Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus


  • This topic is locked This topic is locked
15 replies to this topic

#1 OfficialNigel

OfficialNigel

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 14 August 2010 - 08:44 PM

I have been getting redirected all over the place, search results, websites. I have scanned with multiple programs and I still have the problem.
Hijack This Log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:46 PM, on 8/14/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jucheck.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Nigel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nigel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nigel\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QBReminderFlash] "C:\Program Files\Intuit\QuickBooks 2005\Atom\QBReminder.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [BuildBU] c:\dell\bldbubg.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nigel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

--
End of file - 6765 bytes

Need anything else?

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:24 AM

Posted 21 August 2010 - 01:58 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 26 August 2010 - 01:09 PM

It seems to have disappeared but it has disappeared before so it may be hiding or something.




info.txt logfile of random's system information tool 1.08 2010-08-26 14:01:03

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}
Adobe Download Manager-->"C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
AhnLab Online Security-->C:\Program Files\AhnLab\ASP\Common\aosremove.exe
America Online (Choose which version to remove)-->C:\Program Files\Common Files\aolshare\Aolunins_us.exe
AOL Coach Version 1.0(Build:20040229.1 en)-->C:\Program Files\Common Files\aolshare\Coach\AolCInUn.exe
AOL Connectivity Services-->C:\PROGRA~1\COMMON~1\AOL\ACS\AcsUninstall.exe /c
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}
Dell Media Experience-->MsiExec.exe /I{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 5.0.0 (630)-->rundll32 C:\PROGRA~1\DELLSU~1\AUInst.dll,ExUninstall
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
FlashGet 3.3-->C:\Program Files\FlashGet Network\FlashGet 3\uninst.exe
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB958655-v2)-->"C:\WINDOWS\$NtUninstallKB958655-v2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Intel® Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
Intel® PRO Network Adapters and Drivers-->Prounstl.exe
Intel® PROSet for Wired Connections-->MsiExec.exe /I{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java™ 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ SE Development Kit 6 Update 21-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160210}
K-Lite Mega Codec Pack 6.3.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Linksys EasyLink Advisor-->"C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe" REMOVE=TRUE MODIFY=FALSE
Linksys EasyLink Advisor-->C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
MapleStory-->"C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe" -mode:uninstall -game:589825 -locale:KR
MapleStory-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563155 -locale:US
Media Player Classic - Home Cinema v. 1.3.1249.0-->"C:\Program Files\MPC HomeCinema\unins000.exe"
Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{47C39E4A-28F2-33B1-B9B7-97F24E52D917}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 R2 Management Objects-->MsiExec.exe /I{4E968D9C-21A7-4915-B698-F7AEB913541D}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server System CLR Types-->MsiExec.exe /I{2A2F3AE8-246A-4252-BB26-1BEB45627074}
Microsoft Visual C# 2010 Express - ENU-->C:\Program Files\Microsoft Visual Studio 10.0\Microsoft Visual C# 2010 Express - ENU\setup.exe
Microsoft Visual C# 2010 Express - ENU-->MsiExec.exe /X{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974-->MsiExec.exe /X{B7E38540-E355-3503-AFD7-635B2F2F76E1}
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools-->MsiExec.exe /X{14DD7530-CCD2-3798-B37D-3839ED6A441C}
Modem Event Monitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}\setup.exe" -l0x9
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Modem On Hold-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Mozilla Firefox (3.6.8)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}\setup.exe" -l0x9 -uninst
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
Nexon Game Manager-->"C:\Documents and Settings\All Users\Application Data\Nexon\NGM\NGM.exe" -mode:uninstall -dll:platform.nexon.com/NGM/Bin/NGMDll.dll -game:0 -locale:KR -load_from_local
Pando Media Booster-->C:\Program Files\Pando Networks\Media Booster\uninst.exe
Photo Click-->MsiExec.exe /I{6E179C77-7335-458D-9537-4F4EAC0181ED}
PopTag!-->"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33562634 -locale:US
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Encoder (KB979332)-->"C:\WINDOWS\$NtUninstallKB979332_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Security Update for Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Security Update for Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Security Update for Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982381)-->"C:\WINDOWS\$NtUninstallKB982381$\spuninst\spuninst.exe"
Security Update for Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Sonic DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
TweetDeck-->msiexec /qb /x {012048E1-BFFF-682E-8FA2-8325B2B16784}
TweetDeck-->MsiExec.exe /I{012048E1-BFFF-682E-8FA2-8325B2B16784}
Ulead VideoStudio SE DVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}\Setup.exe" -l0x9
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB982632)-->"C:\WINDOWS\ie8updates\KB982632-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
USB2.0 Capture Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E337B156-DF81-48D8-8977-B1574EE87BCF}\Setup.exe" -l0x9
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /X{112C23F2-C036-4D40-BED4-0CB47BF5555C}
WebEx Support Manager for Internet Explorer-->MsiExec.exe /I{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WordPerfect Office 12-->MsiExec.exe /I{AF19F291-F22F-4798-9662-525305AE9E48}
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Security center information======

AV: AntiVir Desktop
FW: ZoneAlarm Firewall

======System event log======

Computer Name: EF
Event Code: 7034
Message: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Record Number: 702
Source Name: Service Control Manager
Time Written: 20100815155009.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 7034
Message: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Record Number: 600
Source Name: Service Control Manager
Time Written: 20100814223447.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 1003
Message: Error code 000000f4, parameter1 00000003, parameter2 8215aa18, parameter3 8215ab8c, parameter4 805fa7a8.

Record Number: 562
Source Name: System Error
Time Written: 20100814215059.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 1003
Message: Error code 000000f4, parameter1 00000003, parameter2 81ec3da0, parameter3 81ec3f14, parameter4 805fa7a8.

Record Number: 535
Source Name: System Error
Time Written: 20100814212723.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 7034
Message: The Linksys Updater service terminated unexpectedly. It has done this 1 time(s).

Record Number: 499
Source Name: Service Control Manager
Time Written: 20100814204203.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: EF
Event Code: 20
Message:
Record Number: 201
Source Name: Google Update
Time Written: 20100815042306.000000-240
Event Type: error
User: EF\Nigel

Computer Name: EF
Event Code: 1002
Message: Hanging application chrome.exe, version 0.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 186
Source Name: Application Hang
Time Written: 20100815001942.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 1000
Message: Faulting application gmer.exe, version 1.0.15.15281, faulting module gmer.exe, version 1.0.15.15281, fault address 0x0000c4b1.

Record Number: 175
Source Name: Application Error
Time Written: 20100814214124.000000-240
Event Type: error
User:

Computer Name: EF
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: WindowsFormsIntegration, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 166
Source Name: .NET Runtime Optimization Service
Time Written: 20100814202528.000000-240
Event Type:
User:

Computer Name: EF
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: UIAutomationClient, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35


Record Number: 164
Source Name: .NET Runtime Optimization Service
Time Written: 20100814202527.000000-240
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0401
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8
"windir"=%SystemRoot%

-----------------EOF-----------------


#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:24 AM

Posted 28 August 2010 - 06:17 PM

  1. Please download Trend Micro - HijackThis.
  2. Double click HJTInstall.exe to begin installation.
  3. Accept the installation location, which by default is C:\Program Files\Trend Micro\HijackThis or click the Browse... button if you want to save it in another location.
  4. Click Install.
  5. A shortcut will be created on your Desktop and HijackThis will run automatically.
  6. You will need to accept the EULA, if it appears, to be able to use the tool.
  7. When HijackThis opens, click on the Do a system scan and save a log file button.
  8. When HijackThis has finished scanning, a window entitled hijackthis.log will open. When you close this window, the log will be saved into the HijackThis folder.
  9. If needed, see TrendMicro™ HijackThis™ Quick Start Guide
  10. Copy and paste this log into your next reply.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 02 September 2010 - 07:51 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:52 PM, on 9/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\system32\java.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\trend micro\HiJackThis\HiJackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\FlashGetBHO3.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nigel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\GetAllUrl.htm
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\GetUrl.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://software.kuaiche.com
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: Syntek STK1160 Service (StkASSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkASv2K.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 6791 bytes


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 03 September 2010 - 08:00 AM

Hello, because suebaby41 is unavailable at the moment, I will take over this thread.

Since I'm not used to working with RSIT, I want to ask you to run another scan instead, as well as a rootkit scan.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 04 September 2010 - 12:52 PM

OTL Log

OTL logfile created on: 1/6/2006 1:42:10 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Nigel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.84 Gb Total Space | 37.59 Gb Free Space | 53.06% Space Free | Partition Type: NTFS
Drive D: | 425.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EF
Current User Name: Nigel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/15 06:25:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
PRC - [2010/07/22 21:07:03 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/22 21:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/04/01 12:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 10:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\system32\StkASv2K.exe
PRC - [2006/01/06 13:13:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nigel\Desktop\OTL.exe
PRC - [2004/10/14 19:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2004/07/27 16:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe


========== Modules (SafeList) ==========

MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/01/06 13:13:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nigel\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/08/31 15:52:01 | 002,854,488 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/rswin_3746.dll -- (Akamai)
SRV - [2010/08/14 16:36:05 | 001,355,416 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/07/26 15:01:58 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/04/01 12:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 14:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2006/09/28 04:20:00 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\WINDOWS\system32\StkASv2K.exe -- (StkASSrv)
SRV - [2004/04/07 12:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Nigel\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/14 16:36:18 | 000,015,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/05/13 09:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/10/07 04:05:00 | 000,141,176 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/10/07 04:05:00 | 000,086,136 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/12/12 17:05:20 | 000,025,264 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 17:05:18 | 000,023,984 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/11/15 16:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkAMini.sys -- (StkAMini)
DRV - [2006/06/27 17:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StkScan.sys -- (StkScan)
DRV - [2005/07/08 03:02:14 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/12/06 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 01:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 01:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 01:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 03:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 02:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/09/17 14:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/04 05:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 03:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 04:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 04:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 04:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.nexon.com
IE - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.87
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: optimizegoogle@optimizegoogle.com:0.78.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100823
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.5.10.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 23:18:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/15 10:14:40 | 000,000,000 | ---D | M]

[2010/08/14 23:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Extensions
[2010/09/02 21:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions
[2010/08/16 11:47:57 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010/08/27 22:37:15 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/08/27 22:37:13 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/08/17 10:37:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/27 22:37:12 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/08/16 11:52:16 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/15 10:14:11 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/15 11:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\Mozilla\Firefox\Profiles\h1vcyw8f.default\extensions\optimizegoogle@optimizegoogle.com
[2010/09/02 21:41:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/15 06:25:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/15 06:25:31 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/14 19:44:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download All By FlashGet3 - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download By FlashGet3 - C:\Documents and Settings\Nigel\Application Data\FlashGetBHO\GetUrl.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKU\S-1-5-21-4234480032-1940963223-1519933361-1006\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.254.1 167.206.254.2
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/06/28 02:31:27 | 000,000,000 | R--D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2006/10/30 05:14:28 | 000,000,060 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 17:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\World3
[2010/09/01 14:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nigel\Recent
[2010/09/01 14:06:37 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2010/08/31 15:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2010/08/31 10:16:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/29 23:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\TechSmith
[2010/08/29 23:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\My Documents\Camtasia Studio
[2010/08/29 23:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010/08/29 23:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010/08/29 23:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/08/28 19:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\MineCraft Alpha 1.0.17_04
[2010/08/28 19:27:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\.minecraft
[2010/08/28 19:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\IObit
[2010/08/28 19:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/08/27 22:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Identities
[2010/08/26 13:00:06 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/08/26 12:59:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/08/25 17:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Temporary Projects
[2010/08/25 11:34:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\Shortcuts
[2010/08/24 15:47:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\MapleStory
[2010/08/23 22:22:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/08/23 22:21:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/08/23 22:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/08/23 22:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/08/23 22:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\My Documents\Visual Studio 2010
[2010/08/23 22:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2010/08/23 22:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2010/08/23 22:04:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2010/08/23 21:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/08/23 20:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\Java Projects
[2010/08/23 20:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\eclipse-java-helios-win32
[2010/08/23 20:02:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\WinRAR
[2010/08/23 20:02:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/23 19:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Sun
[2010/08/23 11:50:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Dev-Cpp
[2010/08/23 05:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/23 05:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/08/23 05:35:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/08/21 23:08:55 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nigel\PrivacIE
[2010/08/16 23:30:38 | 000,141,176 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2kfNT.sys
[2010/08/16 23:30:38 | 000,086,136 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2Nadr.sys
[2010/08/16 23:30:38 | 000,081,016 | ---- | C] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2BthF.sys
[2010/08/16 23:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\AhnLab
[2010/08/16 22:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/08/16 12:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\BITS
[2010/08/16 12:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\FlashGet
[2010/08/16 12:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\FlashGetBHO
[2010/08/16 12:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\FlashGet Network
[2010/08/16 09:52:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2010/08/16 09:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/16 09:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\PMB Files
[2010/08/16 09:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/16 09:48:54 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010/08/16 07:14:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/16 06:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/16 06:51:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/16 06:51:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/16 06:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/16 06:46:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/16 06:36:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/08/16 06:35:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/08/16 05:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/16 05:05:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/08/16 05:05:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\My Documents\My Videos
[2010/08/16 03:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/08/16 02:04:07 | 000,000,000 | ---D | C] -- C:\c86dea01e40c6ab80b
[2010/08/16 01:40:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nigel\IETldCache
[2010/08/16 01:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Media Player Classic
[2010/08/16 01:08:21 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/08/16 01:08:21 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/08/16 01:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/08/16 00:59:06 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/08/16 00:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/08/16 00:49:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/16 00:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\AdobeUM
[2010/08/16 00:48:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Adobe
[2010/08/16 00:47:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/08/16 00:47:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\My Documents\My eBooks
[2010/08/16 00:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/15 10:52:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/15 10:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/08/15 10:14:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/08/15 06:26:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/15 06:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/15 05:51:03 | 000,053,248 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAWIA.dll
[2010/08/15 04:13:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/08/15 04:03:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/15 04:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/15 03:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\My Documents\Ulead VideoStudio SE
[2010/08/15 03:42:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Ulead Systems
[2010/08/15 03:37:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010/08/15 03:36:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/08/15 03:34:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/08/15 03:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/08/15 03:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2010/08/15 03:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/15 03:08:44 | 000,242,139 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAMini.sys
[2010/08/15 03:08:43 | 000,653,988 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPin.sys
[2010/08/15 03:08:43 | 000,243,212 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkACamd.sys
[2010/08/15 03:08:43 | 000,018,754 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkASam.sys
[2010/08/15 03:08:42 | 000,061,440 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\StkATVAp.exe
[2010/08/15 03:08:42 | 000,049,152 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAProp.ax
[2010/08/15 03:08:42 | 000,045,056 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAVFW.dll
[2010/08/15 03:08:42 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAUSD.dll
[2010/08/15 03:08:42 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASv2K.exe
[2010/08/15 03:08:42 | 000,004,772 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkScan.sys
[2010/08/15 03:08:41 | 010,479,603 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPipe.sys
[2010/08/15 03:08:41 | 000,106,496 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\Stk1150.exe
[2010/08/15 03:08:41 | 000,024,576 | ---- | C] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASSrv.dll
[2010/08/14 23:28:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/08/14 23:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/08/14 23:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Mozilla
[2010/08/14 23:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Mozilla
[2010/08/14 23:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/14 21:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/08/14 21:06:32 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/08/14 21:05:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/08/14 20:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/08/14 20:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/14 19:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/14 19:47:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/08/14 19:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\Frontline Registry Cleaner
[2010/08/14 19:46:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/08/14 19:41:28 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/14 19:40:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/08/14 19:40:24 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/08/14 19:40:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/08/14 19:40:24 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/08/14 19:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/14 19:37:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/14 19:27:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/08/14 19:27:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Linksys_LLC_-_A_Division_
[2010/08/14 19:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/08/14 19:24:23 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/08/14 19:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/08/14 19:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/08/14 19:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/08/14 19:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/08/14 19:15:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/08/14 19:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/08/14 19:06:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/08/14 19:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/08/14 19:04:18 | 000,939,368 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\myflash.ocx
[2010/08/14 18:20:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/08/14 18:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Avira
[2010/08/14 16:36:29 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/14 16:36:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/14 16:36:23 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/14 16:33:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/14 16:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/14 16:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Sunbelt Software
[2010/08/14 16:31:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/14 16:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/14 16:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/08/14 16:27:35 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/08/14 16:27:33 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/08/14 16:27:33 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/08/14 16:27:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/08/14 16:27:33 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/08/14 16:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/08/14 16:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/08/14 16:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\BVRP Software
[2010/08/14 16:20:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\My Documents\Downloads
[2010/08/14 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Adobe
[2010/08/14 16:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Temp
[2010/08/14 16:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Google
[2010/08/14 16:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Macromedia
[2010/08/14 16:12:50 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nigel\Application Data\Gtek
[2010/08/14 16:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Jasc Software Inc
[2010/08/14 16:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Identities
[2010/08/14 16:12:49 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Nigel\Application Data\Microsoft
[2010/08/14 16:12:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nigel\SendTo
[2010/08/14 16:12:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Nigel\Application Data
[2010/08/14 16:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\Start Menu
[2010/08/14 16:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\My Documents\My Pictures
[2010/08/14 16:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\My Documents\My Music
[2010/08/14 16:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\My Documents
[2010/08/14 16:12:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Nigel\Favorites
[2010/08/14 16:12:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Nigel\Cookies
[2010/08/14 16:12:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nigel\Templates
[2010/08/14 16:12:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nigel\PrintHood
[2010/08/14 16:12:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nigel\NetHood
[2010/08/14 16:12:49 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Nigel\Local Settings
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Symantec
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Application Data\Sun
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\Microsoft
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\ApplicationHistory
[2010/08/14 16:12:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}
[2010/08/14 16:11:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2006/01/06 13:13:18 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Nigel\Desktop\OTL.exe
[2006/01/05 15:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\Flash
[2006/01/05 14:58:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Local Settings\Application Data\FlashDevelop
[2006/01/05 14:57:02 | 000,000,000 | ---D | C] -- C:\Program Files\FlashDevelop
[2006/01/05 14:55:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Nigel\Desktop\Flex
[2006/01/05 14:54:11 | 008,115,325 | ---- | C] (FlashDevelop.org) -- C:\Documents and Settings\Nigel\Desktop\FlashDevelop-3.2.2-RTM.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/02 21:23:01 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006UA.job
[2010/09/02 16:23:06 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006Core.job
[2010/09/02 09:19:36 | 000,000,781 | ---- | M] () -- C:\Documents and Settings\Nigel\Desktop\Shortcut to Minecraft.lnk
[2010/08/31 16:34:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/08/30 16:37:01 | 000,185,737 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/08/29 23:43:52 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/08/29 17:13:07 | 003,638,528 | -H-- | M] () -- C:\Documents and Settings\Nigel\Local Settings\Application Data\IconCache.db
[2010/08/28 19:26:36 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010/08/25 18:11:14 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Nigel\.appletviewer
[2010/08/25 00:28:39 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/24 19:29:13 | 000,061,624 | ---- | M] () -- C:\Documents and Settings\Nigel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/08/23 21:42:31 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/23 06:52:01 | 000,420,801 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/21 22:46:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/08/20 21:27:12 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/16 22:37:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/16 14:59:14 | 000,000,891 | ---- | M] () -- C:\WINDOWS\System32\secushr.dat
[2010/08/16 12:09:37 | 000,000,025 | ---- | M] () -- C:\WINDOWS\libem.INI
[2010/08/16 07:14:54 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/16 06:45:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/16 05:05:56 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Nigel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 01:40:22 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/16 01:08:28 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2010/08/16 00:59:08 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2010/08/15 10:21:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Nigel\ipconfig
[2010/08/14 23:17:23 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/14 21:21:35 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/14 19:47:54 | 000,000,436 | ---- | M] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Nigel.job
[2010/08/14 19:44:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/14 19:41:32 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/14 18:20:36 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2010/08/14 16:36:22 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/14 16:34:11 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/14 16:31:56 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/14 16:12:03 | 000,000,239 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/14 16:11:59 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/08/14 16:11:51 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/14 05:09:44 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/12 03:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/12 03:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2010/07/12 03:55:39 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/07/12 03:55:38 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/06/08 11:10:50 | 000,790,528 | ---- | M] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/08 11:10:50 | 000,134,144 | ---- | M] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/04/26 14:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/03/15 04:31:50 | 000,165,376 | ---- | M] () -- C:\WINDOWS\System32\unrar.dll
[2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/02/22 17:12:32 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2010/01/17 10:18:08 | 000,151,552 | ---- | M] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/11/21 10:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/25 05:11:34 | 000,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/07 04:05:00 | 000,141,176 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2kfNT.sys
[2009/10/07 04:05:00 | 000,086,136 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2Nadr.sys
[2009/10/07 04:05:00 | 000,081,016 | ---- | M] (AhnLab, Inc.) -- C:\WINDOWS\System32\drivers\Mkd2BthF.sys
[2009/05/11 11:49:28 | 000,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/05/11 11:49:28 | 000,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/04/20 11:56:28 | 000,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/03/18 14:58:50 | 000,939,368 | R--- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\myflash.ocx
[2009/02/12 21:20:42 | 000,005,630 | ---- | M] () -- C:\WINDOWS\System32\IE8Eula.rtf
[2009/01/09 14:19:28 | 001,089,593 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/01/07 17:20:36 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls
[2009/01/07 17:20:36 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls
[2009/01/07 17:20:36 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls
[2009/01/07 17:20:36 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls
[2009/01/07 17:20:36 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls
[2009/01/07 17:20:20 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
[2009/01/07 17:20:20 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
[2008/04/13 19:25:26 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\dcache.bin
[2008/04/13 19:12:42 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2008/04/13 19:12:42 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
[2008/04/13 19:12:04 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
[2008/04/13 19:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\System32\qedit.dll
[2008/04/13 19:12:03 | 000,386,048 | ---- | M] () -- C:\WINDOWS\System32\qdvd.dll
[2008/04/13 19:12:03 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\qdv.dll
[2008/04/13 19:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\qcap.dll
[2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll
[2008/04/13 19:11:56 | 000,035,328 | ---- | M] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/04/13 19:11:53 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll
[2008/04/13 19:11:52 | 000,498,742 | ---- | M] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/04/13 19:11:51 | 000,252,928 | ---- | M] () -- C:\WINDOWS\System32\compatui.dll
[2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\devenum.dll
[2008/04/13 19:11:49 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll
[2008/04/13 19:10:34 | 000,175,104 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/04/13 19:10:08 | 000,844,314 | ---- | M] () -- C:\WINDOWS\System32\msdxm.ocx
[2008/04/13 19:10:08 | 000,004,126 | ---- | M] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/04/13 19:09:39 | 013,463,552 | ---- | M] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/04/13 19:09:05 | 000,173,568 | ---- | M] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/04/13 12:26:09 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp
[2008/04/13 12:21:32 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/02/29 04:09:58 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls
[2008/01/21 22:20:52 | 000,000,997 | ---- | M] () -- C:\WINDOWS\hpwmdl19.dat
[2007/09/17 03:48:10 | 000,001,261 | ---- | M] () -- C:\WINDOWS\System32\pid.inf
[2007/07/10 11:10:12 | 000,000,547 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/04/02 07:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2006/12/29 13:08:31 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls
[2006/11/15 16:32:44 | 000,242,139 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAMini.sys
[2006/11/15 16:32:26 | 000,243,212 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkACamd.sys
[2006/11/15 16:32:14 | 000,653,988 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPin.sys
[2006/11/15 16:31:50 | 000,018,754 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkASam.sys
[2006/06/27 17:27:18 | 000,004,772 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkScan.sys
[2006/06/09 21:30:16 | 000,061,440 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\StkATVAp.exe
[2006/05/24 22:14:56 | 000,049,152 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAProp.ax
[2006/05/23 22:49:14 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASv2K.exe
[2006/05/23 22:48:56 | 000,053,248 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAWIA.dll
[2006/05/23 22:48:56 | 000,045,056 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAVFW.dll
[2006/05/23 22:48:48 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkAUSD.dll
[2006/05/23 22:48:02 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\StkASSrv.dll
[2006/05/23 22:47:48 | 000,106,496 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\Stk1150.exe
[2006/02/09 17:07:12 | 010,479,603 | ---- | M] (Syntek America Inc.) -- C:\WINDOWS\System32\drivers\StkAPipe.sys
[2006/01/06 13:13:22 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Nigel\Desktop\OTL.exe
[2006/01/06 11:54:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2006/01/06 11:51:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2006/01/06 11:51:41 | 534,827,008 | -HS- | M] () -- C:\hiberfil.sys
[2006/01/06 11:51:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2006/01/06 09:51:19 | 008,388,608 | -H-- | M] () -- C:\Documents and Settings\Nigel\NTUSER.DAT
[2006/01/06 09:51:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Nigel\ntuser.ini
[2006/01/05 19:18:15 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Nigel\mm.cfg
[2006/01/05 14:57:36 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FlashDevelop.lnk
[2006/01/05 14:57:35 | 000,001,650 | ---- | M] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashDevelop.lnk
[2006/01/05 14:55:03 | 008,115,325 | ---- | M] (FlashDevelop.org) -- C:\Documents and Settings\Nigel\Desktop\FlashDevelop-3.2.2-RTM.exe
[2006/01/05 14:47:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Nigel\Desktop\Adobe Flash Professional CS5.lnk
[2006/01/04 23:03:24 | 000,603,980 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2006/01/04 23:03:24 | 000,503,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/04 23:03:24 | 000,088,018 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/04 23:00:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/02 09:19:36 | 000,000,781 | ---- | C] () -- C:\Documents and Settings\Nigel\Desktop\Shortcut to Minecraft.lnk
[2010/08/30 16:34:32 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/30 16:34:31 | 000,185,737 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/08/30 16:34:31 | 000,000,997 | ---- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2010/08/29 23:43:51 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 7.lnk
[2010/08/28 19:26:36 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2010/08/25 18:11:14 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Nigel\.appletviewer
[2010/08/23 22:54:29 | 000,217,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-4234480032-1940963223-1519933361-1006-0.dat
[2010/08/23 22:54:28 | 000,181,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/23 21:42:31 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/08/21 22:46:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/08/21 22:46:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/08/16 12:11:09 | 000,000,891 | ---- | C] () -- C:\WINDOWS\System32\secushr.dat
[2010/08/16 12:09:37 | 000,000,025 | ---- | C] () -- C:\WINDOWS\libem.INI
[2010/08/16 11:49:43 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2010/08/16 11:49:43 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/16 11:49:43 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2010/08/16 11:49:43 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2010/08/16 11:49:37 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2010/08/16 11:49:37 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2010/08/16 11:49:36 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2010/08/16 11:49:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2010/08/16 11:49:36 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2010/08/16 11:49:36 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2010/08/16 11:49:36 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2010/08/16 11:49:36 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2010/08/16 11:49:36 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2010/08/16 11:49:36 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2010/08/16 11:49:36 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2010/08/16 11:49:36 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2010/08/16 11:49:35 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/08/16 11:49:35 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2010/08/16 11:49:35 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/08/16 11:49:35 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2010/08/16 11:49:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2010/08/16 11:49:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2010/08/16 11:49:35 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2010/08/16 11:49:34 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/08/16 11:49:34 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2010/08/16 11:49:34 | 000,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2010/08/16 11:49:34 | 000,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2010/08/16 11:49:33 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2010/08/16 11:49:33 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2010/08/16 11:49:33 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2010/08/16 11:49:33 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2010/08/16 11:49:33 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/08/16 11:49:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/08/16 11:49:32 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2010/08/16 11:49:32 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2010/08/16 11:49:32 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/08/16 11:49:31 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/16 11:49:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/16 11:49:27 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/08/16 11:49:27 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2010/08/16 11:49:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/08/16 11:49:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2010/08/16 11:49:27 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\ksc.nls
[2010/08/16 11:49:27 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/08/16 11:49:13 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/08/16 11:49:13 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2010/08/16 11:49:13 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/08/16 11:49:13 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2010/08/16 11:49:13 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/08/16 11:49:13 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2010/08/16 11:49:13 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/08/16 11:49:13 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2010/08/16 11:49:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/08/16 11:49:13 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2010/08/16 11:49:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/08/16 11:49:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2010/08/16 11:49:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/08/16 11:49:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2010/08/16 11:49:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2010/08/16 11:49:12 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/08/16 01:08:28 | 000,000,944 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic.lnk
[2010/08/16 01:08:25 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/08/16 01:08:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/08/16 01:08:20 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/08/16 01:08:20 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/08/16 01:08:20 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/08/16 01:08:19 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/08/16 00:59:08 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Player Classic - Home Cinema.lnk
[2010/08/16 00:58:41 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Nigel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/15 10:21:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Nigel\ipconfig
[2010/08/15 05:26:59 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/15 05:26:34 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/08/15 05:26:34 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/08/15 05:26:33 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/08/15 05:26:30 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/15 05:26:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/08/15 05:26:17 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/08/15 05:25:36 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/08/15 05:25:15 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/08/14 23:17:23 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/08/14 21:21:35 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/08/14 21:20:18 | 000,420,801 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/08/14 19:47:53 | 000,000,436 | ---- | C] () -- C:\WINDOWS\tasks\FrontLine Registry Cleaner Scheduled Scan - Nigel.job
[2010/08/14 19:41:32 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/14 19:41:30 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/14 19:40:24 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/08/14 19:40:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/08/14 19:40:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/08/14 19:40:24 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/08/14 19:40:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/08/14 18:20:36 | 000,004,128 | ---- | C] () -- C:\INFCACHE.1
[2010/08/14 17:11:58 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/14 16:37:36 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/14 16:34:11 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/14 16:31:56 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/08/14 16:23:38 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Nigel\LuResult.txt
[2010/08/14 16:19:19 | 000,002,262 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/14 16:18:14 | 000,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006UA.job
[2010/08/14 16:18:14 | 000,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006Core.job
[2010/08/14 16:13:01 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Musicmatch Jukebox.lnk
[2010/08/14 16:13:01 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/14 16:13:01 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2010/08/14 16:13:01 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\America Online 9.0.lnk
[2010/08/14 16:13:01 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/14 16:12:49 | 008,388,608 | -H-- | C] () -- C:\Documents and Settings\Nigel\NTUSER.DAT
[2010/08/14 16:12:49 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Nigel\ntuser.dat.LOG
[2010/08/14 16:12:49 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Nigel\ntuser.ini
[2010/08/14 16:11:59 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/08/14 16:11:59 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/08/14 05:09:44 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/11/27 12:11:44 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/02/12 21:20:42 | 000,005,630 | ---- | C] () -- C:\WINDOWS\System32\IE8Eula.rtf
[2009/01/07 17:20:36 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2009/01/07 17:20:36 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2009/01/07 17:20:36 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2009/01/07 17:20:36 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2009/01/07 17:20:36 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2009/01/07 17:20:20 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2009/01/07 17:20:20 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006/01/05 14:58:51 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Nigel\mm.cfg
[2006/01/05 14:57:36 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FlashDevelop.lnk
[2006/01/05 14:57:34 | 000,001,650 | ---- | C] () -- C:\Documents and Settings\Nigel\Application Data\Microsoft\Internet Explorer\Quick Launch\FlashDevelop.lnk
[2006/01/05 14:47:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Nigel\Desktop\Adobe Flash Professional CS5.lnk
[2005/07/08 03:13:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/08 03:04:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/08 02:36:50 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/07/08 02:36:32 | 000,000,375 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/01/28 08:08:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2010/08/14 19:47:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FrontLine Registry Cleaner
[2010/08/14 19:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/08/16 22:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2010/08/16 09:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/08/16 09:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/08/29 23:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2010/08/15 03:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2005/07/08 03:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/14 19:24:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/08/14 16:32:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
[2010/08/15 06:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Family\Application Data\Ulead Systems
[2010/08/28 19:39:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\.minecraft
[2010/08/16 12:24:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\BITS
[2010/08/25 19:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\Dev-Cpp
[2010/08/16 12:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\FlashGet
[2010/08/16 12:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\FlashGetBHO
[2010/08/28 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\IObit
[2010/08/23 05:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/08/15 03:53:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Nigel\Application Data\Ulead Systems
[2006/01/06 11:54:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/14 19:47:54 | 000,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\FrontLine Registry Cleaner Scheduled Scan - Nigel.job

========== Purity Check ==========


< End of report >

Rootkit Unhooker Log

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF82D8000 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 1302528 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF8156000 C:\WINDOWS\system32\DRIVERS\IntelC51.sys 1208320 bytes (Intel Corporation, Modem DSP Driver)
0xBF077000 C:\WINDOWS\System32\ialmdd5.DLL 925696 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0xF7F70000 C:\WINDOWS\system32\drivers\senfilt.sys 733184 bytes (Creative Technology Ltd., Creative WDM Audio Driver)
0xF80C1000 C:\WINDOWS\system32\DRIVERS\IntelC52.sys 610304 bytes (Intel Corporation, Modem CP Driver)
0xF84B6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEF2A0000 C:\WINDOWS\System32\vsdatant.sys 528384 bytes (Check Point Software Technologies LTD, ZoneAlarm Firewalling Driver)
0xEF1BB000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7545000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEF349000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEE545000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEE004000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF8047000 C:\WINDOWS\system32\drivers\smwdm.sys 262144 bytes (Analog Devices, Inc., SoundMAX Integrated Digital Audio )
0xBF042000 C:\WINDOWS\System32\ialmdev5.DLL 217088 bytes (Intel Corporation, Component GHAL Driver)
0xF85E9000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xEE934000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF8489000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xEDD7E000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEF253000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF321000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF809B000 C:\WINDOWS\system32\DRIVERS\e100b325.sys 155648 bytes (Intel Corporation, Intel® PRO/100 Adapter NDIS 5.1 driver)
0xEF195000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF8023000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF82A0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF827D000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF27E000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xEF173000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 139264 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xBF020000 C:\WINDOWS\System32\ialmdnt5.dll 139264 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF8581000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF85B9000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF846F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEEFAF000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xEEF96000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xF85A1000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEF133000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF8543000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF7F21000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEEFC8000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xEF006000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xF855A000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xEEB49000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF8087000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF82C4000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF3A2000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF856F000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF85D8000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF7F10000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF87C8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF8868000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF8848000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF8888000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF8828000 C:\WINDOWS\system32\DRIVERS\IntelC53.sys 61440 bytes (Intel Corporation, Modem AFE Driver)
0xF8688000 Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0xF8878000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEEC96000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF86F8000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xBF012000 C:\WINDOWS\System32\ialmrnt5.dll 57344 bytes (Intel Corporation, Controller Hub for Intel Graphics Driver)
0xF8678000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF8838000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF8898000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF8658000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF86A8000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF8738000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF8858000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF8648000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF88A8000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF8778000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xF8638000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF86D8000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF86C8000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF8668000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF87A8000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF8818000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF86B8000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF8728000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xEEDC6000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF8788000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8758000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF89A8000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF8A18000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF8998000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF89B0000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF8A30000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF88B8000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF8918000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xF89B8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF89A0000 C:\WINDOWS\system32\DRIVERS\mohfilt.sys 24576 bytes (Intel Corporation, Filter Driver to Support Modem-on-Hold)
0xF89E0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF8A20000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF8A00000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xF8990000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF8A08000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF89D8000 C:\WINDOWS\system32\DRIVERS\wanatw4.sys 24576 bytes (America Online, Inc., Wan Miniport (ATW))
0xF89F0000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF8A10000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF88C0000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF8948000 C:\WINDOWS\system32\DRIVERS\pnarp.sys 20480 bytes (Cisco Systems, Inc., Address Resolution Protocol Driver)
0xF89C8000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF8950000 C:\WINDOWS\system32\DRIVERS\purendis.sys 20480 bytes (Cisco Systems, Inc., NDIS Relay Driver)
0xF88C8000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF89D0000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF89C0000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF88E8000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF8416000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF8B28000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEF002000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF8B08000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xEF06F000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8A48000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEF3E5000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF8B10000 C:\WINDOWS\system32\DRIVERS\fsvga.sys 12288 bytes (Microsoft Corporation, Full Screen Video Driver)
0xF74A1000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xF8AD0000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF749D000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF8B14000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF8AD8000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF8BF2000 C:\WINDOWS\System32\Drivers\ASCTRM.SYS 8192 bytes (Windows ® 2000 DDK provider, TR Manager)
0xF8B72000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF8B62000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF8B88000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF8B60000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF8B3C000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xF8B38000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF8B64000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF8B66000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF8B58000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xF8B5C000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF8BC0000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8B5E000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF8B3A000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF8C4A000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF8C8B000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF8C2F000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF8C00000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF8CAD000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xF8CAC000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================



#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 04 September 2010 - 01:03 PM

Hi, I see you have also ran Combofix. Can you please post me the log; you will find it at c:\log.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 04 September 2010 - 04:34 PM

ComboFix 10-08-14.02 - Nigel 08/14/2010 20:42:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.254 [GMT -4:00]
Running from: c:\documents and settings\Nigel\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Nigel\Desktop\cfscript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\program files\AdvancedVirusRemover\PAVRM.exe"
"c:\windows\system32\AVR09.exe"
"c:\windows\system32\winhelper.dll"
"c:\windows\system32\winupdate.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bszip.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 00:27 . 2010-08-15 00:27 -------- d-----w- c:\windows\system32\LogFiles
2010-08-15 00:27 . 2010-08-15 00:27 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Linksys_LLC_-_A_Division_
2010-08-15 00:26 . 2010-08-15 00:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Linksys
2010-08-15 00:24 . 2010-08-15 00:24 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
2010-08-15 00:24 . 2009-05-21 21:29 2833072 -c--a-w- c:\documents and settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}\setup.exe
2010-08-15 00:21 . 2010-08-15 00:21 -------- d-----w- c:\program files\Linksys
2010-08-15 00:20 . 2010-08-15 00:20 -------- d-----w- c:\program files\WebEx
2010-08-15 00:19 . 2010-08-15 00:19 -------- d-----w- c:\program files\MSBuild
2010-08-15 00:19 . 2010-08-15 00:19 103464 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-08-15 00:15 . 2010-08-15 00:15 -------- d-----w- c:\windows\system32\XPSViewer
2010-08-15 00:13 . 2010-08-15 00:13 -------- d-----w- c:\program files\Reference Assemblies
2010-08-15 00:12 . 2006-10-14 20:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-15 00:12 . 2006-06-29 17:07 14048 ------w- c:\windows\system32\spmsg2.dll
2010-08-15 00:07 . 2006-10-16 20:10 23856 ----a-w- c:\windows\system32\spupdsvc.exe
2010-08-14 21:36 . 2010-07-12 08:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-14 21:36 . 2010-08-14 21:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-14 21:33 . 2010-08-14 23:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-08-14 21:33 . 2010-08-14 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-14 21:32 . 2010-08-14 21:32 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Sunbelt Software
2010-08-14 21:31 . 2010-08-14 21:32 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-08-14 21:31 . 2010-07-12 08:56 2979280 -c--a-w- c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-08-14 21:30 . 2010-08-14 21:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-14 21:30 . 2010-08-14 21:30 -------- d-----w- c:\program files\Lavasoft
2010-08-14 21:27 . 2010-08-14 21:27 -------- d-----w- c:\program files\Avira
2010-08-14 21:27 . 2010-08-14 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-14 21:27 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-14 21:27 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-14 21:27 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-14 21:27 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-14 21:22 . 2010-08-14 21:22 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\BVRP Software
2010-08-14 21:18 . 2010-08-14 21:18 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Temp
2010-08-14 21:18 . 2010-08-14 21:18 -------- d-----w- c:\documents and settings\Nigel\Local Settings\Application Data\Google
2010-08-14 10:09 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-08-14 10:09 . 2001-08-17 19:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 00:06 . 2010-08-15 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2010-08-15 00:06 . 2010-08-15 00:06 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2010-08-15 00:06 . 2005-07-08 07:53 -------- d-----w- c:\program files\Java
2010-08-14 23:13 . 2010-08-14 23:13 -------- d-----w- c:\documents and settings\Nigel\Application Data\Avira
2010-08-14 22:11 . 2010-08-14 22:11 108 ---ha-w- C:\aaw7boot.cmd
2010-08-14 21:38 . 2005-07-08 08:05 -------- d-----w- c:\program files\Symantec
2010-08-14 21:38 . 2005-07-08 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-08-14 21:38 . 2005-07-08 08:05 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-12 08:55 . 2010-08-14 22:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"Google Update"="c:\documents and settings\Nigel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-08-14 136176]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-01-23 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-07-08 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-08 98304]
"QBReminderFlash"="c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe" [2004-11-11 26112]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"BuildBU"="c:\dell\bldbubg.exe" [2005-07-08 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2005-7-8 156784]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/14/2010 5:36 PM 64288]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/14/2010 5:27 PM 135336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/12/2010 4:55 AM 1355416]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/14/2010 5:36 PM 15008]
S2 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [11/13/2008 3:43 PM 204800]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLR_OPTIMIZATION_V2.0.50727_32
*NewlyCreated* - FONTCACHE3.0.0.0
*NewlyCreated* - HTTPFILTER
*NewlyCreated* - LINKSYSUPDATER
*NewlyCreated* - NMSERVICE
*NewlyCreated* - PNARP
*NewlyCreated* - PURENDIS
.
Contents of the 'Scheduled Tasks' folder

2010-08-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 21:36]

2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006Core.job
- c:\documents and settings\Nigel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-14 21:18]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4234480032-1940963223-1519933361-1006UA.job
- c:\documents and settings\Nigel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-14 21:18]

2010-08-14 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 10:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.dell4me.com/myway
mStart Page = hxxp://www.dell4me.com/myway
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-14 20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-08-14 20:46:45
ComboFix-quarantined-files.txt 2010-08-15 00:46

Pre-Run: 67,229,507,584 bytes free
Post-Run: 67,213,803,520 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 5801668B61C40A284590FDEF1D72FD3B


#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 05 September 2010 - 01:59 AM

Could you please let me know who instructed you to run this script? Its not a good idea to create CFscripts on your own unless you know what you are doing; script away the wrong files, and your computer might not start up again.

How are you connecting to the internet? If you use a router, please reset it and let me know if that takes care of the redirects.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 05 September 2010 - 10:16 AM

I did not run it. One of my cousins was in town for the week, he works as a software engineer for a company I am not allowed to name, he ran it. I connect via router. I will reset it and see what happens. Ill update this post later.

#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 05 September 2010 - 11:46 AM

Okay, please take your time. smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 OfficialNigel

OfficialNigel
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:24 AM

Posted 06 September 2010 - 11:06 AM

It disappeared for FF and after another restart it was no longer in Chrome. I haven't tried IE because I haven't even looked at it in months. Thank you very much it seems like everything is fine again, now I have to re do all my wireless security settings, not looking forward to that sad.gif Do you have any more information on what was wrong?

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 06 September 2010 - 11:41 AM

Hi, routers are often targeted by malware lately. More information here

For now some scanning/updating in order. smile.gif

MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:24 AM

Posted 13 September 2010 - 03:27 AM

Hi, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users