Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antimalware Doctor and/or other?


  • This topic is locked This topic is locked
20 replies to this topic

#1 Tippaporn

Tippaporn

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 21 August 2010 - 02:39 PM

Hi,

I wish I could post the DDS and GMER logs but both programs failed. DDS never opened the DOS window and immediately posted a text file of gibberish. The

only readable text states: This program cannot be run in DOS mode. GMER initialized but scanning would force a reboot. I've tried several times. During

the initial GMER scan when I first open the program there are items listed, but I cannot save even this. I've noticed some .exe items listed which reside

in the system32 folder. I attempted to navigate there using windows explorer. As I opened the system32 folder explorer locked up, as did the entire

computer.

Not sure what I have but it's nasty. It was originally Antimalware Doctor. I removed it with Malwarebytes. I then ran Spybot S&D, which found Virtumode.

Supposedly deleted about 3 items it found, forced a reboot and rescanned. I then ran Malwarebytes again and it found more. Ran Super Antispyware and it

claimed that Antimalware Doctor was still present.

I use Google Chrome and am being redirected sporadically. Some sites lock up. Windows Updates has been inaccessible.

Other effects: I am on wireless for Internet and the connection has been shut down several times. In other words, upon rebooting I no longer have my

network connection available. I lost my Skype icon in the system tray once. I clicked on Skype.exe to open it and it started the installation process. It

was as if Skype had been uninstalled. I am the only one on the is computer and I know I didn't uninstall Skype. I use AVG 9.0 free and noticed it's icon

missing in the system tray. Other times I have momentarily stepped away from the computer and come back to find only my background desktop photo visible.

Shortcuts all gone, taskbar inaccessible, and I cannot bring up windows task manager.

Since scanning with Malwarebytes, Spybot S&D, Ad-Aware, Super Antispyware and AVG I still receive multiple threat alerts from AVG. Following are some of

the items moved to the vault in the past days, starting in earnest on the 18th (some items it says are inaccessible):

[attachment=70168:AVG_Viru...Contents.jpg]

I'll keep trying GMER and will post if I am able. I can produce an HJT log file, though.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:13:38 PM, on 8/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\AutoHook2002\AHook2002.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\DOCUME~1\pete\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN\Toolbar\3.0.0988.2\msntask.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All

Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: CacherBHO - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant .exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: AHook2002.lnk = C:\Program Files\AutoHook2002\AHook2002.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0

\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet

Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: PackageCab - http://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -

http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -

http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://apps.devilsheadresort.com/snowcam/AxisCamControl.ocx
O16 - DPF: {A8C54382-6C1A-4133-BA27-EF67C72E0FC3} - https://na6.salesforce.com/setup/outlook/setups2/install.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://advancedmeetings.webex.com/client/T...bex/ieatgpc.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32

\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common

Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17958 bytes


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 27 August 2010 - 08:07 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 August 2010 - 10:21 AM

Hi M0le,

Thanks for your help. I'm ready anytime you are. smile.gif

Tip

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 28 August 2010 - 04:43 PM

Sounds like you don't have a lot of userbility.

Can you run OTL
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#5 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 August 2010 - 06:22 PM

Hey M0le,

Up kind of late?

Here's the OTL.txt:


OTL logfile created on: 8/28/2010 5:40:31 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\pete\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 9.95 Gb Free Space | 18.88% Space Free | Partition Type: FAT32
Drive D: | 111.76 Gb Total Space | 81.93 Gb Free Space | 73.31% Space Free | Partition Type: FAT32
Drive E: | 53.20 Gb Total Space | 39.38 Gb Free Space | 74.01% Space Free | Partition Type: FAT32
Drive F: | 1397.26 Gb Total Space | 872.59 Gb Free Space | 62.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STS_DEMO
Current User Name: pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\pete\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\pete\Local Settings\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Prevx\prevx.exe (Prevx)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG9\avgtray .exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\Unlocker\UnlockerAssistant .exe ()
PRC - C:\Program Files\FileZilla Server\FileZilla server.exe (FileZilla Project)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Program Files\Google\Gmail Notifier\gnotify .exe (Google Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\SpywareGuard\sgmain.exe ()
PRC - C:\Program Files\SpywareGuard\sgbhp.exe ()
PRC - C:\Program Files\AutoHook2002\AHook2002.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\pete\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Unlocker\UnlockerHook.dll ()
MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech)
MOD - C:\WINDOWS\system32\sysenv.dll (HiTRUST)
MOD - C:\WINDOWS\system32\MSNChatHook.dll (HiTRUST)
MOD - C:\WINDOWS\system32\CryptoAPI.dll (HiTRUST)
MOD - C:\WINDOWS\system32\MFC71u.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\MFC71ENU.DLL (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Symantec Core LC) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe File not found
SRV - (CSIScanner) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (ReflectService) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (FileZilla Server) -- C:\Program Files\FileZilla Server\FileZilla Server.exe (FileZilla Project)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (Acer Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)


========== Driver Services (SafeList) ==========

DRV - (upperdev) -- C:\WINDOWS\System32\DRIVERS\usbser_lowerflt.sys File not found
DRV - (UIUSys) -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (MEMSWEEP2) -- C:\WINDOWS\System32\42.tmp File not found
DRV - (DS1410D) -- C:\WINDOWS\System32\drivers\DS1410D.SYS File not found
DRV - (aksusb) -- C:\WINDOWS\System32\DRIVERS\aksusb.sys File not found
DRV - (akshhl) -- C:\WINDOWS\System32\DRIVERS\akshhl.sys File not found
DRV - (akshasp) -- C:\WINDOWS\System32\DRIVERS\akshasp.sys File not found
DRV - (pxsec) -- C:\WINDOWS\System32\drivers\pxsec.sys (Prevx)
DRV - (pxscan) -- C:\WINDOWS\System32\drivers\pxscan.sys (Prevx)
DRV - (oxltaosp) -- C:\WINDOWS\System32\drivers\oxltaosp.sys ()
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (afcdp) -- C:\WINDOWS\system32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\WINDOWS\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pssnap) -- C:\WINDOWS\system32\DRIVERS\pssnap.sys (Macrium Software)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (CEUSBAUD) -- C:\WINDOWS\system32\drivers\ceusbaud.sys (CEntrance, Inc.)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (aksfridge) -- C:\WINDOWS\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (Haspnt) -- C:\WINDOWS\system32\drivers\Haspnt.sys (Aladdin Knowledge Systems)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - ({95808DC4-FA4A-4c74-92FE-5B863F82066B}) -- C:\Program Files\CyberLink\PowerDVD\000.fcl (Cyberlink Corp.)
DRV - (tvicport) -- C:\WINDOWS\system32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (int15) -- C:\WINDOWS\system32\drivers\int15.sys ()
DRV - (zntport) -- C:\WINDOWS\system32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (psdfilter) -- C:\WINDOWS\system32\drivers\psdfilter.sys (HiTRUST)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (lv321av) Logitech USB PC Camera (VC0321) -- C:\WINDOWS\system32\drivers\lv321av.sys (Logitech)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (psdvdisk) -- C:\WINDOWS\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (AVerM115) -- C:\WINDOWS\system32\drivers\AVerM115.sys (AVerMedia Technologies, Inc. )
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTSERIAL) -- C:\WINDOWS\system32\drivers\btserial.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (dk2drv) -- C:\WINDOWS\system32\drivers\dk2drv.sys (Data Encryption Systems Limited)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (DK2USB) -- C:\WINDOWS\system32\drivers\DK2USB.sys (Data Encryption Systems Limited)
DRV - (dkpccard) -- C:\WINDOWS\system32\drivers\dkpccard.sys (Data Encryption Systems Limited)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (tifm21) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (EpmShd) -- C:\WINDOWS\system32\drivers\epm-shd.sys (Acer Value Labs, USA)
DRV - (EpmPsd) -- C:\WINDOWS\system32\drivers\epm-psd.sys (Acer Value Labs, USA)
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)
DRV - (DKbFltr) -- C:\WINDOWS\system32\drivers\DKbFltr.SYS (Dritek System Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/21 03:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/01/28 14:26:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{9C218CF8-94C5-414D-B53A-AE29C204115A}: C:\Documents and Settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A} [2010/08/19 17:01:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/07/26 01:34:44 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/08/18 21:22:12 | 000,416,826 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14388 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CatcherBHO Class) - {9B4DF450-DCC7-4B07-935D-0CD757A64583} - C:\Program Files\Moyea\YouTube FLV Downloader\MoyeaCatcher.dll (Moyea Software Co., Ltd.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Program Files\myBabylon_English\tbmyB1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant .exe ()
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AHook2002.lnk = C:\Program Files\AutoHook2002\AHook2002.exe ()
O4 - Startup: C:\Documents and Settings\pete\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\pete\Start Menu\Programs\Startup\gnotify .exe.lnk = C:\Program Files\Google\Gmail Notifier\gnotify .exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\pete\Start Menu\Programs\Startup\TeaTimer.lnk = C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\pete\Start Menu\Programs\Startup\AVG Tray.lnk = C:\Program Files\AVG\AVG9\avgtray .exe (AVG Technologies CZ, s.r.o.)
O4 - Startup: C:\Documents and Settings\pete\Start Menu\Programs\Startup\UnlockerAssistant .exe.lnk = C:\Program Files\Unlocker\UnlockerAssistant .exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\Msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://apps.devilsheadresort.com/snowcam/AxisCamControl.ocx (CamImage Class)
O16 - DPF: {A8C54382-6C1A-4133-BA27-EF67C72E0FC3} https://na6.salesforce.com/setup/outlook/setups2/install.cab (Reg Error: Key error.)
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Create & Print ActiveX Plug-in)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://advancedmeetings.webex.com/client/T...bex/ieatgpc.cab (GpcContainer Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://www.imgag.com/cp/install/AxCtp2.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\pete\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/27 10:51:24 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/03/27 13:59:36 | 000,000,000 | ---D | M] - E:\AutoCAD Temporary Files -- [ FAT32 ]
O33 - MountPoints2\{852089fc-4ec0-11df-a50c-001302cf2ced}\Shell - "" = AutoRun
O33 - MountPoints2\{852089fc-4ec0-11df-a50c-001302cf2ced}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{852089fc-4ec0-11df-a50c-001302cf2ced}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2010/07/27 01:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{852089fc-4ec0-11df-a50c-001302cf2ced}\Shell\explOre\cOmmANd - "" = SYSTEM.EXE
O33 - MountPoints2\{852089fc-4ec0-11df-a50c-001302cf2ced}\Shell\OpeN\coMmand - "" = SYSTEM.EXE
O33 - MountPoints2\{b8d0ec5d-9c78-11dd-a466-00a0d1a028cc}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d0ec5d-9c78-11dd-a466-00a0d1a028cc}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b8d0ec5d-9c78-11dd-a466-00a0d1a028cc}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\shell32.dll -- [2010/07/27 01:30:36 | 008,462,336 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{b8d0ec5d-9c78-11dd-a466-00a0d1a028cc}\Shell\explOre\cOmmANd - "" = SYSTEM.EXE
O33 - MountPoints2\{b8d0ec5d-9c78-11dd-a466-00a0d1a028cc}\Shell\OpeN\coMmand - "" = SYSTEM.EXE
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/28 17:39:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\pete\Desktop\OTL.exe
[2010/08/28 10:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Application Data\Mozilla
[2010/08/25 01:01:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\pete\Recent
[2010/08/23 07:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\Babylon
[2010/08/23 07:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/23 07:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Application Data\Babylon
[2010/08/22 19:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/08/22 19:21:27 | 000,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2010/08/22 19:21:27 | 000,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/08/22 19:21:26 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2010/08/22 19:21:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2010/08/22 18:39:34 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/08/22 13:33:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/22 13:33:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/22 09:27:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\DoctorWeb
[2010/08/21 20:02:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Desktop\Skype File Downloads
[2010/08/21 19:28:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/21 19:09:38 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/08/21 15:05:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\PCHealth
[2010/08/21 14:58:37 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/21 14:12:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/08/21 12:14:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Desktop\Bleeping Computer
[2010/08/21 11:09:36 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/21 11:09:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/21 11:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/08/20 21:59:58 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/20 17:20:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/08/20 15:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2010/08/20 15:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/20 15:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\Sunbelt Software
[2010/08/19 17:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}
[2010/08/19 17:00:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\roevkdgma
[2010/08/19 06:04:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Moyea
[2010/08/18 19:42:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/18 19:42:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\odlujnogk
[2010/08/18 19:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/18 19:42:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\sduujeowi
[2010/08/18 19:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Local Settings\Application Data\Windows Server
[2010/08/17 04:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/08/16 13:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\My Documents\SafeNet Sentinel
[2010/08/15 18:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\My Documents\New Folder
[2010/08/06 10:23:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Application Data\Yahoo!
[2010/08/05 11:42:02 | 000,086,683 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/08/05 11:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\AoA Audio Extractor
[2010/08/05 11:40:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\My Documents\Moyea
[2010/08/05 11:37:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\pete\Application Data\Moyea
[2010/08/05 11:36:46 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
[2010/07/31 06:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\RAR Password Recovery Magic
[2006/02/22 11:20:14 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[77 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/28 17:42:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\Updater.job
[2010/08/28 17:36:42 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\pete\Desktop\OTL.exe
[2010/08/28 16:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/08/28 15:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/08/28 14:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/08/28 13:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/08/28 13:18:46 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\pete\My Documents\spider.sav
[2010/08/28 13:16:12 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/28 12:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/08/28 11:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/08/28 11:18:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/28 10:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/08/28 10:21:02 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1057992302-803448745-238406301-1012Core.job
[2010/08/28 10:04:42 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/28 09:58:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/28 09:58:58 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1057992302-803448745-238406301-1012.job
[2010/08/28 09:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/08/28 09:56:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/08/28 09:55:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/28 09:54:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/28 09:54:46 | 2145,562,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/27 07:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/08/27 06:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/08/26 19:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/08/26 18:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/08/26 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/26 17:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/08/26 17:32:04 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\pete\My Documents\spider2.sav
[2010/08/26 17:17:48 | 000,000,452 | ---- | M] () -- C:\Documents and Settings\pete\My Documents\spider1.sav
[2010/08/26 15:41:50 | 000,037,777 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 3 (08-26-10).pdf
[2010/08/26 15:37:58 | 000,060,565 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 2 (08-26-10).pdf
[2010/08/26 15:36:28 | 000,047,754 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 6 (08-26-10).pdf
[2010/08/26 15:32:42 | 000,084,274 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form (08-26-10) Model (1).pdf
[2010/08/26 12:05:32 | 000,022,889 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\Damn, it's freezing in here.jpg
[2010/08/26 08:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/08/26 05:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/08/26 04:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/08/25 22:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/08/25 21:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/08/25 20:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/08/25 03:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/08/25 02:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/08/25 01:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/08/25 00:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/08/25 00:54:36 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1057992302-803448745-238406301-1012.job
[2010/08/25 00:51:40 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/08/25 00:51:36 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\pete\ntuser.dat
[2010/08/25 00:51:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\pete\ntuser.ini
[2010/08/24 13:57:04 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\UnlockerAssistant .exe.lnk
[2010/08/24 13:52:50 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\gnotify .exe.lnk
[2010/08/22 19:21:28 | 000,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2010/08/22 19:21:28 | 000,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2010/08/22 19:21:00 | 000,000,166 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/08/22 19:17:16 | 000,000,829 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/22 06:57:32 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\AVG Tray.lnk
[2010/08/21 20:41:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\oxltaosp.sys
[2010/08/21 20:16:44 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\TeaTimer.lnk
[2010/08/21 17:24:06 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2010/08/21 15:39:26 | 000,506,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/21 15:26:02 | 000,605,774 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/21 15:26:02 | 000,517,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/21 15:26:02 | 000,097,562 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/21 13:54:26 | 000,002,357 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\PrintKey-Pro.lnk
[2010/08/21 12:15:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\pete\defogger_reenable
[2010/08/21 08:51:02 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lqjY4F.dat
[2010/08/21 04:51:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/08/20 22:00:00 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/08/20 15:42:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/20 08:08:12 | 000,059,478 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\Sigh.jpg
[2010/08/20 07:54:20 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Ptelunepozani.dat
[2010/08/20 05:30:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Dcufusu.bin
[2010/08/19 06:10:00 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\Class15
[2010/08/19 06:10:00 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\Band4
[2010/08/16 14:06:22 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2010/08/13 13:53:00 | 000,001,419 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
[2010/08/12 07:15:22 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/08/12 07:15:22 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/09 07:04:26 | 000,022,389 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\The Universe As Idea Construction.pdf
[2010/08/08 10:17:36 | 000,087,273 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\Pirom Wine, Pak Chong.jpg
[2010/08/05 11:42:06 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2010/08/05 11:36:52 | 000,000,711 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Moyea YouTube FLV Downloader.lnk
[2010/08/04 14:36:32 | 000,041,839 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\houdini.jpg
[2010/08/02 12:33:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\pete\Desktop\Kopenhagen diet is a 13 day diet.doc
[2010/07/31 06:53:36 | 000,000,649 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\RAR Password Recovery Magic.lnk
[2010/07/30 17:55:06 | 000,001,380 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Movies.lnk
[2010/07/30 17:54:18 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\DivX Plus Player.lnk
[77 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/28 10:16:29 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1057992302-803448745-238406301-1012Core.job
[2010/08/26 15:41:49 | 000,037,777 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 3 (08-26-10).pdf
[2010/08/26 15:37:56 | 000,060,565 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 2 (08-26-10).pdf
[2010/08/26 15:36:26 | 000,047,754 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form, Detail 6 (08-26-10).pdf
[2010/08/26 15:32:40 | 000,084,274 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\40388850_B2 Final Form (08-26-10) Model (1).pdf
[2010/08/26 12:05:31 | 000,022,889 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\Damn, it's freezing in here.jpg
[2010/08/24 13:57:02 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\UnlockerAssistant .exe.lnk
[2010/08/24 13:56:11 | 000,000,572 | ---- | C] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\AVG Tray.lnk
[2010/08/24 13:55:29 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\TeaTimer.lnk
[2010/08/24 13:52:49 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\pete\Start Menu\Programs\Startup\gnotify .exe.lnk
[2010/08/22 18:44:23 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/21 19:00:59 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/08/21 12:15:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\pete\defogger_reenable
[2010/08/21 04:53:43 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lqjY4F.dat
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/08/21 04:51:35 | 000,000,344 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/08/20 15:44:11 | 000,000,442 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2010/08/20 15:42:33 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2010/08/18 19:42:56 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\Updater.job
[2010/08/18 19:42:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\oxltaosp.sys
[2010/08/09 07:04:24 | 000,022,389 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\The Universe As Idea Construction.pdf
[2010/08/08 10:17:34 | 000,087,273 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\Pirom Wine, Pak Chong.jpg
[2010/08/05 12:12:44 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\AoA Audio Extractor.lnk
[2010/08/05 11:36:50 | 000,000,711 | ---- | C] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\Moyea YouTube FLV Downloader.lnk
[2010/08/04 14:41:21 | 000,059,478 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\Sigh.jpg
[2010/08/04 14:36:31 | 000,041,839 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\houdini.jpg
[2010/08/02 10:43:08 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\pete\Desktop\Kopenhagen diet is a 13 day diet.doc
[2010/07/31 06:53:36 | 000,000,649 | ---- | C] () -- C:\Documents and Settings\pete\Application Data\Microsoft\Internet Explorer\Quick Launch\RAR Password Recovery Magic.lnk
[2010/07/17 19:12:03 | 000,000,166 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/07/05 17:06:39 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\pete\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/23 10:57:09 | 000,000,484 | ---- | C] () -- C:\WINDOWS\crackpdf.INI
[2010/04/17 15:16:15 | 000,000,196 | ---- | C] () -- C:\Documents and Settings\pete\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2010/04/07 12:01:30 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\AxEImage.dll
[2010/04/07 12:01:30 | 000,663,552 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2010/03/27 16:41:08 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ibfs32.dll
[2010/03/27 15:59:16 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/27 13:36:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2010/03/26 22:18:11 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\PathCopyEx.dll
[2010/03/26 18:50:02 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\pete\Local Settings\Application Data\fusioncache.dat
[2010/01/24 10:32:22 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/01/23 13:31:49 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SA2004.ini
[2008/11/25 09:36:52 | 000,000,103 | ---- | C] () -- C:\WINDOWS\mwMSimApp.INI
[2008/09/19 08:45:15 | 000,000,029 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\counter.cfg
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/07 18:23:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/01/23 08:11:59 | 000,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/10/19 17:37:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\wdrvr.dll
[2006/10/10 13:14:17 | 000,000,041 | ---- | C] () -- C:\WINDOWS\loc2.INI
[2006/10/10 13:14:03 | 000,000,041 | ---- | C] () -- C:\WINDOWS\FindServ.INI
[2006/09/22 13:06:56 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/09/22 13:06:31 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2006/09/22 13:06:30 | 000,006,222 | ---- | C] () -- C:\WINDOWS\CADRAAMT.INI
[2006/09/22 08:02:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/09/22 08:02:50 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/09/21 10:03:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MS.INI
[2006/09/14 01:42:56 | 000,868,352 | ---- | C] () -- C:\WINDOWS\System32\WirelessMgr.dll
[2006/09/13 19:15:07 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/09/13 19:15:07 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/09/13 18:44:39 | 000,000,744 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/13 12:44:27 | 000,000,784 | ---- | C] () -- C:\WINDOWS\.ini
[2006/09/13 10:48:08 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/08/10 23:14:47 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2006/06/13 16:35:32 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2006/04/14 15:27:44 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2006/04/14 15:27:44 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2006/04/06 19:30:46 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2006/04/06 19:30:46 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2006/04/06 19:22:00 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2006/04/06 06:53:00 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/03/17 03:16:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/03/17 03:16:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/03/17 03:16:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/03/17 03:16:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/03/17 03:16:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/03/10 03:15:44 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/08 17:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 17:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/08 17:10:46 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/02/22 11:20:14 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/10 11:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/10/31 07:17:38 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/08/24 21:18:34 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/08/24 16:44:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/08/24 16:43:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/08/24 16:43:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/08/24 16:43:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/08/24 16:43:46 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2005/03/28 04:45:26 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2005/02/17 11:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 11:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004/12/17 05:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/10 20:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 07:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/10/28 12:07:20 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\ffvfw.dll
[2003/10/28 09:51:41 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2003/02/26 23:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2010/07/16 07:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon-BackupByBabylonPortable
[2006/09/19 11:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2006/09/22 08:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2010/08/23 07:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2010/08/17 04:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/08/18 19:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/08/21 11:09:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/08/22 13:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/20 15:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/08/22 19:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2006/09/22 13:07:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hummingbird
[2007/05/09 16:20:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2007/09/11 09:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gibbs
[2007/10/02 09:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2008/04/25 11:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/05/08 22:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Otto
[2008/05/14 06:55:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/05/21 15:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/06/23 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2008/11/21 11:25:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\salesforce.com
[2009/10/16 13:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/01/24 10:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/03/26 19:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/03/26 22:15:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/27 11:41:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/03/28 11:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Macrium
[2010/06/22 05:16:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/07/14 06:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon(2)
[2010/03/26 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\IObit
[2010/03/27 11:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\DassaultSystemes
[2010/03/27 11:39:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Softplicity
[2010/03/27 11:41:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Azureus
[2010/03/28 14:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Autodesk
[2010/04/16 14:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\webex
[2010/05/04 09:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\EDrawings
[2010/06/17 01:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\SendSpace Wizard
[2010/06/20 07:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\FileZilla
[2010/06/22 05:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Acronis
[2010/07/05 13:21:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\.metamorphose2
[2010/07/12 04:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\.thinkingrock
[2010/07/14 06:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Babylon(2)
[2010/08/05 11:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Moyea
[2010/06/19 13:47:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Babylon-BackupByBabylonPortable
[2010/08/23 07:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pete\Application Data\Babylon
[2010/08/28 11:18:24 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/08/26 18:00:00 | 000,000,442 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2010/08/25 00:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/08/25 01:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/08/16 14:06:22 | 000,000,382 | ---- | M] () -- C:\WINDOWS\Tasks\SmartDefrag.job
[2010/08/25 02:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/08/25 03:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/08/26 04:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/08/20 15:42:36 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2010/08/26 05:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/08/27 06:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/08/27 07:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/08/26 08:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/08/28 09:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/08/28 10:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/08/28 11:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/08/28 12:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/08/28 13:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/08/28 14:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/08/28 15:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/08/28 16:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/08/26 17:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/08/26 18:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/08/26 19:57:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/08/25 20:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/08/25 21:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/08/25 22:57:02 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/08/21 04:51:38 | 000,000,344 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/08/28 17:42:02 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\Updater.job

========== Purity Check ==========


< End of report >

And the Extras.txt

OTL Extras logfile created on: 8/28/2010 5:40:31 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\pete\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.71 Gb Total Space | 9.95 Gb Free Space | 18.88% Space Free | Partition Type: FAT32
Drive D: | 111.76 Gb Total Space | 81.93 Gb Free Space | 73.31% Space Free | Partition Type: FAT32
Drive E: | 53.20 Gb Total Space | 39.38 Gb Free Space | 74.01% Space Free | Partition Type: FAT32
Drive F: | 1397.26 Gb Total Space | 872.59 Gb Free Space | 62.45% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STS_DEMO
Current User Name: pete
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Rename with Métamorphose2] -- C:\Program Files\metamorphose2\metamorphose2.exe %L ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM
"1700:TCP" = 1700:TCP:*:Enabled:MioNet Remote Drive Access 0
"1701:TCP" = 1701:TCP:*:Enabled:MioNet Remote Drive Access 1
"1702:TCP" = 1702:TCP:*:Enabled:MioNet Remote Drive Access 2
"1703:TCP" = 1703:TCP:*:Enabled:MioNet Remote Drive Access 3
"1704:TCP" = 1704:TCP:*:Enabled:MioNet Remote Drive Access 4
"1705:TCP" = 1705:TCP:*:Enabled:MioNet Remote Drive Access 5
"1706:TCP" = 1706:TCP:*:Enabled:MioNet Remote Drive Access 6
"1707:TCP" = 1707:TCP:*:Enabled:MioNet Remote Drive Access 7
"1708:TCP" = 1708:TCP:*:Enabled:MioNet Remote Drive Access 8
"1709:TCP" = 1709:TCP:*:Enabled:MioNet Remote Drive Access 9
"1641:TCP" = 1641:TCP:*:Enabled:MioNet Remote Drive Verification
"1647:TCP" = 1647:TCP:*:Enabled:MioNet Storage Device Configuration
"5432:UDP" = 5432:UDP:*:Enabled:MioNet Storage Device Discovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\MioNet\MioNetManager.exe" = C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager -- File not found
"C:\Program Files\MioNet\jvm\bin\MioNet.exe" = C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet -- File not found
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Documents and Settings\pete\Local Settings\Temp\7zSA.tmp\SymNRT.exe" = C:\Documents and Settings\pete\Local Settings\Temp\7zSA.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Documents and Settings\pete\Local Settings\Temp\7zSC.tmp\SymNRT.exe" = C:\Documents and Settings\pete\Local Settings\Temp\7zSC.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool -- File not found
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Hummingbird\Connectivity\11.00\Exceed\exceed.exe" = C:\Program Files\Hummingbird\Connectivity\11.00\Exceed\exceed.exe:*:Disabled:X Server for Windows 2000/XP/2003 -- (Hummingbird Ltd.)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\System32\rundll32.exe" = C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\FileZilla Server\FileZilla server.exe" = C:\Program Files\FileZilla Server\FileZilla server.exe:*:Enabled:FileZilla server.exe -- (FileZilla Project)
"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)
"C:\Program Files\BabylonPortable\App\Babylon\Babylon.exe" = C:\Program Files\BabylonPortable\App\Babylon\Babylon.exe:*:Disabled:Babylon -- (Babylon Ltd.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Documents and Settings\pete\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\pete\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{26B878A8-5704-3B64-BDBC-4F0EACA38121}" = Google Talk Plugin
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35DFFE62-9F48-4236-9249-9EAB5C7123C9}" = Hummingbird Exceed 2006
"{37C01E1C-5982-44A8-933F-C8AC223EF33D}" = Larson VizEx Reader
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A71E27C-07D2-4CB8-ACA9-165242416758}" = Digital Video
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4C556B5C-8EF7-47B4-AE05-FE71EEB2C25B}" = Plus Pack for Acronis True Image Home 2010
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CFB3821-1582-4F3B-BF8D-30986923B36B}" = Nokia Multimedia Factory
"{4F1DA6BF-3614-48A1-9970-9E90F646789E}" = Ulead VideoStudio 8.0 SE DVD
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{534C6D59-D6E3-48A6-AD0B-747799019960}" = XVID Codec Installation
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5783F2D7-7005-0409-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2009
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{58E6686C-115E-4B4A-A6C1-6AA3C73E33BF}" = VISI : VISI 17.0
"{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048
"{5CBB856A-B9A6-4239-9AAE-732242813D67}" = SolidWorks 2008 SP04
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EFA4EA3-0604-458C-A06D-485F6B2724C9}" = PrintKey-Pro v1.05
"{5F8D3EAC-5107-4FE7-8D4F-B0D9A5F41C23}" = ExpertCAD
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C08FEE6-0D11-4C07-9037-2CEB4FD01134}" = PathCopyEx
"{6EE0E6FB-156F-47CF-8CA1-91EF3D0F9F06}" = Photobucket Uploader
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam Software
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7950CCD4-D8FE-4636-B827-E8502E310FA8}" = PDFIn PDF to DWG Converter
"{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C}" = 3dsmax ancillary install
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73205D5-284B-4E38-8E05-1B953226A003}" = DWGgateway
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB3C4AC6-C401-4132-A8B5-265899A9C0E8}" = Steinberg Cubase LE 4
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{ac474156-361a-4a7b-8b6e-977781b92565}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7761-000000000003}" = Adobe Acrobat 3D version 8
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D1E44702-21F5-4918-B8A3-6D126D5BD33C}" = Windows Messenger 5.1
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{D627784F-B3EE-44E8-96B1-9509B991EA34}_is1" = Auslogics Registry Defrag
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB35267F-B5C6-495C-8407-75ADC34E759D}" = Macrium Reflect
"{DC87578E-4CB7-4515-9115-B13254CFEF31}" = UNBRAKO AutoCAD Product Library
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA426461-31AA-4AB3-B15D-EDD748F08394}_is1" = Moyea YouTube FLV Downloader version: 3.1.2.26
"{EA528B2C-DF8F-45BB-BFDB-B588536992EB}" = SolidWorks eDrawings 2009
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.7
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8461-7759-5462-8226" = Vuze
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"AcerOrbiCamDrv" = Acer OrbiCam Driver
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 3D version 8" = Adobe Acrobat 3D version 8.1.5
"Adobe Acrobat 3D version 8_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AMA" = AutoCAD 2000 Migration Assistance
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"AutoCAD Mechanical 2009" = AutoCAD Mechanical 2009
"AVG9Uninstall" = AVG Free 9.0
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"Cakewalk VST Adapter 4" = Cakewalk VST Adapter 4
"Camtasia" = Camtasia
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows Driver Package - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025006C" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoffeeCup GIF Animator" = CoffeeCup GIF Animator
"DESkey DK2 Uninstall" = DK2 Drivers v 6.21.0.169
"DivX Setup.divx.com" = DivX Setup
"DreamStation DXi2" = DreamStation DXi2
"DubIt" = DubIt
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v4.60
"FBX Plugin 2006.08 for Max 9.0" = FBX Plugin 2006.08 for Max 9.0
"ffvfw" = ffvfw (uninstall only)
"FileZilla Client" = FileZilla Client 3.3.3
"FileZilla Server" = FileZilla Server (remove only)
"Google Chrome" = Google Chrome
"Google Earth Pro 4.2" = Google Earth Pro 4.2
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3076
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"LexiconStudio" = Lexicon Pantheon VST Plug-in (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSCSR" = Microsoft Speech Recognition Engine 4.0 (English)
"MSNINST" = MSN
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"myBabylon_English Toolbar" = myBabylon_English Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Omega ASIO driver" = Lexicon Omega Software (remove only)
"PCSI" = Prevx 3.0
"PDF Password Cracker Pro v3.0_is1" = PDF Password Cracker Pro v3.0
"PROR" = Microsoft Office Professional 2007
"RAR Password Recovery Magic_is1" = RAR Password Recovery Magic v6.1.1.213
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.89
"SendSpaceWizard" = SendSpace Wizard
"Smart Defrag_is1" = Smart Defrag
"SONAR 4 Producer Edition" = SONAR 4 Producer Edition
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"Syncrosoft License Control" = Syncrosoft License Control
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Total CAD Converter_is1" = TotalCADConverter
"TR-2.2.1" = ThinkingRock-2.2.1
"Unlocker" = Unlocker 1.8.9
"VLC media player" = VLC media player 1.1.0
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2010 10:02:03 PM | Computer Name = STS_DEMO | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/22/2010 6:57:35 AM | Computer Name = STS_DEMO | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10d.ocx, version 10.0.42.34, fault address 0x000e6f83.

Error - 8/22/2010 7:35:13 AM | Computer Name = STS_DEMO | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/22/2010 6:43:49 PM | Computer Name = STS_DEMO | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
shlwapi.dll, version 6.0.2900.5912, fault address 0x0002c4d8.

Error - 8/25/2010 1:48:40 AM | Computer Name = STS_DEMO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module browseui.dll, version 6.0.2900.5512, fault address 0x0002c7f7.

Error - 8/25/2010 1:49:00 AM | Computer Name = STS_DEMO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module browseui.dll, version 6.0.2900.5512, fault address 0x0002c7f7.

Error - 8/25/2010 1:49:50 AM | Computer Name = STS_DEMO | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module browseui.dll, version 6.0.2900.5512, fault address 0x0002c7f7.

Error - 8/25/2010 1:53:54 AM | Computer Name = STS_DEMO | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/28/2010 10:57:58 AM | Computer Name = STS_DEMO | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 8/28/2010 10:58:17 AM | Computer Name = STS_DEMO | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 2/14/2009 9:16:43 AM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 170026
seconds with 5460 seconds of active time. This session ended with a crash.

Error - 3/29/2009 11:12:14 AM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 153
seconds with 120 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:11:38 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:11:54 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:11:58 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:12:03 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:12:07 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:12:12 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 6/29/2009 12:12:16 PM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7/23/2009 11:50:01 AM | Computer Name = STS_DEMO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 6
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/28/2010 10:58:52 AM | Computer Name = STS_DEMO | Source = Service Control Manager | ID = 7000
Description = The Symantec Core LC service failed to start due to the following
error: %%3

Error - 8/28/2010 11:03:02 AM | Computer Name = STS_DEMO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3
(KB955706).

Error - 8/28/2010 11:57:00 AM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At11.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 12:03:31 PM | Computer Name = STS_DEMO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3
(KB955706).

Error - 8/28/2010 12:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At12.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 1:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At13.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 2:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At14.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 3:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At15.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 4:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 8/28/2010 5:57:00 PM | Computer Name = STS_DEMO | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402


< End of report >

Thanks,

Tip


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 28 August 2010 - 06:27 PM

QUOTE
Up kind of late?


It's the weekend... laugh.gif

Looks as if we have a TDSS rootkit here. We will try and run the most effective tool against this threat but it may not work. Don't worry if it doesn't but let me know.

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 August 2010 - 07:37 PM

Hey M0le,

Yeah, perhaps a TDSS rootkit at minimum. I worked 3 days to clean it up as best I could. Ran Kasperskys TDSSKiller, too. The past week has been 99% uneventful but I have no doubt I didn't get it all. Haven't had a redirect since last Sunday.


ComboFix 10-08-27.03 - pete 08/28/2010 19:04:34.1.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1125 [GMT -5:00]
Running from: c:\documents and settings\pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pete\g2mdlhlpx.exe
c:\documents and settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}
c:\documents and settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}\chrome.manifest
c:\documents and settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}\chrome\content\_cfg.js
c:\documents and settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}\chrome\content\overlay.xul
c:\documents and settings\pete\Local Settings\Application Data\{9C218CF8-94C5-414D-B53A-AE29C204115A}\install.rdf
c:\documents and settings\pete\Local Settings\Application Data\Windows Server
c:\documents and settings\pete\Local Settings\Application Data\Windows Server\server.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\driVERs\oxltaosp.sys
c:\windows\system32\gotomon.log
c:\windows\system32\ndisapi.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\win.ini
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Legacy_NDISRD
-------\Legacy_WINDRIVER
-------\Service_6to4
-------\Service_NPF
-------\Service_WinDriver
-------\Legacy_oxltaosp
-------\Service_oxltaosp


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Babylon
2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon
2010-08-23 00:34 . 2010-08-23 00:34 -------- d-----w- c:\program files\Sophos
2010-08-23 00:21 . 2010-08-23 00:21 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-08-23 00:21 . 2010-08-23 00:21 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\program files\Prevx
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-08-22 23:44 . 2010-08-28 15:04 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 23:39 . 2010-08-22 23:39 -------- d-----w- C:\FOUND.006
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-22 14:27 . 2010-08-22 14:27 -------- d-----w- c:\documents and settings\pete\DoctorWeb
2010-08-22 00:28 . 2010-08-22 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-22 00:09 . 2010-08-22 00:09 -------- d-----w- C:\FOUND.005
2010-08-22 00:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-21 20:05 . 2010-08-21 20:06 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\PCHealth
2010-08-21 19:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 19:12 . 2010-08-21 19:12 -------- d-----w- c:\program files\Trend Micro
2010-08-21 16:09 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-21 16:09 . 2010-08-21 16:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-21 16:08 . 2010-08-21 16:08 -------- d-----w- c:\program files\Lavasoft
2010-08-21 02:59 . 2010-08-21 03:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-20 22:20 . 2010-08-20 22:20 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Sunbelt Software
2010-08-19 22:00 . 2010-08-19 22:00 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\roevkdgma
2010-08-19 11:04 . 2010-08-19 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Moyea
2010-08-19 00:42 . 2010-08-19 00:42 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\odlujnogk
2010-08-19 00:42 . 2010-08-19 00:42 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\sduujeowi
2010-08-19 00:42 . 2010-08-19 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-17 09:41 . 2010-08-17 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-06 15:23 . 2010-08-06 15:23 -------- d-----w- c:\documents and settings\pete\Application Data\Yahoo!
2010-08-05 16:42 . 2007-05-13 17:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-05 16:42 . 2010-08-05 16:42 -------- d-----w- c:\program files\AoA Audio Extractor
2010-08-05 16:37 . 2010-08-05 16:37 -------- d-----w- c:\documents and settings\pete\Application Data\Moyea
2010-08-05 16:36 . 2010-08-05 16:36 -------- d-----w- c:\program files\Moyea
2010-07-31 11:53 . 2010-07-31 11:53 -------- d-----w- c:\program files\RAR Password Recovery Magic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 00:08 . 2006-09-13 15:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-28 18:54 . 2008-06-23 20:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-08-22 00:29 . 2010-08-22 00:29 63488 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-22 00:29 . 2010-08-22 00:29 52224 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-22 00:29 . 2010-08-22 00:29 117760 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 19:12 . 2010-08-21 19:12 388096 ----a-r- c:\documents and settings\pete\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 13:51 . 2010-08-21 09:53 112 ----a-w- c:\documents and settings\All Users\Application Data\lqjY4F.dat
2010-08-20 12:54 . 2010-07-17 22:22 120 ----a-w- c:\windows\Ptelunepozani.dat
2010-08-20 10:30 . 2010-07-17 22:22 0 ----a-w- c:\windows\Dcufusu.bin
2010-08-19 11:32 . 2010-08-19 11:32 310208 ----a-w- c:\documents and settings\pete\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-12 12:16 . 2010-08-21 16:09 2979848 ----a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-30 22:55 . 2010-05-07 23:24 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-30 22:55 . 2010-07-30 22:55 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-30 22:55 . 2010-07-30 22:55 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-30 22:53 . 2010-07-30 22:53 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 22:53 . 2010-07-30 22:23 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-30 22:53 . 2010-03-27 16:58 1090856 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-30 22:53 . 2010-03-27 16:58 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-26 06:34 . 2010-07-26 06:34 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-26 06:34 . 2010-07-26 06:34 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-26 06:34 . 2010-04-23 09:16 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-26 06:34 . 2010-04-23 09:15 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-25 22:05 . 2010-07-25 22:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-25 15:24 . 2010-07-25 15:24 -------- d-----w- c:\documents and settings\pete\Application Data\vlc
2010-07-24 03:47 . 2010-07-24 03:47 -------- d-----w- c:\documents and settings\pete\Application Data\vlc(2)
2010-07-16 12:32 . 2010-07-16 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon-BackupByBabylonPortable
2010-07-15 14:36 . 2010-03-27 00:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:36 . 2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:35 . 2010-03-27 00:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon(2)
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon(2)
2010-07-12 09:56 . 2010-07-12 09:56 -------- d-----w- c:\documents and settings\pete\Application Data\.thinkingrock
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\documents and settings\pete\Application Data\.metamorphose2
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\program files\metamorphose2
2010-06-30 12:31 . 2004-08-11 02:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-01-09 16:02 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 01:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 01:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-11 02:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 01:00 . 2010-06-22 01:00 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-06-22 01:00 . 2010-06-22 01:00 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-06-22 01:00 . 2010-06-22 01:00 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-06-22 01:00 . 2010-06-22 01:00 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-06-21 15:27 . 2004-08-11 01:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 01:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 01:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2004-08-11 01:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-04 11:07 . 2010-06-04 11:07 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 11:06 . 2010-06-04 11:06 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 13:13 . 2010-03-27 00:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
CODE
<pre>
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Google\Gmail Notifier\gnotify .exe
c:\windows\RaidTool\xInsIDE .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-30 21:43 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-08-19 11:05 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"Google Update"="c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7573504]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant .exe" [2010-03-09 15872]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2010-08-28 6293312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\pete\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]
gnotify .exe.lnk - c:\program files\Google\Gmail Notifier\gnotify .exe [2005-7-15 479232]
TeaTimer.lnk - c:\program files\Spybot - Search & Destroy\TeaTimer .exe [2010-7-25 2260480]
AVG Tray.lnk - c:\program files\AVG\AVG9\avgtray .exe [2010-7-15 2065760]
UnlockerAssistant .exe.lnk - c:\program files\Unlocker\UnlockerAssistant .exe [2010-3-8 15872]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
AHook2002.lnk - c:\program files\AutoHook2002\AHook2002.exe [2010-3-27 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
backup=c:\windows\pss\PrintKey-Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk
backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 21:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-10-15 06:03 45936 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 12:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 08:21 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNHelper32]
2005-10-20 13:50 45056 ------w- c:\windows\system32\DNHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
c:\program files\Citrix\GoToMeeting\320\g2mstart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-11 01:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-04-07 00:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-04-07 00:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-04-07 00:22 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 02:44 1660952 --sh--w- c:\progra~1\MESSEN~1\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-11 01:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
c:\program files\DivX\Symantec\scstubinstaller.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 22:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 04:05 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_07\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-05 12:03 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
c:\program files\Common Files\Real\Update_OB\realsched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 21:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Hummingbird\\Connectivity\\11.00\\Exceed\\exceed.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\BabylonPortable\\App\\Babylon\\Babylon.exe"=
"c:\\Documents and Settings\\pete\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/21/2010 11:09 AM 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/17/2010 9:51 AM 15328]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/22/2010 7:21 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/22/2010 7:21 PM 27656]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/21/2010 8:00 PM 911680]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2010 7:51 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2010 7:52 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/21/2010 8:00 PM 2480048]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:36 AM 308136]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/22/2010 7:21 PM 4368952]
R2 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [9/13/2006 6:44 PM 42624]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355416]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/17/2010 9:51 AM 220128]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/21/2010 8:00 PM 160704]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2/11/2006 4:58 AM 1274880]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [4/6/2006 7:46 AM 1097472]
S0 uuviomwh;uuviomwh; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/23/2010 4:49 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 4:41 AM 430152]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [1/24/2010 10:27 AM 17920]
S3 DK2USB;DK2usb Driver;c:\windows\system32\drivers\DK2USB.sys [9/13/2006 6:44 PM 9808]
S3 dkpccard;DESkey PC-Card Enabler;c:\windows\system32\drivers\dkpccard.sys [9/13/2006 6:44 PM 7888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\42.tmp --> c:\windows\system32\42.tmp [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [1/24/2010 10:32 AM 18432]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 13:56]

2010-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-08-16 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-03-27 20:30]

2010-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-08-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1057992302-803448745-238406301-1012Core.job
- c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {A8C54382-6C1A-4133-BA27-EF67C72E0FC3} - hxxps://na6.salesforce.com/setup/outlook/setups2/install.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 19:19
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\42.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Setup"="EXPIRED"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(7860)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80ENU.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\hasplms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\docume~1\pete\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-08-28 19:21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 00:20

Pre-Run: 10,527,670,272 bytes free
Post-Run: 10,374,873,088 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 7A0FA752817B16E523472D2F2C582BB6


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 28 August 2010 - 07:56 PM

All sorts of other malware in that log.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the box below into it:

CODE
File::
c:\windows\Ptelunepozani.dat
c:\windows\Dcufusu.bin

Folder::
c:\documents and settings\pete\Local Settings\Application Data\roevkdgma
c:\documents and settings\pete\Local Settings\Application Data\odlujnogk
c:\documents and settings\pete\Local Settings\Application Data\sduujeowi

RenV::
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Common Files\Real\Update_OB\realsched .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Launch Manager\LManager .exe
c:\program files\Skype\Phone\Skype .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Google\Gmail Notifier\gnotify .exe
c:\windows\RaidTool\xInsIDE .exe

RegNull::
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]

Driver::
uuviomwh


Save this as CFScript.txt, in the same location as Comfix.exe (called ComboFix.exe in the below graphic)




Refering to the picture above, drag CFScript into ComboFix.exe

If the program requests for you to update Combofix then click Yes.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Posted Image
m0le is a proud member of UNITE

#9 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 28 August 2010 - 08:35 PM

Hey M0le,

Here's the next round.


ComboFix 10-08-27.03 - pete 08/28/2010 20:11:56.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1254 [GMT -5:00]
Running from: c:\documents and settings\pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\pete\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\Dcufusu.bin"
"c:\windows\Ptelunepozani.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\pete\Local Settings\Application Data\odlujnogk
c:\documents and settings\pete\Local Settings\Application Data\roevkdgma
c:\documents and settings\pete\Local Settings\Application Data\sduujeowi
c:\windows\Dcufusu.bin
c:\windows\Ptelunepozani.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_uuviomwh


((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Babylon
2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-08-23 12:39 . 2010-08-23 12:39 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon
2010-08-23 00:34 . 2010-08-23 00:34 -------- d-----w- c:\program files\Sophos
2010-08-23 00:21 . 2010-08-23 00:21 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-08-23 00:21 . 2010-08-23 00:21 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\program files\Prevx
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-08-22 23:44 . 2010-08-29 00:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 23:39 . 2010-08-22 23:39 -------- d-----w- C:\FOUND.006
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-22 14:27 . 2010-08-22 14:27 -------- d-----w- c:\documents and settings\pete\DoctorWeb
2010-08-22 00:28 . 2010-08-22 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-22 00:09 . 2010-08-22 00:09 -------- d-----w- C:\FOUND.005
2010-08-22 00:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-21 20:05 . 2010-08-21 20:06 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\PCHealth
2010-08-21 19:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 19:12 . 2010-08-21 19:12 -------- d-----w- c:\program files\Trend Micro
2010-08-21 16:09 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-21 16:09 . 2010-08-21 16:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-21 16:08 . 2010-08-21 16:08 -------- d-----w- c:\program files\Lavasoft
2010-08-21 02:59 . 2010-08-21 03:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-20 22:20 . 2010-08-20 22:20 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Sunbelt Software
2010-08-19 11:04 . 2010-08-19 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Moyea
2010-08-19 00:42 . 2010-08-19 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-17 09:41 . 2010-08-17 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-06 15:23 . 2010-08-06 15:23 -------- d-----w- c:\documents and settings\pete\Application Data\Yahoo!
2010-08-05 16:42 . 2007-05-13 17:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-05 16:42 . 2010-08-05 16:42 -------- d-----w- c:\program files\AoA Audio Extractor
2010-08-05 16:37 . 2010-08-05 16:37 -------- d-----w- c:\documents and settings\pete\Application Data\Moyea
2010-08-05 16:36 . 2010-08-05 16:36 -------- d-----w- c:\program files\Moyea
2010-07-31 11:53 . 2010-07-31 11:53 -------- d-----w- c:\program files\RAR Password Recovery Magic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 01:19 . 2006-09-13 15:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-28 18:54 . 2008-06-23 20:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-08-22 00:29 . 2010-08-22 00:29 63488 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-22 00:29 . 2010-08-22 00:29 52224 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-22 00:29 . 2010-08-22 00:29 117760 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-21 19:12 . 2010-08-21 19:12 388096 ----a-r- c:\documents and settings\pete\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 13:51 . 2010-08-21 09:53 112 ----a-w- c:\documents and settings\All Users\Application Data\lqjY4F.dat
2010-08-19 11:32 . 2010-08-19 11:32 310208 ----a-w- c:\documents and settings\pete\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-12 12:16 . 2010-08-21 16:09 2979848 ----a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-07-30 22:55 . 2010-05-07 23:24 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-30 22:55 . 2010-07-30 22:55 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-30 22:55 . 2010-07-30 22:55 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-30 22:53 . 2010-07-30 22:53 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 22:53 . 2010-07-30 22:23 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-07-30 22:53 . 2010-03-27 16:58 1090856 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-30 22:53 . 2010-03-27 16:58 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-26 06:34 . 2010-07-26 06:34 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-26 06:34 . 2010-07-26 06:34 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-26 06:34 . 2010-04-23 09:16 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-26 06:34 . 2010-04-23 09:15 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-25 22:05 . 2010-07-25 22:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-25 15:24 . 2010-07-25 15:24 -------- d-----w- c:\documents and settings\pete\Application Data\vlc
2010-07-24 03:47 . 2010-07-24 03:47 -------- d-----w- c:\documents and settings\pete\Application Data\vlc(2)
2010-07-16 12:32 . 2010-07-16 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon-BackupByBabylonPortable
2010-07-15 14:36 . 2010-03-27 00:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:36 . 2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:35 . 2010-03-27 00:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon(2)
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon(2)
2010-07-12 09:56 . 2010-07-12 09:56 -------- d-----w- c:\documents and settings\pete\Application Data\.thinkingrock
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\documents and settings\pete\Application Data\.metamorphose2
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\program files\metamorphose2
2010-06-30 12:31 . 2004-08-11 02:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-01-09 16:02 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 01:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 01:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-11 02:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 01:00 . 2010-06-22 01:00 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-06-22 01:00 . 2010-06-22 01:00 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-06-22 01:00 . 2010-06-22 01:00 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-06-22 01:00 . 2010-06-22 01:00 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-06-21 15:27 . 2004-08-11 01:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 01:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 01:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2004-08-11 01:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-04 11:07 . 2010-06-04 11:07 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 11:06 . 2010-06-04 11:06 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 13:13 . 2010-03-27 00:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.
CODE
<pre>
c:\program files\Skype\Phone\Skype .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\windows\RaidTool\xInsIDE .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-30 21:43 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-08-19 11:05 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"Google Update"="c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7573504]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant .exe" [2010-03-09 15872]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\pete\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
AHook2002.lnk - c:\program files\AutoHook2002\AHook2002.exe [2010-3-27 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
backup=c:\windows\pss\PrintKey-Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk
backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 21:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-10-15 06:03 45936 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 12:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 08:21 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNHelper32]
2005-10-20 13:50 45056 ------w- c:\windows\system32\DNHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoToMeeting]
c:\program files\Citrix\GoToMeeting\320\g2mstart.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-11 01:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-04-07 00:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-04-07 00:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-04-07 00:22 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 02:44 1660952 --sh--w- c:\progra~1\MESSEN~1\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
c:\program files\MSN Messenger\MsnMsgr.Exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-11 01:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
c:\program files\DivX\Symantec\scstubinstaller.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 22:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 04:05 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_07\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-05 12:03 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-26 06:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 21:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Hummingbird\\Connectivity\\11.00\\Exceed\\exceed.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\BabylonPortable\\App\\Babylon\\Babylon.exe"=
"c:\\Documents and Settings\\pete\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/21/2010 11:09 AM 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/17/2010 9:51 AM 15328]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/22/2010 7:21 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/22/2010 7:21 PM 27656]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/21/2010 8:00 PM 911680]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2010 7:51 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2010 7:52 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/21/2010 8:00 PM 2480048]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:36 AM 308136]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/22/2010 7:21 PM 4368952]
R2 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [9/13/2006 6:44 PM 42624]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355416]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/17/2010 9:51 AM 220128]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/21/2010 8:00 PM 160704]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2/11/2006 4:58 AM 1274880]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [4/6/2006 7:46 AM 1097472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/23/2010 4:49 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 4:41 AM 430152]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [1/24/2010 10:27 AM 17920]
S3 DK2USB;DK2usb Driver;c:\windows\system32\drivers\DK2USB.sys [9/13/2006 6:44 PM 9808]
S3 dkpccard;DESkey PC-Card Enabler;c:\windows\system32\drivers\dkpccard.sys [9/13/2006 6:44 PM 7888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\42.tmp --> c:\windows\system32\42.tmp [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [1/24/2010 10:32 AM 18432]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 13:56]

2010-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1057992302-803448745-238406301-1012Core.job
- c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {A8C54382-6C1A-4133-BA27-EF67C72E0FC3} - hxxps://na6.salesforce.com/setup/outlook/setups2/install.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 20:24
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\42.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(8756)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\program files\Unlocker\UnlockerHook.dll
c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80ENU.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\FileZilla Server\FileZilla Server.exe
c:\program files\SpywareGuard\sgbhp.exe
c:\windows\system32\hasplms.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\docume~1\pete\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-08-28 20:30:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-29 01:30
ComboFix2.txt 2010-08-29 00:21

Pre-Run: 10,390,503,424 bytes free
Post-Run: 10,338,041,856 bytes free

Current=2 Default=2 Failed=4 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - CB638485638C34B0C7C55C0C78B5841B


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 29 August 2010 - 04:42 AM

Okay, overall that was successful.

Take a look at this part of the log:

CODE
<pre>
c:\program files\Skype\Phone\Skype .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\windows\RaidTool\xInsIDE .exe
</pre>


This indicates a Vundo file infection. The first log showed more of these entries but some of these have been removed. Unfortunately, in this case, Combofix cannot do this for the above entries so you will need to uninstall and reinstall the programs shown to completely remove this pest. If you no longer need them then uninstalling them will also get rid of the file infector from your PC.

Please let me know when you have done this.

Posted Image
m0le is a proud member of UNITE

#11 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 29 August 2010 - 01:03 PM

Hey M0le,

Yeah, I did notice after the infection that the programs listed under "Code" no longer auto started. I had to manually enter them into my Startup menu again. At the time when I restarted Skype it didn't restart but reinstalled itself! Just to note, I used Revo Uninstaller set to the highest level when I unstalled Skype, Spybot & Unlocker. Rebooted afterwards. RaidTool was no longer listed under programs but the file path c:\RaidTool\ showed only an empty folder, which I deleted.

Thanks,

Tip

BTW, I also deleted c:\windows\RaidTool\xInsIDE .exe manually, but not the entire folder. Good enough?

Edited by Tippaporn, 29 August 2010 - 01:11 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 29 August 2010 - 01:35 PM

That should have dealt with that. thumbup2.gif

Please rerun Combofix as you did the first time (no scripts) and post the log.
Posted Image
m0le is a proud member of UNITE

#13 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 29 August 2010 - 05:08 PM

Hey M0le,

Sundays are usually uneventful for me. Not this one. dry.gif

Looks good?


ComboFix 10-08-28.02 - pete 08/29/2010 16:55:20.3.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1278 [GMT -5:00]
Running from: c:\documents and settings\pete\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-29 )))))))))))))))))))))))))))))))
.

2010-08-29 18:33 . 2010-08-29 18:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-29 18:33 . 2010-08-29 18:33 -------- d-----r- c:\program files\Skype
2010-08-29 15:19 . 2010-08-29 15:19 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Babylon
2010-08-29 15:19 . 2010-08-29 15:19 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon
2010-08-29 15:19 . 2010-08-29 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2010-08-23 00:34 . 2010-08-23 00:34 -------- d-----w- c:\program files\Sophos
2010-08-23 00:21 . 2010-08-23 00:21 27656 ----a-w- c:\windows\system32\drivers\pxsec.sys
2010-08-23 00:21 . 2010-08-23 00:21 22024 ----a-w- c:\windows\system32\drivers\pxscan.sys
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\program files\Prevx
2010-08-23 00:21 . 2010-08-23 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2010-08-22 23:44 . 2010-08-29 00:18 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 23:39 . 2010-08-22 23:39 -------- d-----w- C:\FOUND.006
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-22 18:33 . 2010-08-22 18:33 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-22 14:27 . 2010-08-22 14:27 -------- d-----w- c:\documents and settings\pete\DoctorWeb
2010-08-22 00:29 . 2010-08-22 00:29 63488 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-22 00:29 . 2010-08-22 00:29 52224 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-22 00:29 . 2010-08-22 00:29 117760 ----a-w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-22 00:28 . 2010-08-22 00:28 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-22 00:09 . 2010-08-22 00:09 -------- d-----w- C:\FOUND.005
2010-08-22 00:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-21 20:05 . 2010-08-21 20:06 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\PCHealth
2010-08-21 19:58 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-08-21 19:12 . 2010-08-21 19:12 388096 ----a-r- c:\documents and settings\pete\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-21 19:12 . 2010-08-21 19:12 -------- d-----w- c:\program files\Trend Micro
2010-08-21 16:09 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-08-21 16:09 . 2010-08-21 16:09 -------- d--h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-08-21 16:09 . 2010-08-12 12:16 2979848 ----a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
2010-08-21 16:08 . 2010-08-21 16:08 -------- d-----w- c:\program files\Lavasoft
2010-08-21 02:59 . 2010-08-21 03:00 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-08-20 22:20 . 2010-08-20 22:20 -------- d-----w- c:\windows\system32\MpEngineStore
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-08-20 20:42 . 2010-08-20 20:42 -------- d-----w- c:\documents and settings\pete\Local Settings\Application Data\Sunbelt Software
2010-08-19 11:32 . 2010-08-19 11:32 310208 ----a-w- c:\documents and settings\pete\Application Data\Azureus\plugins\mlab\ShaperProbeC.exe
2010-08-19 11:04 . 2010-08-19 11:05 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Moyea
2010-08-19 02:13 . 2010-04-19 15:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-08-19 00:42 . 2010-08-19 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-08-17 09:41 . 2010-08-17 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-08-06 15:23 . 2010-08-06 15:23 -------- d-----w- c:\documents and settings\pete\Application Data\Yahoo!
2010-08-05 16:42 . 2007-05-13 17:24 86683 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-08-05 16:42 . 2010-08-05 16:42 -------- d-----w- c:\program files\AoA Audio Extractor
2010-08-05 16:37 . 2010-08-05 16:37 -------- d-----w- c:\documents and settings\pete\Application Data\Moyea
2010-08-05 16:36 . 2010-08-05 16:36 -------- d-----w- c:\program files\Moyea
2010-07-31 11:53 . 2010-07-31 11:53 -------- d-----w- c:\program files\RAR Password Recovery Magic
2010-07-30 22:55 . 2010-07-30 22:55 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-30 22:55 . 2010-07-30 22:55 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-30 22:53 . 2010-07-30 22:53 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-30 22:23 . 2010-07-30 22:53 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-29 17:47 . 2006-09-13 15:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-08-28 18:54 . 2008-06-23 20:43 186 ----a-w- c:\documents and settings\All Users\Application Data\SafeNet Sentinel\Sentinel RMS Development Kit\System\prsgrc.dll
2010-08-21 13:51 . 2010-08-21 09:53 112 ----a-w- c:\documents and settings\All Users\Application Data\lqjY4F.dat
2010-07-30 22:55 . 2010-05-07 23:24 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-30 22:53 . 2010-03-27 16:58 1090856 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-30 22:53 . 2010-03-27 16:58 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-26 06:34 . 2010-07-26 06:34 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-26 06:34 . 2010-07-26 06:34 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-26 06:34 . 2010-07-26 06:34 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-26 06:34 . 2010-04-23 09:16 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-26 06:34 . 2010-04-23 09:15 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-26 06:34 . 2010-07-26 06:34 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\pete\Application Data\SUPERAntiSpyware.com
2010-07-25 16:46 . 2010-07-25 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-25 15:24 . 2010-07-25 15:24 -------- d-----w- c:\documents and settings\pete\Application Data\vlc
2010-07-24 03:47 . 2010-07-24 03:47 -------- d-----w- c:\documents and settings\pete\Application Data\vlc(2)
2010-07-16 12:32 . 2010-07-16 12:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon-BackupByBabylonPortable
2010-07-15 14:36 . 2010-03-27 00:52 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 14:36 . 2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 14:35 . 2010-03-27 00:51 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\pete\Application Data\Babylon(2)
2010-07-14 11:37 . 2010-07-14 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon(2)
2010-07-12 09:56 . 2010-07-12 09:56 -------- d-----w- c:\documents and settings\pete\Application Data\.thinkingrock
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\documents and settings\pete\Application Data\.metamorphose2
2010-07-05 18:21 . 2010-07-05 18:21 -------- d-----w- c:\program files\metamorphose2
2010-06-30 12:31 . 2004-08-11 02:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15 . 2006-01-09 16:02 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15 . 2004-08-11 01:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15 . 2004-08-11 01:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44 . 2004-08-11 02:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-22 01:00 . 2010-06-22 01:00 160704 ----a-w- c:\windows\system32\drivers\afcdp.sys
2010-06-22 01:00 . 2010-06-22 01:00 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2010-06-22 01:00 . 2010-06-22 01:00 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-06-22 01:00 . 2010-06-22 01:00 166272 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-06-21 15:27 . 2004-08-11 01:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-11 01:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2004-08-11 01:00 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe
2010-06-14 07:41 . 2004-08-11 01:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-11 21:51 . 2010-06-11 21:51 3055600 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-06-11 21:36 . 2010-06-11 21:36 275952 ----a-w- c:\documents and settings\pete\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-06-04 11:07 . 2010-06-04 11:07 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-06-04 11:07 . 2010-06-04 11:07 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-06-04 11:06 . 2010-06-04 11:06 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-02 13:13 . 2010-03-27 00:51 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-04-19 15:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-06-30 21:43 2515552 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-08-19 11:05 2734688 ----a-w- c:\program files\Vuze_Remote\tbVuz0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuz0.dll" [2010-08-19 2734688]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-06-30 2515552]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-07-19 2403568]
"Google Update"="c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-27 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7573504]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"36X Raid Configurer"="c:\windows\system32\xRaidSetup.exe" [2007-05-25 1957888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\pete\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-3-27 45056]
AHook2002.lnk - c:\program files\AutoHook2002\AHook2002.exe [2010-3-27 86016]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-07-15 14:36 12536 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PrintKey-Pro.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\PrintKey-Pro.lnk
backup=c:\windows\pss\PrintKey-Pro.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^SolidWorks Task Scheduler Engine.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\SolidWorks Task Scheduler Engine.lnk
backup=c:\windows\pss\SolidWorks Task Scheduler Engine.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^pete^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\documents and settings\pete\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-15 02:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2010-03-27 21:07 362232 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-10-15 06:03 45936 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 12:43 69632 ----a-w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-08-25 08:21 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNHelper32]
2005-10-20 13:50 45056 ------w- c:\windows\system32\DNHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 18:56 64512 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-11 01:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2006-04-07 00:00 331776 ----a-w- c:\program files\Acer\OrbiCam\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 23:22 262144 ----a-w- c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2006-04-07 00:06 73728 ----a-w- c:\program files\Acer\OrbiCam\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2006-04-07 00:22 225280 ----a-w- c:\windows\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-06-03 02:44 1660952 --sh--w- c:\progra~1\MESSEN~1\Msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-11 01:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
2005-05-11 22:15 45056 ----a-w- c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-08-11 04:05 1519616 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-11 01:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2006-01-05 12:03 761946 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-07-26 06:33 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-03-27 21:06 5107232 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Hummingbird\\Connectivity\\11.00\\Exceed\\exceed.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\FileZilla Server\\FileZilla server.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Documents and Settings\\pete\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\BabylonPortable\\App\\Babylon\\Babylon.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access 0
"1701:TCP"= 1701:TCP:MioNet Remote Drive Access 1
"1702:TCP"= 1702:TCP:MioNet Remote Drive Access 2
"1703:TCP"= 1703:TCP:MioNet Remote Drive Access 3
"1704:TCP"= 1704:TCP:MioNet Remote Drive Access 4
"1705:TCP"= 1705:TCP:MioNet Remote Drive Access 5
"1706:TCP"= 1706:TCP:MioNet Remote Drive Access 6
"1707:TCP"= 1707:TCP:MioNet Remote Drive Access 7
"1708:TCP"= 1708:TCP:MioNet Remote Drive Access 8
"1709:TCP"= 1709:TCP:MioNet Remote Drive Access 9
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/21/2010 11:09 AM 64288]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [3/17/2010 9:51 AM 15328]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [8/22/2010 7:21 PM 22024]
R0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys [8/22/2010 7:21 PM 27656]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [6/21/2010 8:00 PM 911680]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/26/2010 7:51 PM 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/26/2010 7:52 PM 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [6/21/2010 8:00 PM 2480048]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/15/2010 9:36 AM 308136]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [8/22/2010 7:21 PM 4368952]
R2 dk2drv;DK2 WindowsNT Driver;c:\windows\system32\drivers\dk2drv.sys [9/13/2006 6:44 PM 42624]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [3/17/2010 9:51 AM 220128]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [6/21/2010 8:00 PM 160704]
R3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2/11/2006 4:58 AM 1274880]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [4/6/2006 7:46 AM 1097472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/23/2010 4:49 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355416]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [8/17/2010 4:41 AM 430152]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [1/24/2010 10:27 AM 17920]
S3 DK2USB;DK2usb Driver;c:\windows\system32\drivers\DK2USB.sys [9/13/2006 6:44 PM 9808]
S3 dkpccard;DESkey PC-Card Enabler;c:\windows\system32\drivers\dkpccard.sys [9/13/2006 6:44 PM 7888]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\42.tmp --> c:\windows\system32\42.tmp [?]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [1/24/2010 10:32 AM 18432]
.
Contents of the 'Scheduled Tasks' folder

2010-08-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-05-05 13:56]

2010-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 12:15]

2010-08-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-10-23 21:58]

2010-08-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-08-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1057992302-803448745-238406301-1012.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 08:02]

2010-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-08-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1057992302-803448745-238406301-1012Core1cb4719c78504f7.job
- c:\documents and settings\pete\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-28 00:00]

2010-08-20 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-10-23 21:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://global.acer.com
uInternet Settings,ProxyOverride = <local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PackageCab - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {A8C54382-6C1A-4133-BA27-EF67C72E0FC3} - hxxps://na6.salesforce.com/setup/outlook/setups2/install.cab
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-GoToMeeting - c:\program files\Citrix\GoToMeeting\320\g2mstart.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-Nokia - c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe
MSConfigStartUp-NSSInstallation - c:\program files\DivX\Symantec\scstubinstaller.exe
MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_07\bin\jusched.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-29 17:00
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\42.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1216)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1348)
c:\windows\system32\WININET.dll
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\MFC71U.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\MFC80ENU.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-08-29 17:02:20
ComboFix-quarantined-files.txt 2010-08-29 22:02
ComboFix2.txt 2010-08-29 01:30
ComboFix3.txt 2010-08-29 00:21

Pre-Run: 9,973,268,480 bytes free
Post-Run: 9,977,724,928 bytes free

- - End Of File - - 6E879A0F4DDE89F3B6260AF63BDFBCE8


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:39 AM

Posted 29 August 2010 - 08:05 PM

Looks good! thumbup2.gif

Please run ESET's online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#15 Tippaporn

Tippaporn
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:39 PM

Posted 30 August 2010 - 01:57 PM

Hey M0le,

poster_oops.gif

I completed the scan (6+ hours) then hit the finish button.

I'll start another scan unless you tell me otherwise.

Tip

Ran it again and came up clean. But what else would I expect? whistling.gif

Edited by Tippaporn, 30 August 2010 - 04:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users