.exe
[2010/08/15 01:57:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/15 00:13:03 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Professional.lnk
[2010/08/14 23:48:44 | 009,242,584 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpywarePro-1.exe
[2010/08/14 23:38:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/14 23:36:12 | 009,242,584 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Owner\My Documents\SUPERAntiSpywarePro.exe
[2010/08/14 15:37:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\gesg.sys
[2010/08/14 12:16:01 | 000,000,000 | ---- | M] () -- C:\data.cph
[2010/08/14 12:11:02 | 000,026,682 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/14 12:06:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/14 12:03:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/14 12:00:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/08/14 12:00:07 | 019,136,512 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/08/14 11:56:51 | 000,610,800 | ---- | M] (Duplex Secure Ltd.) -- C:\Documents and Settings\Owner\My Documents\SPTDinst-v172-x86.exe
[2010/08/14 11:47:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\My Documents\mbam-setup-1.46.exe
[2010/08/14 03:07:42 | 014,508,542 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2.wav
[2010/08/14 03:07:02 | 007,103,994 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1.wav
[2010/08/13 19:18:16 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/08/13 18:50:35 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 18:47:54 | 000,302,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/13 11:06:19 | 036,600,008 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\My Documents\sdasetup.exe
[2010/08/13 05:25:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/13 04:47:16 | 008,147,658 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 4.wav
[2010/08/13 04:45:10 | 006,944,698 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 3.wav
[2010/08/13 04:39:02 | 005,850,318 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 2.wav
[2010/08/13 04:38:22 | 005,292,058 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 1.wav
[2010/08/13 04:28:50 | 000,524,008 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/13 04:28:50 | 000,457,782 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/13 04:28:50 | 000,076,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/13 04:21:16 | 013,383,646 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\5 nwst shr 5 p1 i 2.wav
[2010/08/13 04:20:27 | 015,436,378 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\5 nwst shr 5 p1 i 1.wav
[2010/08/12 15:26:11 | 022,828,058 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\4 nwst shr 4 p1 i 1.wav
[2010/08/12 15:25:10 | 000,458,538 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\3 nwst shr 3 p1 i 1.wav
[2010/08/12 15:24:41 | 017,694,750 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2 nwst shr 2 p1 i 1.wav
[2010/08/12 15:22:29 | 009,366,514 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\1 nwst shr 1 p1 i 1.wav
[2010/08/11 23:29:17 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/11 23:29:17 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/11 18:08:54 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/11 07:10:27 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/11 07:07:37 | 011,862,384 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\My Documents\mssefullinstall-x86fre-en-us-xp.exe
[2010/08/11 06:35:15 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/11 06:34:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/11 05:45:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/11 04:49:01 | 003,818,385 | R--- | M] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2010/08/11 03:50:38 | 128,750,008 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Owner\My Documents\Ad-AwareInstall.exe
[2010/08/11 03:21:44 | 036,598,544 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Owner\My Documents\sdsetup.exe
[2010/08/10 13:51:12 | 000,001,315 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Seagate 2GE6SQF3 Product Registration.lnk
[2010/08/10 00:56:03 | 000,035,204 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430921096292_665306292_5919077_2812311_n - edited 1 - cropped - etc -.jpg
[2010/08/09 20:06:25 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Owner.job
[2010/08/09 13:19:26 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job
[2010/08/08 18:02:05 | 003,563,178 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bleep 3 p1 a inst bleep.wav
[2010/08/08 17:58:43 | 009,783,206 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bleep 2 p1 i1 wtvr.wav
[2010/08/08 17:57:13 | 009,223,338 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bleep 1 p1 i2 wtvr.wav
[2010/08/08 17:56:11 | 012,393,538 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bleep sng 1 p1 i1 wtvr.wav
[2010/08/08 15:42:05 | 044,304,240 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\V250110_21.070001.AVI
[2010/08/08 15:39:11 | 000,954,224 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\V180110_11.320001.AVI
[2010/08/08 15:35:59 | 000,065,737 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430928386292_665306292_5919601_1552814_n.jpg
[2010/08/08 15:17:36 | 000,037,791 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430927351292_665306292_5919486_677175_n.jpg
[2010/08/08 15:15:19 | 000,037,225 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430927221292_665306292_5919472_2824499_n.jpg
[2010/08/08 15:14:11 | 000,033,972 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430927211292_665306292_5919471_5897574_n.jpg
[2010/08/08 15:09:43 | 000,071,633 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\30179_430921096292_665306292_5919077_2812311_n.jpg
[2010/07/27 07:30:35 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 00:13:00 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SUPERAntiSpyware Professional.lnk
[2010/08/14 15:37:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\gesg.sys
[2010/08/14 03:07:19 | 014,508,542 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2.wav
[2010/08/14 03:06:48 | 007,103,994 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1.wav
[2010/08/13 04:47:06 | 008,147,658 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 4.wav
[2010/08/13 04:44:58 | 006,944,698 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 3.wav
[2010/08/13 04:38:51 | 005,850,318 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 2.wav
[2010/08/13 04:38:16 | 005,292,058 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 1.wav
[2010/08/13 04:21:09 | 013,383,646 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\5 nwst shr 5 p1 i 2.wav
[2010/08/13 04:20:01 | 015,436,378 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\5 nwst shr 5 p1 i 1.wav
[2010/08/13 02:35:29 | 000,000,947 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2010/08/12 15:25:49 | 022,828,058 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\4 nwst shr 4 p1 i 1.wav
[2010/08/12 15:25:09 | 000,458,538 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\3 nwst shr 3 p1 i 1.wav
[2010/08/12 15:24:22 | 017,694,750 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\2 nwst shr 2 p1 i 1.wav
[2010/08/12 15:22:17 | 009,366,514 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\1 nwst shr 1 p1 i 1.wav
[2010/08/12 11:56:01 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/11 23:39:53 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/11 23:29:17 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/11 23:29:17 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/08/11 07:16:30 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/11 07:10:27 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/08/11 05:45:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/11 05:45:01 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/11 05:04:22 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/11 05:04:17 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/11 05:04:16 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/11 05:04:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/11 05:04:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/11 04:45:34 | 003,818,385 | R--- | C] () -- C:\Documents and Settings\Owner\My Documents\ComboFix.exe
[2010/08/11 03:29:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010/08/11 03:29:14 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010/08/11 03:29:14 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010/08/11 03:29:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010/08/11 03:29:13 | 001,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010/08/11 03:25:47 | 000,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010/08/11 03:25:01 | 000,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010/08/11 03:25:01 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010/08/11 03:24:27 | 000,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010/08/10 13:41:57 | 000,001,315 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Seagate 2GE6SQF3 Product Registration.lnk
[2010/08/10 00:55:47 | 000,035,204 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430921096292_665306292_5919077_2812311_n - edited 1 - cropped - etc -.jpg
[2010/08/08 18:01:58 | 003,563,178 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bleep 3 p1 a inst bleep.wav
[2010/08/08 17:57:52 | 009,783,206 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bleep 2 p1 i1 wtvr.wav
[2010/08/08 17:56:40 | 009,223,338 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bleep 1 p1 i2 wtvr.wav
[2010/08/08 17:55:33 | 012,393,538 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bleep sng 1 p1 i1 wtvr.wav
[2010/08/08 15:41:39 | 044,304,240 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\V250110_21.070001.AVI
[2010/08/08 15:39:10 | 000,954,224 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\V180110_11.320001.AVI
[2010/08/08 15:35:59 | 000,065,737 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430928386292_665306292_5919601_1552814_n.jpg
[2010/08/08 15:17:36 | 000,037,791 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430927351292_665306292_5919486_677175_n.jpg
[2010/08/08 15:15:19 | 000,037,225 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430927221292_665306292_5919472_2824499_n.jpg
[2010/08/08 15:14:11 | 000,033,972 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430927211292_665306292_5919471_5897574_n.jpg
[2010/08/08 15:09:42 | 000,071,633 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\30179_430921096292_665306292_5919077_2812311_n.jpg
[2010/04/06 04:35:04 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\CommonDL.dll
[2010/04/06 04:35:04 | 000,002,410 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
[2010/02/20 16:03:56 | 000,000,081 | ---- | C] () -- C:\WINDOWS\fpg.INI
[2009/01/16 19:47:33 | 000,000,159 | ---- | C] () -- C:\WINDOWS\XGUSB.INI
[2008/12/08 21:27:24 | 000,003,563 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/17 20:33:53 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll
[2008/11/17 20:29:48 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll
[2008/06/21 18:01:17 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/06/21 18:01:17 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/06/21 17:44:34 | 004,762,112 | ---- | C] () -- C:\WINDOWS\System32\NCMedia.dll
[2008/06/21 17:44:34 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/06/21 17:44:34 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/05/21 14:16:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/05/20 15:37:02 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2008/05/20 15:36:10 | 000,010,628 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/05/20 15:35:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll
[2008/05/20 15:29:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/05/20 15:29:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/05/20 15:29:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/05/20 14:10:34 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini
[2008/05/20 14:09:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\wgedit.ini
[2008/05/20 14:09:20 | 000,057,344 | ---- | C] () -- C:\WINDOWS\uninstBVRP.dll
[2008/05/20 14:02:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/05/20 00:46:45 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008/05/20 00:46:45 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/10/04 19:33:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/04 19:33:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/09/28 18:56:22 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/09/28 18:53:06 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/06/15 16:20:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/02/13 15:07:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/03/03 02:33:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2010/02/14 15:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CounterPath
[2010/04/06 04:35:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
[2009/07/27 22:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGS
[2009/08/03 11:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microgaming
[2010/08/15 01:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/08 01:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2010/02/08 01:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirginMedia
[2009/01/16 23:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2010/08/11 23:29:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2008/09/17 06:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\cmw
[2008/11/10 02:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools
[2010/03/22 19:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Facebook
[2008/06/21 03:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FMZilla
[2008/05/20 15:34:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FotoWire
[2008/09/15 04:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlobalSCAPE
[2010/08/10 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2010/04/06 05:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LG Electronics
[2009/08/06 02:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LittlewoodsCasino
[2009/01/17 13:39:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MtStudio
[2010/02/08 01:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Virgin Broadband
[2008/05/23 02:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Desktop Search
[2008/05/23 02:23:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2010/08/14 23:38:43 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/15 14:11:57 | 000,000,254 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2010/08/15 01:57:41 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/05/22 18:43:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/05/22 20:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/05/22 18:43:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008/05/22 20:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\AGP440.SYS
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\AGP440.SYS
[2004/08/04 07:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 13:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2008/05/22 18:43:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/05/22 20:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/05/22 18:43:23 | 022,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/05/22 20:29:27 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 01:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:56:42 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 01:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:56:44 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 08:56:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 01:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/05/20 01:01:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/05/20 01:01:33 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/05/20 01:01:33 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9
< End of report >

Edited by Rtvanderam, 15 August 2010 - 09:09 PM.


#4 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 15 August 2010 - 09:04 PM

and here is the Extras.Tx,

OTL Extras logfile created on: 15/08/2010 05:08:23 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Owner\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)

511.00 Mb Total Physical Memory | 112.00 Mb Available Physical Memory | 22.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 51.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 2.04 Gb Free Space | 5.47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
https [open] -- "C:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10374:TCP" = 10374:TCP:*:Enabled:BitComet 10374 TCP
"10374:UDP" = 10374:UDP:*:Enabled:BitComet 10374 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Free Music Zilla\FMZilla.exe" = C:\Program Files\Free Music Zilla\FMZilla.exe:*:Enabled:FMZilla Module -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Anyplace Control 4\apc_host.exe" = C:\Program Files\Anyplace Control 4\apc_host.exe:*:Enabled:Anyplace Control - Host Module -- (Anyplace Control Software)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\AVG\AVGLS\avgupd.exe" = C:\Program Files\AVG\AVGLS\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVGLS\avgnsx.exe" = C:\Program Files\AVG\AVGLS\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0A6FE998-A146-4D34-93DF-DC47D00F0830}" = Anyplace Control 4.11.0.0 Trial
"{0B156FBB-2B2C-4818-AB9F-A3C3553C0007}" = Symantec Real Time Storage Protection Component
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{1F76ACFA-22FE-49F6-BC05-F4EC835F48CC}" = Norton GoBack 4.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{280C7673-2DF8-4E74-B031-D8F108BE2A6D}" = PRO200WL
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}" = Component Framework
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4B9B1B84-FEC0-46D5-BDB9-832565779422}" = CheckIt Diagnostics
"{4C2E5A82-DA8B-4c72-91A6-EBB4E0463537}_is1" = V Stuff Backup v1.6.2.16478
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{62120008-8E1E-4807-860D-A8B48F8552DB}" = Norton Protection Center
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities
"{6D3C6846-CDB6-418F-8FDB-DA21FE064F86}" = YAMAHA Musicsoft Downloader 5
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77364F85-6219-4CB8-AAA0-6D53368D683D}" = Connection Keep Alive
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7FC2AF73-10ED-404E-84A8-636B452404FD}" = Realtek RTL8139 Diagnostics Program
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81E76DE9-BBCB-449C-91BB-6E4E5436D496}" = Adobe Audition 1.0
"{849089CF-4988-49ED-A2DD-110CD5D9D7E8}" = PerformanceTest
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{905B4B8E-5103-4AB8-AC3A-D32D98C0AC8F}" = SymNet
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{984F10FD-11FD-4BED-8163-92DB81E6A825}" = Logitech IM Video Companion
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B0255743-165B-4BD5-8DA8-37DFB993B201}" = Norton Save and Restore
"{B0A88235-FDF0-4DCD-88A0-D78EA2D03AB9}" = iTunes
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{B2EFE303-A594-11D5-95EB-005004BC1C65}" = EPSON PhotoQuicker3.2
"{B5688129-7595-4E5B-9990-CEF981A31264}" = SyncToy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks Premier
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{CA31120D-2101-484D-9FF1-195DE96FE346}" = Norton Cleanup
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3436EE2-D5CB-4249-840B-3A0140CC34C1}" = PhoneTools
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FB55BB78-2BC2-43E9-80FF-517A8D1AE3AD}" = Norton SystemWorks
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Audacity_is1" = Audacity 1.2.6
"Avg8LsUninstall" = AVG LinkScanner® 8.5
"AviSynth" = AviSynth 2.5
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"BitComet" = BitComet 1.01
"Browser Defender_is1" = Browser Defender 2.0.6.15
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"E-PlayersCard" = E-PlayersCard
"EPSON Printer and Utilities" = EPSON Printer Software
"ffdshow_is1" = ffdshow [rev 2014] [2008-06-17]
"Free Music Zilla_is1" = Free Music Zilla
"Freez FLV to MP3 Converter V1.2_is1" = Freez FLV to MP3 Converter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Intel® PROSet II" = Intel® PROSet II
"Littlewoods Casino" = Littlewoods Casino
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MIDI TO MP3 1.0 DEMO" = MIDI TO MP3 1.0 DEMO
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultitrackStudio_is1" = MultitrackStudio Lite 5.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Paradise8" = Paradise 8
"platinumplay" = Platinum Play Online Casino
"PROSet" = Intel® PRO Ethernet Adapter and Software
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RadialpointClientGateway_is1" = Virgin Broadband advisor 1.5.24
"RealPlayer 6.0" = RealPlayer
"Rushmore Casino" = Rushmore Casino
"Spyware Doctor" = Spyware Doctor 7.0
"SymSetup.{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}" = Norton AntiVirus (Symantec Corporation)
"SymSetup.{B9807C3D-B3DD-41B7-8321-53DDB3A3A888}" = Norton SystemWorks (Symantec Corporation)
"VegasSky" = Vegas Sky
"Videora iPod Converter" = Videora iPod Converter 3.07
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X-Lite 1.5_is1" = X-Lite 3.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1844237615-854245398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14/08/2010 08:10:27 | Computer Name = ROSS | Source = ESENT | ID = 485
Description = wuauclt (6132) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).

Error - 14/08/2010 11:16:34 | Computer Name = ROSS | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

Error - 14/08/2010 13:31:25 | Computer Name = ROSS | Source = Norton Save and Restore | ID = 100
Description = Error EC8F1C50: Cannot create file backup for job: My Documents Backup.
Error E7D1000B: Unable to make directory 'H:/'. Error E7D10026: Unable to get attributes
for 'H:/'. Error EBAB03F1: The system cannot find the path specified. Error E4BC0004:
Unable to backup file C:/Documents and Settings/Owner/My Documents/01.wmv. Details:
0xEBAB0005 Source: Norton Save & Restore

Error - 14/08/2010 19:48:23 | Computer Name = ROSS | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

Error - 14/08/2010 19:58:24 | Computer Name = ROSS | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 14/08/2010 20:11:14 | Computer Name = ROSS | Source = Windows Search Service | ID = 3100
Description = Unable to initialize the filter host process. Terminating. Details:
This
operation returned because the timeout period expired. (0x800705b4)

Error - 15/08/2010 00:19:04 | Computer Name = ROSS | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 15/08/2010 01:02:17 | Computer Name = ROSS | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D.

Error - 15/08/2010 13:35:02 | Computer Name = ROSS | Source = Norton Save and Restore | ID = 100
Description = Error EC8F1C50: Cannot create file backup for job: My Documents Backup.
Error E7D1000B: Unable to make directory 'H:/'. Error E7D10026: Unable to get attributes
for 'H:/'. Error EBAB03F1: The system cannot find the path specified. Error E4BC0004:
Unable to backup file C:/Documents and Settings/Owner/My Documents/01.wmv. Details:
0xEBAB0005 Source: Norton Save & Restore

Error - 15/08/2010 14:00:57 | Computer Name = ROSS | Source = Norton Save and Restore | ID = 100
Description = Error EC8F17B7: Cannot create recovery points for job: My Computer
Backup. Error EC8F03ED: Cannot create the recovery point. Error E7D10026: Unable
to get attributes for 'H:/Norton Backups/'. Error EBAB03F1: The system cannot find
the path specified. Details: 0xE7D10026 Source: Norton Save & Restore

[ System Events ]
Error - 14/08/2010 07:08:32 | Computer Name = ROSS | Source = Service Control Manager | ID = 7024
Description = The Routing and Remote Access service terminated with service-specific
error 2 (0x2).

Error - 14/08/2010 07:22:27 | Computer Name = ROSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 14/08/2010 07:22:35 | Computer Name = ROSS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 14/08/2010 11:16:32 | Computer Name = ROSS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 14/08/2010 11:16:32 | Computer Name = ROSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 14/08/2010 19:48:19 | Computer Name = ROSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 14/08/2010 19:48:29 | Computer Name = ROSS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 15/08/2010 01:02:13 | Computer Name = ROSS | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 15/08/2010 01:02:46 | Computer Name = ROSS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 15/08/2010 07:24:59 | Computer Name = ROSS | Source = DCOM | ID = 10010
Description = The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register
with DCOM within the required timeout.


< End of report >




#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 16 August 2010 - 02:05 AM

Still waiting to see the GMER log. Once I have that we can move forward.

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#6 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 16 August 2010 - 08:33 AM

just to be sure, should the "show all" tab be checked or unchecked?

i should be able to post it in the next 24 hours, i tried to do a scan already but, there was an error, i think something to do with the "devices", so i'll do one again it takes quite a while to scan but i'm going to be running it again asap




#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 16 August 2010 - 10:40 PM

Please have "show all" unchecked

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#8 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 18 August 2010 - 05:49 AM

finally managed to get the gmer log up,

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-18 07:17:53
Windows 5.1.2600 Service Pack 3
Running: 2erooi18.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwClose [0xF860BA40]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF8661112]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF86402D6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF86404C8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF8661900]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF8661BB4]
SSDT GoBack2K.sys (Norton GoBack Engine Driver/Symantec Corporation) ZwFsControlFile [0xF860BAD0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF865FE12]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF8662020]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF86613D2]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF863FF44]

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions FASTDETECT NOEXECUTE=OPTIN
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 1260
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\129265117555000000_C3612C40-A9E3-11DF-9A78-0007E9B0113D.TMP??\??\C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\129265416754062500_6D088E24-AA29-11DF-9A78-0007E9B0113D.TMP??
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 3515
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT@EventMessageFile C:\WINDOWS\system32\ESENT.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT@CategoryMessageFile C:\WINDOWS\system32\ESENT.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x76 0x06 0x5E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0xFA 0xD3 0xA7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0x82 0x5E 0x1F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x7D 0x76 0x06 0x5E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x47 0xFA 0xD3 0xA7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xE1 0x82 0x5E 0x1F ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeLow -1247330556
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@ProfileLoadTimeHigh 30096810
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20@RefCount 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-854245398-682003330-1003@ProfileLoadTimeLow 550950694
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-854245398-682003330-1003@ProfileLoadTimeHigh 30096811
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1844237615-854245398-682003330-1003@RefCount 0

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\My Documents\1.wav 12411258 bytes
File C:\Documents and Settings\Owner\My Documents\2.wav 11890974 bytes
File C:\Documents and Settings\Owner\My Documents\3.wav 13101178 bytes
File C:\Documents and Settings\Owner\My Documents\4.wav 7455978 bytes

---- EOF - GMER 1.0.15 ----


#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 19 August 2010 - 01:37 PM

Hello.

Alrighty. . . looks like we're dealing with a worm here. That would explain your constant loss of hard drive space. Lots of other nasties on the machine too though, so you'll need to make sure you follow all my instructions carefully, and continue working with me until I declare you clean if we're going to get it all. We'll also do this in stages, so we may not see any improvement immediately, but rest assured things are being fixed.

Question for you:
Is this computer on a local network?

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":

Free Music Zilla

Additional instructions can be found here if needed.

***************************************************

Your logs show that you have been visiting online gambling sites with software installed on your computer. I know that you may use these programs on a regular basis but I think it's important to note that often these kind of programs are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programs if you do not use them anymore or did not install these programs yourself on purpose.
There are so many online poker games out there these days that it is close to impossible to keep track of whether a program is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the program, then you can do so by following the below steps:
  1. Go to Start > Control Panel > Add or Remove Programs.
  2. Remove the following programs (if they are present):
    • E-PlayersCard
    • Paradise 8
    • Platinum Play Online Casino
    • Rushmore Casino
    • Vegas Sky


***************************************************

Please download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.

***************************************************

Please download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (With Vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • A log named MBRcheck will be on your desktop
  • Copy and paste that log in your next reply
~Blade

In your next reply, please include the following:
MBRcheck Log

Edited by Blade Zephon, 19 August 2010 - 01:38 PM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 27 August 2010 - 01:36 AM

are you still there?

~Blade

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#11 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 27 August 2010 - 06:16 AM

Hi Blade sorry for not responding eariler, i've not been able to access my pc for a few days until now, but i have the MBR log here,

Just to say thanks a lot again for the help,

I uninstalled the programs you listed in the last post, also, about the local network, this pc isn't on a local network,

When trying to uninstall Free Music Zilla in Add/Remove programs, Ad-Aware came up with a message saying something like "something was trying to make changes to or access the windows registry"

And also with Paradise 8 Casino when trying to uninstall in Add/Remove programs, Ad-Aware came up with the same message but saying "au_.exe" was trying to access something in the windows registry, but then when I clicked cancel uninstall, Ad-Aware then said "uninst.exe" is trying to access/change something in the windows registry, so i'm not sure if it was because of malware in the programs, but i uninstalled them anyway,

Also with Rushmore Casino - when trying to uninstall in Add/Remove programs, a message box popped up from Malwarebytes, saying


"Malwarebytes' Anti-Malware has detected a malicious process attempting to start and has blocked the execution attempt.

C:\Program Files\Rushmore Casino\Install.exe
(Adware Casino)

Please select an option below

Disable Protection Ignore Quarantine "


I chose - Quarantine




here is the MBR log,


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000005

Kernel Drivers (total 152):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF8C37000 \WINDOWS\system32\KDCOM.DLL
0xF8B47000 \WINDOWS\system32\BOOTVID.dll
0xF86F6000 fltmgr.sys
0xF86C8000 ACPI.sys
0xF8C39000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF86B7000 pci.sys
0xF8737000 isapnp.sys
0xF89B7000 GBDevice.sys
0xF8CFF000 pciide.sys
0xF89BF000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF8C3B000 intelide.sys
0xF8747000 MountMgr.sys
0xF8698000 ftdisk.sys
0xF89C7000 PartMgr.sys
0xF8757000 VolSnap.sys
0xF8680000 atapi.sys
0xF8767000 disk.sys
0xF8777000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF866E000 sr.sys
0xF8635000 PCTCore.sys
0xF8787000 Lbd.sys
0xF8608000 GoBack2K.sys
0xF8797000 PxHelp20.sys
0xF85E7000 symsnap.sys
0xF85D0000 KSecDD.sys
0xF8543000 Ntfs.sys
0xF8516000 NDIS.sys
0xF84FC000 Mup.sys
0xF87A7000 agp440.sys
0xF84C4000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF8927000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF72EA000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF72D6000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF89FF000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF72B2000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF8A07000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF728C000 \SystemRoot\System32\DRIVERS\el90xnd5.sys
0xF71F7000 \SystemRoot\System32\DRIVERS\ltmdmnt.sys
0xF8A0F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8A17000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF71E2000 \SystemRoot\system32\DRIVERS\e1000nt5.sys
0xF8937000 \SystemRoot\System32\DRIVERS\serial.sys
0xF84C0000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF8A1F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF71CE000 \SystemRoot\System32\DRIVERS\parport.sys
0xF8947000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF8A27000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF8A2F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7159000 \SystemRoot\system32\drivers\smwdm.sys
0xF8DA6000 \SystemRoot\system32\drivers\SENSUPGD.SYS
0xF7135000 \SystemRoot\system32\drivers\portcls.sys
0xF8957000 \SystemRoot\system32\drivers\drmk.sys
0xF7112000 \SystemRoot\system32\drivers\ks.sys
0xF8C73000 \SystemRoot\system32\drivers\aeaudio.sys
0xF8DA8000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF8967000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF84BC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF70FB000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF8977000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7785000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF8A37000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF70EA000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7775000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF8A3F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF8A47000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF8C75000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7765000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF8A4F000 \SystemRoot\system32\DRIVERS\SymIM.sys
0xF8C77000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF708C000 \SystemRoot\System32\DRIVERS\update.sys
0xF84B4000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7755000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7705000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF8C85000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF8C07000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF8A97000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF4E9F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF4E56000 \SystemRoot\System32\Drivers\SRTSP.SYS
0xF4CE5000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xF87D7000 \SystemRoot\System32\Drivers\SRTSPX.SYS
0xF4C90000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF8CA9000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF8D17000 \SystemRoot\System32\Drivers\Null.SYS
0xF8CAF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF89DF000 \SystemRoot\System32\drivers\vga.sys
0xF8CBF000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF8CC3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF4C36000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF8B1F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF8A5F000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF4BF1000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF8BEB000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF4BCC000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF4B73000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF4B13000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF4AED000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF4AD4000 \SystemRoot\System32\Drivers\avgtdix.sys
0xF4AAC000 \SystemRoot\System32\DRIVERS\netbt.sys
0xF4A80000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xF4B4F000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xF8C3F000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xF8A7F000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xF4A6A000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xF8B3F000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xF4A25000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\ipsdefs\20100810.001\SymIDSCo.sys
0xF4A03000 \SystemRoot\System32\drivers\afd.sys
0xF8807000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF49E1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF8AE7000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF49B6000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xF84D0000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xF4946000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF8857000 \SystemRoot\System32\Drivers\Fips.SYS
0xF48E8000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xF48CB000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xF488E000 \SystemRoot\System32\Drivers\avgldx86.sys
0xF484E000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF8CD1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF706C000 \SystemRoot\System32\drivers\Dxapi.sys
0xF8AFF000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF8D7C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF4CB5000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xB9B90000 \SystemRoot\System32\DRIVERS\AegisP.sys
0xB9B7C000 \SystemRoot\System32\DRIVERS\mdc8021x.sys
0xB9B3A000 \SystemRoot\system32\DRIVERS\nwlnkipx.sys
0xBA488000 \SystemRoot\system32\DRIVERS\nwlnknb.sys
0xB9BB0000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB98BE000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB96A1000 \SystemRoot\system32\drivers\wdmaud.sys
0xB973E000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9651000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF8C5B000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xF8AF7000 \SystemRoot\System32\Drivers\GBFSHook.SYS
0xB9027000 \SystemRoot\System32\DRIVERS\srv.sys
0xB8E7F000 \SystemRoot\system32\DRIVERS\nwlnkspx.sys
0xF89EF000 \SystemRoot\system32\DRIVERS\v2imount.sys
0xB8937000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB8AB7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xB8AA7000 \??\C:\WINDOWS\system32\drivers\NMSCFG.SYS
0xB8C7F000 \??\C:\WINDOWS\system32\Drivers\NPDRIVER.SYS
0xB8656000 \SystemRoot\System32\Drivers\HTTP.sys
0xB846E000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xB7321000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVEX15.SYS
0xB730D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100814.002\NAVENG.SYS
0xB60A9000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 56):
0 System Idle Process
4 System
1140 C:\WINDOWS\system32\smss.exe
1196 csrss.exe
1220 C:\WINDOWS\system32\winlogon.exe
1264 C:\WINDOWS\system32\services.exe
1276 C:\WINDOWS\system32\lsass.exe
1436 C:\WINDOWS\system32\svchost.exe
1528 svchost.exe
1584 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1620 C:\WINDOWS\system32\svchost.exe
2024 svchost.exe
248 svchost.exe
372 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
688 C:\WINDOWS\explorer.exe
1476 C:\WINDOWS\system32\spoolsv.exe
1748 svchost.exe
680 C:\WINDOWS\svcadmin.exe
1540 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
716 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
820 C:\PROGRA~1\AVG\AVGLS\avgwdsvc.exe
1752 C:\Program Files\Bonjour\mDNSResponder.exe
1792 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1872 C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
1884 C:\PROGRA~1\AVG\AVGLS\avgnsx.exe
1132 C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
2128 C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBPoll.exe
2380 C:\Program Files\Java\jre6\bin\jqs.exe
2416 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
2472 C:\WINDOWS\system32\NMSSvc.Exe
2496 C:\Program Files\Norton Save and Restore\Agent\VProSvc.exe
2528 C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
2600 C:\WINDOWS\system32\nvsvc32.exe
2692 C:\WINDOWS\system32\snmp.exe
2720 C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
2860 C:\WINDOWS\system32\svchost.exe
3368 C:\WINDOWS\system32\searchindexer.exe
3232 C:\Program Files\Common Files\Logitech\QCDriver3\LVComS.exe
3264 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
3276 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
412 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
3304 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2564 C:\Program Files\Norton Save and Restore\Agent\VProTray.exe
784 C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE
3332 C:\PROGRA~1\AVG\AVGLS\avgtray.exe
3392 C:\Program Files\Microsoft Security Essentials\msseces.exe
1128 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
1400 C:\WINDOWS\system32\ctfmon.exe
3532 C:\Program Files\Norton SystemWorks Premier\Norton GoBack\GBTray.exe
1712 C:\Program Files\iPod\bin\iPodService.exe
3436 C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
5920 C:\WINDOWS\system32\taskmgr.exe
5180 C:\Program Files\Safari\Safari.exe
3832 C:\WINDOWS\system32\rundll32.exe
5824 C:\WINDOWS\system32\notepad.exe
2188 C:\Documents and Settings\Owner\My Documents\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD400BB-75CAA0, Rev: 16.06V16

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

Edited by Rtvanderam, 27 August 2010 - 06:19 AM.


#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 30 August 2010 - 08:25 PM

Hello.

Sorry about the delay.

Alright, let's get started. Our first step is to get an updated version of ComboFix on the machine. We'll start manually targeting malware after that.

Please delete the copy of ComboFix you currently have downloaded by right clicking the icon and selecting delete. Then Download a new one from here, but rename it to renamed.exe before saving it to your desktop.

Link 1
Link 2

* IMPORTANT !!! Save renamed.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Edited by Blade Zephon, 30 August 2010 - 08:26 PM.

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#13 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 31 August 2010 - 03:56 PM

Got the ComboFix Log here,




ComboFix 10-08-30.02 - Owner 31/08/2010 20:27:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.511.207 [GMT 1:00]
Running from: c:\documents and settings\Owner\Desktop\renamed.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton AntiVirus *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton AntiVirus *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 )))))))))))))))))))))))))))))))
.

2010-08-20 13:32 . 2010-08-20 13:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-08-18 22:46 . 2010-08-18 22:46 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-18 09:46 . 2010-08-18 09:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PCHealth
2010-08-14 23:47 . 2010-08-14 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-14 23:47 . 2010-08-14 23:47 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2010-08-14 23:05 . 2010-08-14 23:49 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-14 11:40 . 2010-08-14 11:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-08-14 10:49 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-14 10:49 . 2010-08-14 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-14 10:49 . 2010-08-14 10:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 10:49 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-12 10:56 . 2010-07-12 08:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-11 22:38 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-11 22:31 . 2010-08-11 22:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sunbelt Software
2010-08-11 22:29 . 2010-08-11 22:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-11 22:23 . 2010-08-11 22:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-11 22:23 . 2010-08-11 22:23 -------- d-----w- c:\program files\Lavasoft
2010-08-11 06:18 . 2010-06-01 17:37 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-08-11 06:10 . 2010-08-11 06:11 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-11 05:54 . 2010-08-11 05:54 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert
2010-08-11 02:29 . 2010-01-27 12:51 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-11 02:29 . 2010-01-22 07:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-11 02:29 . 2008-11-26 10:08 131 ----a-w- c:\windows\IDB.zip
2010-08-11 02:29 . 2010-01-22 07:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-11 02:29 . 2010-01-22 07:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-11 02:29 . 2009-10-27 23:36 1152444 ----a-w- c:\windows\UDB.zip
2010-08-11 02:25 . 2010-02-05 08:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-08-11 02:25 . 2010-03-29 09:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-08-11 02:25 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-08-11 02:24 . 2010-04-08 13:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-08-11 02:23 . 2010-08-31 18:04 -------- d-----w- c:\program files\Spyware Doctor
2010-08-11 02:23 . 2010-08-11 02:25 -------- d-----w- c:\program files\Common Files\PC Tools
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools
2010-08-11 02:23 . 2010-08-11 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-08-10 13:17 . 2010-08-10 13:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-08-10 13:17 . 2010-08-10 22:49 -------- d-----w- c:\program files\Carbonite
2010-08-10 12:34 . 2010-08-10 12:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Leadertech
2010-08-08 14:23 . 2009-12-16 02:30 65776 ----a-w- c:\windows\UnDeploy.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-31 19:20 . 2009-07-27 22:38 -------- d-----w- c:\program files\First Principle Group
2010-08-31 19:20 . 2008-05-31 16:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-31 18:50 . 2008-11-10 02:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-30 14:09 . 2008-11-10 14:52 -------- d-----w- c:\program files\Norton SystemWorks Premier
2010-08-27 10:46 . 2009-07-30 04:42 -------- d-----w- c:\program files\Rushmore Casino
2010-08-26 18:08 . 2008-11-10 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-13 03:46 . 2008-07-21 14:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-10 11:32 . 2008-05-20 00:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-30 12:31 . 2002-08-29 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2002-08-29 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2002-08-29 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2002-08-29 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2008-05-19 23:24 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-14 07:41 . 2002-08-29 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-10 22:33 . 2010-06-10 22:33 784 ----a-w- c:\documents and settings\Owner\Application Data\mpauth.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1234176 ----a-w- c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVGLS\Toolbar\IEToolbar.dll" [2009-11-25 1234176]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"V Stuff Backup"="c:\program files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" [2010-01-19 8262928]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-06-15 6803456]
"nwiz"="nwiz.exe" [2005-06-15 1519616]
"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-06-15 86016]
"EPSON Stylus C82 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2002-07-01 74752]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-06-03 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-09 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"NSWosCheck"="c:\program files\Norton SystemWorks Premier\osCheck.exe" [2007-09-18 25472]
"osCheck"="c:\program files\Norton AntiVirus\osCheck.exe" [2007-08-25 714608]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2008-05-07 2037088]
"First Principle Group"="c:\program files\First Principle Group\fpg.exe" [2007-08-15 1802240]
"Broadbandadvisor.exe"="c:\program files\Virgin Broadband\advisor\Broadbandadvisor.exe" [2009-01-29 2303216]
"AVG8_TRAY"="c:\progra~1\AVG\AVGLS\avgtray.exe" [2010-02-09 1950488]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"B2C_AGENT"="c:\documents and settings\All Users\Application Data\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2010-03-16 300992]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-5-20 169472]
Norton GoBack.lnk - c:\program files\Norton SystemWorks Premier\Norton GoBack\GBTray.exe [2006-7-19 861872]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-3-25 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-03-25 303616]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi4"=xgusb.cpl
"midi5"=xgusb.cpl
"midi6"=xgusb.cpl
"midi7"=xgusb.cpl
"midi8"=xgusb.cpl

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Anyplace Control 4\\apc_host.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\AVG\\AVGLS\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVGLS\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10374:TCP"= 10374:TCP:BitComet 10374 TCP
"10374:UDP"= 10374:UDP:BitComet 10374 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/08/2010 23:38 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/08/2010 03:25 218592]
R1 AvgLdx86;AVG LinkScanner® AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [09/02/2010 06:49 253576]
R1 AvgTdiX;AVG LinkScanner® Network Redirector;c:\windows\system32\drivers\avgtdix.sys [09/02/2010 06:49 108296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 19:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 19:41 67656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [11/08/2010 03:29 112592]
R2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [27/06/2007 19:45 3425632]
R2 NProtectService;Norton UnErase Protection;c:\progra~1\NORTON~1\NORTON~1\NPROTECT.EXE [04/11/2005 04:08 95832]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [09/08/2010 20:38 102448]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/08/2010 11:49 20952]
S2 Anyplace Control Security;Anyplace Control Security;c:\windows\svcadmin.exe [19/05/2009 19:10 112128]
S2 avg8wd;AVG LinkScanner® WatchDog;c:\progra~1\AVG\AVGLS\avgwdsvc.exe [09/02/2010 06:48 298776]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [25/08/2007 06:07 149352]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/08/2010 11:49 304464]
S3 ATHFMWDL;NETGEAR WPN111 Bootloader driver;c:\windows\system32\Drivers\athwpn.sys --> c:\windows\system32\Drivers\athwpn.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [29/05/2007 21:55 23888]
S3 DIGIRPS;Digi PortServer Driver;c:\windows\system32\drivers\digirlpt.sys [06/09/2009 15:48 42432]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [20/05/2008 00:46 17149]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 09:55 1355416]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [18/08/2010 23:46 15008]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13/08/2010 11:19 366840]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys --> c:\windows\system32\DRIVERS\WPN111.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/11/2008 02:46 717296]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - NMSCFG

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 22:45]

2010-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-31 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]

2010-08-30 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Owner.job
- c:\program files\Norton AntiVirus\Navw32.exe [2007-08-27 01:19]

2010-08-30 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks Premier\OBC.exe [2007-09-18 08:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\7bgre7z4.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 21:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1264)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

- - - - - - - > 'explorer.exe'(2452)
c:\windows\system32\WININET.dll
c:\program files\Norton SystemWorks Premier\Norton GoBack\ShellExt.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-31 21:22:25
ComboFix-quarantined-files.txt 2010-08-31 20:22
ComboFix2.txt 2010-08-11 05:47

Pre-Run: 3,638,136,832 bytes free
Post-Run: 3,717,017,600 bytes free

- - End Of File - - 25366A646FB6E709BA598B7723039227

Edited by Rtvanderam, 01 September 2010 - 07:29 AM.


#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,785 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:03:45 PM

Posted 01 September 2010 - 11:47 AM

Hello Rtvanderam.

Alrighty. . . let's get to work. smile.gif

Did you create these files and folders (and many many others like them)??
    C:\Documents and Settings\Owner\My Documents\New Funk Song 249
    C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 4.wav

***************************************************

We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

    :REG
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=-

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=-

    :commands
    [emptytemp]
  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.

~Blade


In your next reply, please include the following:
OTL log
Answer to the above question(s)

animinionsmalltext.gif
If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!


#15 Rtvanderam

Rtvanderam
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:03:45 PM

Posted 01 September 2010 - 03:04 PM

OTL Log here,

About the

C:\Documents and Settings\Owner\My Documents\New Funk Song 249
C:\Documents and Settings\Owner\My Documents\6 nwst shr 6 p1 i 4.wav etc

Yeah those were created by somebody on this pc,



All processes killed
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65804 bytes

User: NetworkService
->Temp folder emptied: 9064 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner
->Temp folder emptied: 323909212 bytes
->Temporary Internet Files folder emptied: 11295600 bytes
->Java cache emptied: 1751637 bytes
->FireFox cache emptied: 28036977 bytes
->Apple Safari cache emptied: 79756288 bytes
->Flash cache emptied: 2232409 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 428.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 09012010_201944

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Edited by Rtvanderam, 01 September 2010 - 05:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users