Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browswer Redirects after Security Suite Virus Cleanup


  • This topic is locked This topic is locked
19 replies to this topic

#1 sfgiants13

sfgiants13

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 23 August 2010 - 01:46 PM

A couple of weeks ago I had the security suite virus around to where I'd always get popups about how my computer is infected. Now out of nowhere I'll get a redirect in a new tab in firefox to some random site. I ran MBAM as well as spybot and that cleared up that problem but now I my browser is always redirecting me to some random site. I've ran several cleaners and they sometimes pick up something and sometimes not so it looks like those have run to the best of their ability. I tried running GMER but so far I've ran it 3 times and it's crashed near the start of the scan on 2 saying iastor.sys was involved and one of them scanned for a while and then blue screened saying uxryqpoc.sys was invovled. Here are the logs that I was able to get. I'd really appreciate some help from someone.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Nelson at 10:53:54.27 on Mon 08/23/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_15
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1645 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxbfcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\nHancer\nHancerService.exe
C:\Windows\system32\oodag.exe
C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\nHancer\nHancer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\RVG Software\Holdem Manager\HMImport.exe
C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files\RVG Software\Holdem Manager\HMHud.exe
C:\Program Files\TableNinja\TableNinja.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Nelson\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
uRun: [Aim6]
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [nHancer] "c:\program files\nhancer\nHancer.exe" /tray
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.0;_en-US;_rv:1.9.0.15)_Gecko/2009101601_Firefox/3.0.15_(.NET_CLR_3.5.30729)" -"http://www.globalchange.umich.edu/globalchange1/current/lectures/evolving_earth/evolving_earth.html"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [WAWifiMessage] c:\program files\hewlett-packard\hp wireless assistant\WiFiMsg.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [ap.exe] c:\windows\system32\config\systemprofile\appdata\roaming\pcenter\ap.exe
StartupFolder: c:\users\nelson\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
AppInit_DLLs: avgrsstx.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\nelson\appdata\roaming\mozilla\firefox\profiles\ygxhoiam.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\users\nelson\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\nelson\appdata\roaming\mozilla\firefox\profiles\ygxhoiam.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071302000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-12-9 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-12-9 29584]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-31 243024]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-11-26 201320]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-20 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe -service --> c:\windows\system32\lxbfcoms.exe -service [?]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\postgresql\8.3\bin\pg_ctl.exe [2008-2-1 65536]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-5 24652]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 B-Service;B-Service;c:\users\nelson\appdata\roaming\mikogo\B-Service.exe [2009-5-28 185640]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\drivers\LtcyCfgWDM.sys [2005-12-26 6656]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-11-26 79304]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-11-26 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-11-26 33832]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-08-22 04:59:17 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 04:58:31 0 d-----w- c:\programdata\Hitman Pro
2010-08-22 04:58:28 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-17 19:18:49 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 19:18:49 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 18:28:42 0 d-----w- c:\program files\common files\DivX Shared
2010-08-16 18:28:16 0 d-----w- c:\program files\DivX
2010-08-16 18:28:01 0 d-----w- c:\programdata\DivX
2010-08-16 16:11:32 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 16:11:25 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 17:36:53 0 d-----w- c:\users\nelson\appdata\roaming\Malwarebytes
2010-08-14 17:36:31 0 d-----w- c:\programdata\Malwarebytes
2010-08-14 17:36:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 17:25:40 0 d-----w- c:\program files\ExplorerXP
2010-08-14 13:27:44 5 ----a-w- C:\zrpt.xml
2010-08-14 13:27:08 0 d-----w- c:\programdata\Update
2010-08-12 19:08:28 129857 ----a-w- c:\windows\hppins21.dat
2010-08-12 19:08:19 3729 ----a-w- c:\windows\hppmdl21.dat
2010-08-12 17:21:59 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 17:21:48 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 17:21:47 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 17:21:45 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 17:21:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 17:21:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 17:21:41 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-07-29 01:30:15 0 d-----w- c:\users\nelson\appdata\roaming\Unity

==================== Find3M ====================

2010-08-23 17:35:52 258522 ----a-w- c:\programdata\nvModes.dat
2010-08-12 19:09:21 86016 ----a-w- c:\windows\inf\infstor.dat
2010-08-12 19:09:21 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-12 19:09:21 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-15 15:55:20 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-15 15:55:19 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-15 15:54:43 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-06-26 06:05:49 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37:03 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16:20 274944 ----a-w- c:\windows\system32\schannel.dll
2010-05-29 20:11:22 140 ---ha-w- C:\aaw7boot.cmd
2010-05-27 20:08:17 81920 ----a-w- c:\windows\system32\iccvid.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-11-18 00:04:05 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-13 22:32:22 61 --sh--w- c:\windows\cnerolf.dat
2008-11-30 06:13:13 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008112920081130\index.dat
2008-12-01 01:51:12 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008113020081201\index.dat
2008-07-02 10:37:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 10:55:41.81 ===============


Post to subscribe to topic. Forgot in my original post

Post to subscribe. Forgot in my original post

Attached Files


Edited by sfgiants13, 23 August 2010 - 02:13 PM.


BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 29 August 2010 - 03:36 PM

Hi sfgiants13,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 31 August 2010 - 12:42 PM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4510

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

8/30/2010 3:41:13 PM
mbam-log-2010-08-30 (15-41-13).txt

Scan type: Quick scan
Objects scanned: 161104
Time elapsed: 10 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{fe4c2c37-edc8-4c00-b864-3c38cf3ba834} (Adware.Adshot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-31 10:11:51
Windows 6.0.6002 Service Pack 2
Running: 07e6v181.exe; Driver: C:\Users\Nelson\AppData\Local\Temp\uxryqpoc.sys


---- System - GMER 1.0.15 ----

INT 0x51 ? A23752D0
INT 0x52 ? A30DF2D0
INT 0x61 ? A45E7A50
INT 0x62 ? A43E87D0
INT 0x71 ? A45E7CD0
INT 0x72 ? A2375050
INT 0x82 ? A2375A50
INT 0x92 ? A2375550
INT 0xA2 ? A23757D0
INT 0xA3 ? A30DFA50
INT 0xB0 ? A30DF7D0
INT 0xB1 ? A2375CD0
INT 0xB2 ? A30DF550
INT 0xB3 ? A30DFCD0

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spmt.sys The system cannot find the path specified. !
.text USBPORT.SYS!DllUnload AAE3241B 5 Bytes JMP A2F384E0
.rsrc C:\Windows\system32\DRIVERS\kbdclass.sys entry point in ".rsrc" section [0xAAF65014]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtProtectVirtualMemory 77744D34 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!NtWriteVirtualMemory 77745674 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[960] ntdll.dll!KiUserExceptionDispatcher 77745DC8 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[960] ole32.dll!CoCreateInstance 76319EA6 5 Bytes JMP 009C000A
.text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtProtectVirtualMemory 77744D34 5 Bytes JMP 0018000A
.text C:\Windows\Explorer.EXE[1720] ntdll.dll!NtWriteVirtualMemory 77745674 5 Bytes JMP 0029000A
.text C:\Windows\Explorer.EXE[1720] ntdll.dll!KiUserExceptionDispatcher 77745DC8 5 Bytes JMP 0017000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [A748F6D6] \SystemRoot\System32\Drivers\spmt.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [A748F042] \SystemRoot\System32\Drivers\spmt.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [A748F800] \SystemRoot\System32\Drivers\spmt.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [A748F0C0] \SystemRoot\System32\Drivers\spmt.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [A748F13E] \SystemRoot\System32\Drivers\spmt.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [A749EE9C] \SystemRoot\System32\Drivers\spmt.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [744E7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7453A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [744EBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [744DF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [744E75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [744DE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74518395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [744EDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [744DFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [744DFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [744D71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7456CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7450C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [744DD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [744D6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [744D687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1720] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [744E2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs A19781F8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \Driver\volmgr \Device\VolMgrControl A19731F8
Device \Driver\usbuhci \Device\USBPDO-0 A2F791F8
Device \Driver\usbuhci \Device\USBPDO-1 A2F791F8
Device \Driver\usbehci \Device\USBPDO-2 A2F7A1F8
Device \Driver\usbuhci \Device\USBPDO-3 A2F791F8
Device \Driver\usbuhci \Device\USBPDO-4 A2F791F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBPDO-5 A2F791F8
Device \Driver\usbehci \Device\USBPDO-6 A2F7A1F8
Device \Driver\volmgr \Device\HarddiskVolume1 A19731F8
Device \Driver\volmgr \Device\HarddiskVolume2 A19731F8
Device \Driver\cdrom \Device\CdRom0 A301D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 A19761F8
Device \Driver\iaStor \Device\Ide\iaStor0 [A76D7EB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 A19761F8
Device \Driver\atapi \Device\Ide\IdePort1 A19761F8
Device \Driver\netbt \Device\NetBT_Tcpip_{71B54A4C-E230-4612-A3B1-012222C1F245} A4B0E1F8
Device \Driver\netbt \Device\NetBT_Tcpip_{C8A3440C-1ED0-4918-8F30-284A8C1E4E2F} A4B0E1F8
Device \Driver\netbt \Device\NetBt_Wins_Export A4B0E1F8
Device \Driver\Smb \Device\NetbiosSmb A4A001F8
Device \Driver\iScsiPrt \Device\RaidPort0 A30241F8

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

Device \Driver\usbuhci \Device\USBFDO-0 A2F791F8
Device \Driver\usbuhci \Device\USBFDO-1 A2F791F8
Device \Driver\usbehci \Device\USBFDO-2 A2F7A1F8
Device \Driver\usbuhci \Device\USBFDO-3 A2F791F8
Device \Driver\usbuhci \Device\USBFDO-4 A2F791F8
Device \Driver\usbuhci \Device\USBFDO-5 A2F791F8
Device \Driver\usbehci \Device\USBFDO-6 A2F7A1F8
Device \FileSystem\cdfs \Cdfs A2F2C1F8
Device -> \Driver\iaStor \Device\Harddisk0\DR0 A3048EC5

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0xAB 0xFD 0xCE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x74 0x45 0xB4 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x74 0xAB 0xFD 0xCE ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xB4 0x6D 0x90 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x74 0x45 0xB4 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION F45784603387DC04FB60CA94FD82A9FEAF912B1894C4305F7E5E802F9FDCACD6BA233EE749E57744F589C419A3D9A6E8F5393E451AABB265A9E29B39FD32B68DC00C890B9A66B40345BB90DF5BF1F4AC486B2CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC79338EDD5E5BE2F6E667FEBC9E127BECC74CE6CED0A9995A398E7605D53404010CD32E11352DFC7F19BCCF70C1BAAD03E67DE880B89796FC45C3212BCC6A01D2B96150978530C515CDF6E46F67B953589B3CA1BCF4B0958BB7CFA149F73726E96199B19A9F12C9F909BDFB726B5E421BA6A1796AEBE16E20DA7744984962BD07E6EB27462290E9306B4A0A35BB82102B85CCACF7F7BE0B1EAB6729D6A756A5AB642BD3C822111AF64DB85B77B722672D6C4649D4E6FB69A9D72D4645ED22529EA60F3155281963D7B6090E7C35DE048AC3F43476F9741C2BC6BA63AA6CF9CAE8B0338F222ED7609E6821140B7C7D36EC2627A5D4E725C85110659DCFE432A95837188FE9271BC359D4C6B6F14C6766C6E28DA86D5B30A90D80E9E58210C62080231F266B74D84FDA20A90E7C54A70BCA7EBE1EBF71DB8F9297657F9316586FB693111EE8EFA55DBAA7D60A82B971B2712FB3B8D1BC9158DB0B5A86DA9827EF15D81894A964BFD8D379456DD81697F

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMGZUA3\sound[1].js 1920 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IDMGZUA3\1209_002_A_728090_A_NTC_12-22-09[1].gif 22361 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHAERR8V\httpErrorPagesScripts[2] 8601 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHAERR8V\bullet[1] 3169 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHAERR8V\pix2_us_es[1].jpg 35286 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JHAERR8V\errorPageStrings[2] 1817 bytes
File C:\Windows\system32\DRIVERS\kbdclass.sys suspicious modification
File C:\Windows\system32\drivers\iaStor.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Edited by sfgiants13, 31 August 2010 - 01:52 PM.


#4 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 31 August 2010 - 12:45 PM

OTL Extras logfile created on: 8/31/2010 10:22:26 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Nelson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.49 Gb Total Space | 118.12 Gb Free Space | 53.33% Space Free | Partition Type: NTFS
Drive D: | 11.39 Gb Total Space | 1.78 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Drive E: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NELSON-PC
Current User Name: Nelson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B45BFF-625E-466C-B0E1-C065C1B3DC0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A46BC35-AE00-4ACF-A65A-AA0FB29ECE6D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{139371C7-881A-4E4B-8694-B75F69FCEF4D}" = rport=445 | protocol=6 | dir=out | app=system |
"{185679FF-E691-4738-9099-37BE6905E274}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{1E1617F8-AB7D-48BC-8727-1BCF2A6E7CE6}" = lport=3390 | protocol=6 | dir=in | app=system |
"{2A82509D-936D-4FE0-90F5-DEE26B4CB4F0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2DAB78F2-E6B6-43DE-BCCD-67988CEC1808}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2EEF1C55-AF08-4556-A2FE-2A25CF19F9FD}" = lport=139 | protocol=6 | dir=in | app=system |
"{2F51654E-8B04-4678-8257-AB1DAED4D9AE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{31802D38-5A2F-41DF-97E5-7B922085E117}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{31804D91-584B-4785-B2AD-9E459EA46730}" = rport=138 | protocol=17 | dir=out | app=system |
"{37042F1F-243A-42F4-97D2-BFA7BCB6C59B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{407CDA97-969C-46B7-98DE-FD590FB40D2F}" = lport=10244 | protocol=6 | dir=in | app=system |
"{408E0A10-5D7C-4077-9212-8541E13A280D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{44384273-9D75-464B-B4EE-1021BB1D707B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{45CDC44C-46BA-4D20-9E53-4391AB5B9E1E}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CBC0E4C-6FB4-4BE3-9E0D-D0F3882C7F9B}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4E119A69-0B8D-424E-952B-CD3B6D2D9F80}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E49C367-08E4-4643-859D-33AB1C21B913}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{4F1739C0-4D6C-4889-B082-3E38DE12157D}" = lport=445 | protocol=6 | dir=in | app=system |
"{54874F5E-1F91-4199-8A18-41A56B52A679}" = lport=10244 | protocol=6 | dir=in | app=system |
"{64C2532D-EBF0-4435-938B-489319391EA7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{669CF5DA-3964-484E-AC40-B6ED5445085B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{67DE6EDA-E2B4-4C23-A9C8-0BF6430F03E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{6DBE9889-2889-4AE0-AD57-1319875365AD}" = rport=10244 | protocol=6 | dir=out | app=system |
"{700344AD-5905-4C6D-B279-6A20E18C6498}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{719C19D3-8D0C-4F84-A1AB-16A235F5791E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{756C54AA-51AD-40F0-ADD9-D1369367BA94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7754A13E-74D7-4654-97D0-789950CD64FA}" = lport=3390 | protocol=6 | dir=in | app=system |
"{7B9FAF62-F662-43EE-9B38-DB7414BD183F}" = lport=137 | protocol=17 | dir=in | app=system |
"{8458BFAD-B6B7-4E73-963E-AA06BB62FC22}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8480CA19-DADD-41FE-96AC-5EDCF39FA833}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{86F23908-8487-46F1-97BC-3D678F029A2B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8945CA99-8239-4DB4-9F3C-7B6D89390DA4}" = rport=10244 | protocol=6 | dir=out | app=system |
"{93D3B898-DC0B-401B-8915-045C6F202CB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B68664C-A37E-4F5D-978D-894699302CAD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A09041EC-3322-4FB4-945E-CEA7FD882B56}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A68CDCBB-5262-4D96-89A7-EA39A93EC003}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{A9326F91-C13C-478C-9B33-DDA0873366D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B008B874-E450-474E-ADD5-D2D0CEAE2223}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B08D940B-19A0-407D-A3CC-2F42CE394A43}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B32C2DEA-BECC-4462-BCA7-F843521DE422}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B6292ECD-8582-40D8-B0EF-2D93F4EFCACF}" = rport=137 | protocol=17 | dir=out | app=system |
"{B8315901-A3E5-48AE-8641-09C762F9353B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2A144EE-EAE0-4EDE-B3C5-C2CA8A95A96E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8394DF0-5E0F-4DA9-9B48-5FD25AE2656D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CCEFD0BD-BE4B-4565-B91A-4217F7589ABE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D1E5D257-8DE7-4375-9D55-7587D8AFD07B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D42ED4FC-7F6C-462E-ABBC-5B73979C6038}" = rport=139 | protocol=6 | dir=out | app=system |
"{DE67E386-2D11-4BAA-A408-9CF48C75DF3A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{E2109197-ABE5-4B63-A429-11EE721AFF83}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EFEC54AA-EC64-4C70-9740-0D481055687B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F9065ED0-C3BD-46C9-9520-01B03C1848ED}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D1E414-5143-4FC7-A31C-44D93A5FA870}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{01A8C18F-9A63-4DCB-B5D4-82D05A3C0BB0}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{052FA3DA-9C80-47C7-83AA-7514DAE3D93F}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{082A7768-317A-491C-93C2-9C4B6F9FD381}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
"{0AEC6CE4-7973-474E-8D66-C24808B77C4F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{150F215F-84C0-4F32-9AF4-7F1E3337CDAD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{1A3FA383-F903-4C8E-A6FD-63B647DC7C16}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{1BDD4A2D-7255-47F4-A215-65BE0CC9EFB4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{218CB414-8DC9-4327-BCDD-20977FEFCF59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{30017CC1-67C9-4D41-A1C4-918817B2EA61}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{3052693C-4673-4BDD-9971-E8760576AB40}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{31F8072A-E5D8-49D2-9FB3-7C3FAFD72444}" = protocol=17 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{3BFE28BD-241B-4950-BBD0-9C18B041AA37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{41630918-B9C6-49A6-A625-8A0200894DFD}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{428F787D-E296-46C1-B639-82EDABC984E3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{531020CC-9D96-45A1-8B34-CC88DB58E92B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{539ED667-B635-4640-982E-E2F556F73F1C}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{556012A8-8DD0-4A98-9AE7-FE2937D92B37}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{566654E3-070C-4D41-A389-224DEB512EB0}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{5CBF00E9-622D-4852-BBF8-72D66ABF46AD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{603E8B7D-9C89-49E3-8BB3-0051877454B9}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{621DD624-4908-4340-9160-3A43F48D1EA5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{673DAB96-040C-4C4C-9DB9-E8AA4B923936}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{69936FBA-9791-43EB-A4FE-357F460FFD58}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6A82E5F7-B66A-45D4-A683-7B724EA3206E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6CEDC2AC-24EF-4A01-B3AC-DF7208BCCAA1}" = protocol=6 | dir=in | app=c:\program files\full tilt poker\fulltiltpoker.exe |
"{701CE972-1DA6-4FB4-B901-06370AC55611}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7A1ADC32-39A4-435E-8704-9D31EC24C160}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7F9931A7-4CD8-47D4-ABE6-EE26075236EB}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{7FC06953-C968-420E-BA59-62D3DC59D6C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{801F31A6-543B-495C-AB20-03C1E714F5AB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{821FB012-E5AB-42AA-8FDF-A11DE02D3707}" = protocol=6 | dir=in | app=c:\windows\system32\lxbfcoms.exe |
"{836AFD30-C28E-44B5-A5F9-EA018B145407}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{8529596D-5DCA-4C55-97D3-A357F6592847}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{875DB475-2CD6-4F3B-AADC-A9CD5D07847D}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{8A1A58C4-857D-48B5-848C-EE51A995BBC1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9292371C-33C3-4FB1-A08F-E3523B6255EF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{93C80752-5F78-45C3-80D7-4001CC13A657}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{94F6D1C7-7DE8-4082-8E82-624990AF05E9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{96B132E6-1707-4966-90FB-DFE389E06CF8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{97490F11-84E7-4451-B30A-016F805C7308}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9AC9FC24-BFEF-4A2D-B688-72E0641D7E47}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9F3D244E-740F-4174-8379-5459FF52C12E}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A25CB260-C2BB-4083-86E6-EFBD8A5766EC}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A6EF8A7A-45E1-4B4B-A1F7-A3ADD9FAC37A}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{A87B7832-43B8-4E3F-8CEF-ACA219EB7316}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxbfpswx.exe |
"{AFD40BC1-E8FF-4A69-86D8-9C33F7393500}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B11C4B58-3F30-4496-ADFC-15EC6E182834}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{B14AD576-0340-4284-A98F-B23EB41046D5}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B78EEF16-A7FE-43B7-A9FF-CEF012D3B4B5}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{BBEDC712-A074-44A7-BFA1-FEBD32B13605}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BFFB09F0-1E16-42E4-9103-0F86563632D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C005FAAD-E167-4B02-A340-F1452B613914}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C309C7BD-9665-41AB-B1B3-CE1D138CE0C2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C397729B-7DCB-42BC-93B0-1B14DE8CDC4D}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"{C6884010-416C-4328-984A-8499FD294724}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{CAE3B0DF-D79E-48EE-AA19-98040C7143FC}" = protocol=6 | dir=out | app=system |
"{CCD3C8BE-2028-4575-88B0-06230ECC6436}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{CE80EBA0-91AF-4EDE-9059-DB5BB401CDAB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D6EB4EFC-8664-4314-9005-5D64A35DAC97}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DE780AF9-84A3-4E7C-B871-73070E3DD10D}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{E0886A04-E15C-4F5C-BF6F-965572A9682E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E9185D39-9793-4408-A17C-408AFAF0BF5D}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{EC482A9F-C3DD-419E-B8CF-18810AEA0465}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{F74348A6-F59D-4AEF-82BC-02A4F581B76D}" = protocol=17 | dir=in | app=c:\program files\full tilt poker\fulltiltpoker.exe |
"{F981D1BC-CE0C-4C67-8D71-1C7146D71384}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"{FA9B32F8-D8B6-4C75-AF76-081E4989A2F6}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"TCP Query User{22D85F37-F976-4C26-A868-3F690C0E7B5E}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{256D1373-B906-4CFF-9D4A-1C9CC693EDFA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{28054DB7-3D80-4103-BBC1-C3A624713BCB}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{38F7D08D-3DFC-4EF8-9F17-06F68D2CDEDE}C:\users\nelson\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nelson\program files\dna\btdna.exe |
"TCP Query User{47B8CE5C-2A5C-4137-96E2-51DE3AF3BFDC}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{973F2B27-8F86-4370-8DC3-E51AF7C59668}C:\users\nelson\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\nelson\program files\dna\btdna.exe |
"TCP Query User{B7D3EE48-DDA5-450D-A808-90E663F06D17}C:\program files\chama digital media\internet satellite tv player demo\isattv.exe" = protocol=6 | dir=in | app=c:\program files\chama digital media\internet satellite tv player demo\isattv.exe |
"TCP Query User{B9571A95-764D-4AFB-A249-D3EBE22F670C}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{CACE0311-4F74-4535-98D7-905D88C02C48}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{D6BB1754-4613-4DFA-BE96-DA6D35636CB1}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{DC3C091F-193D-4077-8A58-6A843C90B117}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{EEC4C95B-C6B8-435B-9483-EFCB863E17CD}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{F4EF7CB7-29D4-4412-B77C-3044ADB3500B}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{FD25419F-82E8-41E4-85B6-35DBA24B1CE3}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{0D4E1D8E-386E-4DDF-B92E-D0C34EC2D5B3}C:\users\nelson\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nelson\program files\dna\btdna.exe |
"UDP Query User{21A4AFFD-C1F4-431C-AC0D-52F41A4DF902}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{39CF0F21-7B61-449C-BE3C-3853C2DEE141}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{64500B77-5D60-4DBC-9AD6-417ED6D5CC3D}C:\users\nelson\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\nelson\program files\dna\btdna.exe |
"UDP Query User{6D6FF3FF-4C40-4868-BFE6-E0C6E169E787}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{9D426E5E-38E6-434F-A849-BAD1418FF650}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{A39F57E0-3F0A-4B13-8EDA-7BB66F493DAF}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{B18847B8-6C37-4D4B-8DC1-DEE117C9D823}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{BABC072F-0F71-4FE7-854B-DECCD2DB809C}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{C0B9152F-E22E-4BD5-BAAD-2EA232A1C8E7}C:\program files\chama digital media\internet satellite tv player demo\isattv.exe" = protocol=17 | dir=in | app=c:\program files\chama digital media\internet satellite tv player demo\isattv.exe |
"UDP Query User{E0AED698-1244-40F6-8EE5-E213963D01C0}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{E5B4DA17-9AA6-4B49-A2E2-6413FB96DAA0}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{E977A112-B3FA-4347-8406-0939091BBD6D}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F8651AC9-D5B4-40FF-B8BC-F44859839A0D}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0411A7A4-23D4-47ad-B109-3CBE7E8093F1}" = HP Deskjet Printer Driver Software. 8.0.B
"{053AAD85-DDF6-4B96-BF63-634EAE444AF6}" = Simmer's Sky - Japanese Airports vol.2
"{05D4E06A-15A5-4050-A756-CB3BE6E73B03}" = Just Flight 777 Professional v1.00
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{082F8ABA-84D5-4837-9DFC-F365D91A07D4}" = HP Smart Web Printing
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{0F0D371F-C111-4279-963A-04139A5E49DB}" = ActiveSky Version 6.5 and ActiveSky Graphics
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1B7BBB22-49D8-46AE-ACBF-68574A4D6B83}" = Simmer's Sky - Japanese Airports vol.5
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{209DF55F-5E5C-48A3-BC3D-A7CB1224458C}" = HP Print Diagnostic Utility
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{2874FFC3-24DA-4BE7-B122-0573CED08A98}" = CLOUD9 Amsterdam 1.04
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BDC9DA-9320-491C-AA40-B0D98A0EBA9C}" = aerosoft's - Mega Airport Frankfurt - FS2004
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3822F6D9-F309-41f4-BB98-DA061F0BA8B3}" = SF_CDB_Software
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{41D63B3D-251E-4CE4-8002-4BF668FD9228}" = Simmer's Sky - Japanese Airports vol.3
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{46559469-7C15-49F4-BB76-21480BE1BEF4}" = Real Environment Xtreme FS2004
"{4BADC7B9-D047-4FE1-AAB9-AF321DC639EF}" = Simmer's Sky - Japanese Airports vol.1
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5094C629-274C-4631-84D7-960FEF6D13F7}" = LAGO Honolulu INTL Version 2.01
"{51D199F4-5593-4BC9-B2A5-BB1CDE0C894A}" = aerosoft's - Mega Airport Paris CDG
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5D5ADABE-6247-4EDB-B0B5-0D4693EFC7E5}" = CLOUD9 Washington 1.01
"{5DAA9C36-8F8B-462F-8CCA-E205BC3751F5}" = HP Active Support Library
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{666E0B91-3FD3-43B7-B6A2-EB9012758982}" = FSAutoStart
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7D66915F-05FF-4F59-B2D3-AA2E58506F72}" = nHancer
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8347A7A5-4AB8-433F-82AA-496B0D189A9B}" = HP User Guides 0088
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8440C171-F033-4410-B099-5BE38273A13B}" = CLOUD9 LosAngeles 1.01
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97679567-0095-464E-B5F2-E218A1CF3421}" = PMDG747_400 Queen of the Skies
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A901BF63-29AD-49A3-B067-231925E98B62}_is1" = Version 1.0
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC696733-F8C5-4EAD-B165-AC8AB8C2A755}" = TTS_Technology
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{AD33B536-FA6C-4C0C-BC30-E25ADED214DC}" = Logbook Pro for Windows
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C0A6901F-C919-47A3-A4D9-E2056314086B}" = aerosoft's - London Heathrow 2008
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C539AF6F-9DB3-458C-9274-1F3EE3291FB1}" = Abacus EZ-Libraries
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D86B6E8D-F224-4BB6-B959-C8EDC5300B5D}" = aerosoft's - Mega Airport Stockholm Arlanda
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F789C27E-B3EF-4730-9EB5-928B4D8A17C1}" = SF_CDB_ProductContext
"{F938B1CE-94B0-4219-B03E-72CF354C8877}" = TableNinja
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"763v2" = Level-D Simulations 767-300
"763v21" = Level-D Simulations 767-300 Update
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_6" = AIM 6
"Ares" = Ares 2.1.1
"AutoHotkey" = AutoHotkey 1.0.48.05
"AVG9Uninstall" = AVG Free 9.0
"Carenado Piper Cherokee 180F" = Carenado Piper Cherokee 180F
"CCleaner" = CCleaner (remove only)
"CRJ Experience" = CRJ Experience
"CRJ New Generation" = CRJ New Generation
"DivX Setup.divx.com" = DivX Setup
"ExplorerXP" = ExplorerXP (remove only)
"FEUpgrade_10" = Flight Environment - Upgrade
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"FlightZone 02: Portland" = FlightZone 02: Portland
"FSBuild 2" = FSBuild 2
"FSDreamTeam Geneva FS9_is1" = FSDreamTeam Geneva FS9 1.1
"FSDreamTeam JFK FS9_is1" = FSDreamTeam JFK FS9 1.0.2
"FSDreamTeam Ohare9_is1" = FSDreamTeam Ohare9 1.1.1
"FSDreamTeam Zurich9_is1" = FSDreamTeam Zurich9 1.3.1
"FSGenesis The Rockies 38m Terrain" = FSGenesis The Rockies 38m Terrain
"FSGenesis US National Landclass Project" = FSGenesis US National Landclass Project
"FSWater_10" = Flight Environment
"Ground Environment Professional" = Ground Environment Professional
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HoldemManager" = Holdem Manager
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"KATL Atlanta" = KATL Atlanta
"KDEN Denver" = KDEN Denver
"KDTW Detroit" = KDTW Detroit
"KEWR Newark" = KEWR Newark
"KLGA La Guardia" = KLGA La Guardia
"KMSY New Orleans" = KMSY New Orleans
"KSJC San Jose FS2004" = KSJC San Jose FS2004
"Lexmark X6100 Series" = Lexmark X6100 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mikogo" = Mikogo
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"nHancer" = nHancer
"NVIDIA Drivers" = NVIDIA Drivers
"Nvidia Omega Drivers for Windows Vistav1.169.25" = Nvidia Omega Drivers v1.169.25 Setup Files and Tools
"PIC 737 Call" = PIC 737 Call 1.0
"PokerStars" = PokerStars
"PSS - Boeing 757 Pro. v1.3" = PSS - Boeing 757 Pro. v1.3
"RAMpage" = RAMpage
"Shanghai Today 2004" = Shanghai Today 2004
"Skyhawk 172R by Flight One Software" = Skyhawk 172R by Flight One Software
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The Very Singapore" = The Very Singapore
"Ultimate Terrain - Canada & Alaska" = Ultimate Terrain - Canada & Alaska
"Ultimate Terrain - Europe" = Ultimate Terrain - Europe
"Ultimate Terrain - USA" = Ultimate Terrain - USA
"UltimateTraffic13" = Ultimate Traffic
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"737 Pilot in Command" = 737 Pilot in Command
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"E-Jets Series (FS2004)" = E-Jets Series (FS2004)
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2009 5:03:09 PM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2009 10:21:25 AM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2009 3:53:11 PM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/27/2009 6:00:56 PM | Computer Name = Nelson-PC | Source = Application Error | ID = 1000
Description = Faulting application postgres.exe, version 8.3.0.831, time stamp 0x47a2edcd,
faulting module kernel32.dll, version 6.0.6001.18000, time stamp 0x4791a7a6, exception
code 0xc0000142, fault offset 0x00009cac, process id 0xed4, application start time
0x01ca0f05b731a2c2.

Error - 7/28/2009 10:25:01 AM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2009 1:36:34 PM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/28/2009 4:55:12 PM | Computer Name = Nelson-PC | Source = Application Error | ID = 1000
Description = Faulting application FullTiltPoker.exe, version 0.0.0.0, time stamp
0x4a5e15e3, faulting module QtCore4.dll, version 4.5.2.0, time stamp 0x4a4616ff,
exception code 0xc0000005, fault offset 0x000d0c37, process id 0x1074, application
start time 0x01ca0fc55559f457.

Error - 7/29/2009 2:33:44 PM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/29/2009 2:40:53 PM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/30/2009 10:15:53 AM | Computer Name = Nelson-PC | Source = WinMgmt | ID = 10
Description =

[ Media Center Events ]
Error - 4/25/2009 6:33:25 PM | Computer Name = Nelson-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 4/25/2009 8:09:43 PM | Computer Name = Nelson-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/25/2009 8:10:37 PM | Computer Name = Nelson-PC | Source = McrMgr | ID = 109
Description =

Error - 4/25/2009 8:50:55 PM | Computer Name = Nelson-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/25/2009 8:55:08 PM | Computer Name = Nelson-PC | Source = Mcx2Svc | ID = 301
Description =

Error - 4/25/2009 9:26:54 PM | Computer Name = Nelson-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 4/25/2009 9:30:42 PM | Computer Name = Nelson-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 5/2/2010 10:35:27 PM | Computer Name = Nelson-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/31/2010 12:06:38 AM | Computer Name = Nelson-PC | Source = DCOM | ID = 10005
Description =

Error - 8/31/2010 12:07:07 AM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/31/2010 12:07:07 AM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/31/2010 12:07:07 AM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/31/2010 12:07:07 AM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/31/2010 12:08:00 AM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 8/31/2010 1:17:31 PM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 8/31/2010 1:17:31 PM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 8/31/2010 1:18:00 PM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 8/31/2010 1:34:08 PM | Computer Name = Nelson-PC | Source = Service Control Manager | ID = 7032
Description =


< End of report >

Edited by sfgiants13, 31 August 2010 - 01:29 PM.


#5 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 31 August 2010 - 12:47 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#6 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 31 August 2010 - 08:57 PM

I was unable to completely disable AVG virus scanner so I just uninstalled it before I started comboxfix. The pages were edited before to add the OTL extra, MBAM, and GMER logs in seperate replies. This post contains the OTL and comboxfix logs. Sorry about the mess it's the only way it would post it for me. huh.gif

ComboFix 10-08-31.01 - Nelson 08/31/2010 18:28:29.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2336 [GMT -7:00]
Running from: c:\users\Nelson\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\Mozilla Firefox\searchplugins\google_search.xml
c:\users\Nelson\AppData\Local\Windows Server
c:\users\Nelson\AppData\Local\Windows Server\server.dat
c:\windows\system32\KBL.LOG

Infected copy of c:\windows\system32\drivers\kbdclass.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-08-01 to 2010-09-01 )))))))))))))))))))))))))))))))
.

2010-09-01 01:48 . 2010-09-01 01:48 -------- d-----w- c:\users\Nelson\AppData\Local\temp
2010-08-23 19:12 . 2010-08-23 19:12 -------- d-----w- c:\program files\Logbook Pro
2010-08-22 04:59 . 2010-08-24 17:59 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-22 04:58 . 2010-08-22 04:58 -------- d-----w- c:\programdata\Hitman Pro
2010-08-22 04:58 . 2010-08-22 04:58 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-20 21:50 . 2010-08-20 21:50 0 ----a-w- c:\windows\nsreg.dat
2010-08-17 19:18 . 2010-08-17 20:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 19:18 . 2010-08-17 19:22 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-16 18:29 . 2010-08-16 18:29 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-16 18:29 . 2010-08-16 18:28 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-08-16 18:29 . 2010-08-16 18:27 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-16 18:28 . 2010-08-16 18:28 144696 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-16 18:28 . 2010-08-16 18:29 -------- d-----w- c:\programdata\DivX
2010-08-16 16:11 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-16 16:11 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-14 17:36 . 2010-08-14 17:36 -------- d-----w- c:\users\Nelson\AppData\Roaming\Malwarebytes
2010-08-14 17:36 . 2010-08-14 17:36 -------- d-----w- c:\programdata\Malwarebytes
2010-08-14 17:36 . 2010-08-16 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-14 17:25 . 2010-08-14 17:25 -------- d-----w- c:\program files\ExplorerXP
2010-08-14 13:27 . 2010-08-15 05:02 -------- d-----w- c:\programdata\Update
2010-08-14 08:28 . 2010-08-14 08:28 -------- d-----w- c:\users\Nelson\AppData\Roaming\Skype
2010-08-13 18:35 . 2010-08-15 05:02 -------- d-----w- c:\users\Nelson\AppData\Local\vfbgbcimf
2010-08-12 19:08 . 2010-08-12 19:20 129857 ----a-w- c:\windows\hppins21.dat
2010-08-12 19:08 . 2007-03-13 20:35 3729 ----a-w- c:\windows\hppmdl21.dat
2010-08-12 17:21 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 17:21 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-08-12 17:21 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 17:21 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 17:21 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 17:21 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 17:21 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-01 01:26 . 2009-07-23 03:40 258522 ----a-w- c:\programdata\nvModes.dat
2010-09-01 01:12 . 2008-12-11 05:10 -------- d-----w- c:\users\Nelson\AppData\Roaming\DNA
2010-09-01 01:11 . 2010-01-10 23:25 -------- d-----w- c:\programdata\avg9
2010-08-31 17:17 . 2008-12-11 05:10 -------- d-----w- c:\program files\DNA
2010-08-30 22:58 . 2009-07-23 03:31 1356 ----a-w- c:\users\Nelson\AppData\Local\d3d9caps.dat
2010-08-25 17:18 . 2010-01-27 06:18 -------- d-----w- c:\program files\TableNinja
2010-08-16 18:29 . 2010-08-16 18:29 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:29 57054 ----a-w- c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:29 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:28 -------- d-----w- c:\program files\DivX
2010-08-16 18:29 . 2010-08-16 18:29 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:29 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:29 56458 ----a-w- c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-08-16 18:29 . 2010-08-16 18:29 54174 ----a-w- c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-08-16 18:28 . 2010-08-16 18:28 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-08-16 18:28 . 2010-08-16 18:28 52963 ----a-w- c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-08-16 18:28 . 2010-08-16 18:28 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-08-16 18:28 . 2010-08-16 18:28 54073 ----a-w- c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-08-16 18:28 . 2010-08-16 18:28 56969 ----a-w- c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-08-14 21:16 . 2009-03-28 18:39 -------- d-----w- c:\users\Nelson\AppData\Roaming\BitTorrent
2010-08-13 17:38 . 2008-07-02 12:39 -------- d-----w- c:\programdata\Microsoft Help
2010-08-13 17:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-08-12 18:24 . 2008-07-02 13:23 -------- d-----w- c:\programdata\HP
2010-07-29 01:30 . 2010-07-29 01:30 -------- d-----w- c:\users\Nelson\AppData\Roaming\Unity
2010-07-19 04:04 . 2008-08-31 19:57 -------- d-----w- c:\program files\Full Tilt Poker
2010-07-18 12:48 . 2009-07-22 21:53 -------- d-----w- c:\programdata\nHancer
2010-07-17 20:10 . 2008-09-30 03:02 -------- d-----w- c:\program files\PokerStove
2010-07-17 17:31 . 2008-08-25 12:15 -------- d-----w- c:\programdata\NVIDIA
2010-07-07 18:41 . 2008-12-24 05:05 -------- d-----w- c:\program files\PokerStars
2010-07-05 01:25 . 2010-07-05 01:22 -------- d-----w- c:\program files\PokerStars.IT
2010-07-01 19:59 . 2010-07-01 19:59 13406 ----a-r- c:\users\Nelson\AppData\Roaming\Microsoft\Installer\{F938B1CE-94B0-4219-B03E-72CF354C8877}\_9BEEE0E1C5F9545734EA54.exe
2010-07-01 19:59 . 2010-07-01 19:59 13406 ----a-r- c:\users\Nelson\AppData\Roaming\Microsoft\Installer\{F938B1CE-94B0-4219-B03E-72CF354C8877}\_90323B68421A263D4E8897.exe
2010-06-28 19:22 . 2010-06-28 19:22 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-26 06:05 . 2010-08-12 17:22 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 17:22 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 17:22 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-12 17:22 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-21 13:37 . 2010-08-12 17:22 2037760 ----a-w- c:\windows\system32\win32k.sys
2010-06-11 16:16 . 2010-08-12 17:22 274944 ----a-w- c:\windows\system32\schannel.dll
2008-12-13 22:32 . 2008-12-13 22:32 61 --sh--w- c:\windows\cnerolf.dat
2008-07-02 10:37 . 2008-07-02 10:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"nHancer"="c:\program files\nHancer\nHancer.exe" [2010-05-03 1385472]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-05-05 1466368]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

c:\users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-16 15:03 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 04:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2008-11-03 19:45 2540800 ----a-w- c:\windows\System32\oodtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:ab,ab,94,94,4b,36,ca,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 B-Service;B-Service;c:\users\Nelson\AppData\Roaming\Mikogo\B-Service.exe [2009-05-28 185640]
R3 LtcyCfgWDM;PCI Latency Tool Driver Service;c:\windows\system32\DRIVERS\LtcyCfgWDM.sys [2005-12-26 6656]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-19 721904]
S2 lxbf_device;lxbf_device;c:\windows\system32\lxbfcoms.exe [2007-04-25 537520]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [2008-02-01 65536]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-24 00:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=101760&l=dis
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Nelson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071302000002.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Google
FF - user.js: browser.search.order.1 - Google
FF - user.js: keyword.URL - hxxp://search.search-go.net/?sid=10101049100&s=c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-31 18:48
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2677493072-304978894-4139860359-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,6b,4d,13,a2,42,9a,04,9d,98,d7,45,ac,4c,5c,a2,96,ba,6d,f4,10,
4a,a2,fd,ee,e0,19,d8,dd,2b,b5,90,27,1e,f0,55,df,fa,d9,49,63,61,ba,b4,61,e0,\
"rkeysecu"=hex:13,e5,51,53,ac,f2,dc,e0,be,d0,48,c9,ba,f8,ba,f2

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-08-31 18:53:48
ComboFix-quarantined-files.txt 2010-09-01 01:53

Pre-Run: 126,823,055,360 bytes free
Post-Run: 127,578,316,800 bytes free

- - End Of File - - 37E91202B72C0A15B59D37EBFF8C6A3A


OTL logfile created on: 8/31/2010 10:22:26 AM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Nelson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.49 Gb Total Space | 118.12 Gb Free Space | 53.33% Space Free | Partition Type: NTFS
Drive D: | 11.39 Gb Total Space | 1.78 Gb Free Space | 15.60% Space Free | Partition Type: NTFS
Drive E: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NELSON-PC
Current User Name: Nelson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\lxbfcoms.exe ( )
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPShared.dll ( Hewlett-Packard Development Company, L.P.)


========== Win32 Services (SafeList) ==========

SRV - (FastUserSwitchingCompatibility) -- C:\Windows\System32\FastUv32.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (B-Service) -- C:\Users\Nelson\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbf_device) -- C:\Windows\System32\lxbfcoms.exe ( )
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (mfetdik) -- C:\Windows\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (LtcyCfgWDM) -- C:\Windows\System32\drivers\LtcyCfgWDM.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/20 15:35:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 19:38:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 08:36:18 | 000,000,000 | ---D | M]

[2008/08/30 00:26:56 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Extensions
[2010/08/30 16:16:28 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions
[2009/06/27 18:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/18 17:58:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/24 12:47:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/02 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\moveplayer@movenetworks.com
[2008/12/10 22:11:34 | 000,000,682 | ---- | M] () -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\searchplugins\ask.xml
[2010/08/30 16:16:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/08/05 12:37:48 | 000,002,074 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google_search.xml

O1 HOSTS File: ([2010/08/19 09:30:34 | 000,416,646 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14382 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [nHancer] C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/02 05:28:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2003/05/26 21:45:29 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b975c337-441d-11de-b310-001e68ab536e}\Shell - "" = AutoRun
O33 - MountPoints2\{b975c337-441d-11de-b310-001e68ab536e}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\System32\FastUv32.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2010/08/31 10:12:57 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/08/30 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Desktop\CR
[2010/08/23 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Documents\My Logbook Pro Files
[2010/08/23 12:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logbook Pro
[2010/08/21 21:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/21 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/21 21:58:22 | 006,291,776 | ---- | C] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 11:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/08/16 11:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/16 11:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/16 09:11:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/16 09:11:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Malwarebytes
[2010/08/14 10:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2010/08/14 06:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 01:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Skype
[2010/08/14 00:19:24 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\Windows Server
[2010/08/13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf
[2010/08/12 10:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/12 10:22:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 10:22:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/12 10:22:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/12 10:22:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 10:22:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 10:22:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 10:22:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/12 10:22:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 10:22:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/12 10:22:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/12 10:22:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/12 10:22:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 10:22:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 10:22:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 10:22:08 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 10:22:01 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 10:21:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 10:21:48 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 10:21:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/12/23 22:03:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2009/12/23 22:03:44 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2009/12/23 22:03:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2009/12/23 22:03:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2009/12/23 22:03:43 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2009/12/23 22:03:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2009/12/23 22:03:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2009/12/23 22:03:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2009/12/23 22:03:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2009/12/23 22:03:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2009/12/23 22:03:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/31 10:33:41 | 007,602,176 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT
[2010/08/31 10:33:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/31 10:21:47 | 064,128,344 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/31 10:18:14 | 000,000,247 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/08/31 10:17:24 | 000,258,522 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/08/31 10:16:30 | 000,258,522 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/08/31 10:16:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 10:16:21 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/31 10:15:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/31 10:15:15 | 001,265,133 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/08/31 10:14:15 | 000,524,288 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/31 10:14:15 | 000,065,536 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/31 10:13:02 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/08/30 16:55:58 | 000,000,138 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/08/30 15:58:53 | 000,001,356 | ---- | M] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2010/08/30 15:42:50 | 000,293,376 | ---- | M] () -- C:\Users\Nelson\Desktop\07e6v181.exe
[2010/08/24 10:59:00 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/23 12:12:32 | 000,001,946 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:39 | 000,525,824 | ---- | M] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/22 22:00:00 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/08/21 21:58:57 | 006,291,776 | ---- | M] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/20 14:50:03 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/20 13:08:19 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/19 09:30:34 | 000,416,646 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/17 12:19:05 | 000,001,079 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | M] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 14:13:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/14 10:25:41 | 000,001,726 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:45 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/13 14:58:59 | 000,272,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 21:18:29 | 000,738,700 | ---- | M] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:20:47 | 000,129,857 | ---- | M] () -- C:\Windows\hppins21.dat
[2010/08/12 12:19:23 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/30 15:42:50 | 000,293,376 | ---- | C] () -- C:\Users\Nelson\Desktop\07e6v181.exe
[2010/08/23 12:16:12 | 000,000,138 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/23 12:12:32 | 000,001,946 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:37 | 000,525,824 | ---- | C] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/21 21:59:17 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/20 14:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/17 12:19:05 | 000,001,079 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | C] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 10:25:41 | 000,001,726 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:44 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/12 21:18:29 | 000,738,700 | ---- | C] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:19:23 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/12 12:08:28 | 000,129,857 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/08/12 12:08:19 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2010/02/08 18:44:26 | 000,000,045 | ---- | C] () -- C:\Users\Nelson\AppData\Local\machpro.dat
[2009/12/23 22:05:25 | 000,000,401 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/12/23 22:03:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2009/09/15 13:42:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 12:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/22 20:40:50 | 000,258,522 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/22 20:40:31 | 000,258,522 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/22 20:31:08 | 000,001,356 | ---- | C] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2009/06/12 13:19:50 | 000,004,987 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/19 15:08:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/16 19:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\FnF4.txt
[2008/12/13 15:36:12 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/12/12 15:21:56 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008/12/12 00:52:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2008/12/12 00:52:11 | 000,184,320 | ---- | C] () -- C:\Windows\System32\dbcmdb32.dll
[2008/12/12 00:52:11 | 000,141,824 | ---- | C] () -- C:\Windows\System32\dbcjpg32.dll
[2008/12/12 00:52:11 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2008/12/12 00:52:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dbcgeo32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/26 16:44:34 | 000,006,656 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/15 14:23:54 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.001
[2008/09/15 14:23:52 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.dat
[2008/08/31 12:51:30 | 000,001,430 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\QSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\AtStart.txt
[2008/08/25 04:59:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/02 06:23:40 | 000,046,086 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/12 11:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/12/26 01:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys
[2005/09/13 18:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005/02/24 18:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2003/07/14 16:57:20 | 000,031,744 | ---- | C] () -- C:\Windows\System32\flt1chk2.dll
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\Windows\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/29 13:11:22 | 000,000,140 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/05/29 12:32:07 | 000,125,212 | ---- | M] () -- C:\aaw7boot.log
[2008/07/02 05:28:53 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/10 23:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/10/28 15:18:04 | 001,495,040 | ---- | M] () -- C:\Fsbuild2.exe
[2009/12/13 16:52:02 | 000,001,328 | ---- | M] () -- C:\FSUIPC_reg.bin
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2008/12/12 16:15:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/13 11:12:04 | 000,001,123 | -H-- | M] () -- C:\IPH.PH
[2009/05/10 11:35:29 | 000,023,098 | ---- | M] () -- C:\List.conf
[2010/01/23 02:28:51 | 000,023,433 | ---- | M] () -- C:\M1319.log
[2008/12/13 15:11:11 | 000,000,655 | ---- | M] () -- C:\megaCITY.ini
[2008/12/13 02:19:10 | 000,000,797 | ---- | M] () -- C:\megaScenery.ini
[2008/12/12 16:15:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/31 10:15:16 | 3221,225,472 | -HS- | M] () -- C:\pagefile.sys
[2010/08/14 11:02:32 | 000,000,269 | ---- | M] () -- C:\rkill.log
[2009/01/14 14:44:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/14 14:44:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/10/26 16:01:05 | 000,000,594 | ---- | M] () -- C:\updatedatfix.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2010/07/12 11:41:04 | 000,000,000 | ---- | M] () -- C:\wizard.txt
[2010/08/14 06:27:45 | 000,000,005 | ---- | M] () -- C:\zrpt.xml

< %systemroot%\Fonts\*.com >
[2006/11/02 05:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 05:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 05:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/15 14:06:48 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 14:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 19:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 05:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2007/03/26 09:59:36 | 000,102,400 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\lxbfpp5c.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2007/12/09 17:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 19:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 17:39:22

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A
< End of report >

Edited by sfgiants13, 31 August 2010 - 09:03 PM.


#7 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 31 August 2010 - 09:34 PM

Hi there,

STEP 1 - TFC

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean
STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#8 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 02 September 2010 - 10:04 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4525

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

9/1/2010 1:33:45 PM
mbam-log-2010-09-01 (13-33-45).txt

Scan type: Quick scan
Objects scanned: 165191
Time elapsed: 10 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, September 2, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, September 01, 2010 15:43:03
Records in database: 4173897
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 456441
Threats found: 4
Infected objects found: 6
Suspicious objects found: 0
Scan duration: 06:48:11


File name / Threat / Threats count
c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe Infected: Backdoor.Win32.Poison.awex 1
c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe Infected: Backdoor.Win32.Poison.auuu 1
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe Infected: Backdoor.Win32.Poison.awex 1
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe Infected: Backdoor.Win32.Poison.auuu 1
C:\Qoobox\Quarantine\C\Program Files\Mozilla Firefox\searchplugins\google_search.xml.vir Infected: Trojan.Win32.Clicker.hd 1
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\kbdclass.sys.vir Infected: Virus.Win32.TDSS.b 1

Selected area has been scanned.


#9 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 02 September 2010 - 10:41 AM

Hi there,

Any idea what these are from? Kaspersky is picking them up as something pretty nasty.

c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#10 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 02 September 2010 - 03:19 PM

QUOTE(mpascal @ Sep 2 2010, 08:41 AM) View Post
Hi there,

Any idea what these are from? Kaspersky is picking them up as something pretty nasty.

c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
c:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
C:\Users\Nelson\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v7BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe


Holdem manager is a program that I use to track the poker hands I play on online poker sites such as Pokerstars. It's a clean program unless something managed to get into the .exe files and infect them which wouldn't surprise me. The actual folder for that program is C:\Program Files\RVG Software\Holdem Manager, which is clean according to AVG.

#11 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 02 September 2010 - 05:32 PM

Hi there,

Okay, maybe reinstall the program just to be safe.

Open up OTL and push the Quickscan button. Post the resulting log here.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#12 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 02 September 2010 - 07:08 PM

OTL logfile created on: 9/2/2010 4:12:25 PM - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Nelson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.49 Gb Total Space | 118.49 Gb Free Space | 53.50% Space Free | Partition Type: NTFS
Drive D: | 11.39 Gb Total Space | 1.78 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive E: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NELSON-PC
Current User Name: Nelson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\PokerStars\PokerStars.exe (PokerStars)
PRC - C:\Program Files\TableNinja\TableNinja.exe (ALXSoftware)
PRC - C:\Program Files\RVG Software\Holdem Manager\HoldemManager.exe (Hold'em Manager)
PRC - C:\Program Files\RVG Software\Holdem Manager\HMImport.exe (Hold'em Manager)
PRC - C:\Program Files\RVG Software\Holdem Manager\HMHud.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\lxbfcoms.exe ( )
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FastUserSwitchingCompatibility) -- C:\Windows\System32\FastUv32.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (B-Service) -- C:\Users\Nelson\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbf_device) -- C:\Windows\System32\lxbfcoms.exe ( )
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Nelson\AppData\Local\Temp\catchme.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (mfetdik) -- C:\Windows\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (LtcyCfgWDM) -- C:\Windows\System32\drivers\LtcyCfgWDM.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/02 13:27:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 19:38:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 08:36:18 | 000,000,000 | ---D | M]

[2008/08/30 00:26:56 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Extensions
[2010/09/02 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions
[2009/06/27 18:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/18 17:58:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/24 12:47:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/02 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\moveplayer@movenetworks.com
[2008/12/10 22:11:34 | 000,000,682 | ---- | M] () -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\searchplugins\ask.xml
[2010/09/02 13:34:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/08/31 18:48:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [nHancer] C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/02 05:28:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2003/05/26 21:45:29 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/02 16:11:53 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/09/02 13:30:41 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/02 13:30:37 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/02 13:30:28 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/02 13:30:25 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/02 13:30:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/09/01 13:16:08 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Nelson\Desktop\TFC.exe
[2010/09/01 10:29:50 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\HEM Data
[2010/09/01 10:24:47 | 039,074,952 | ---- | C] (Hold'em Manager, support@holdemmanager.com) -- C:\Users\Nelson\Desktop\HmUpdate.exe
[2010/08/31 18:53:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/31 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\temp
[2010/08/31 18:16:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/31 18:16:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/31 18:16:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/31 18:14:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/31 18:02:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/31 18:01:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/30 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Desktop\CR
[2010/08/23 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Documents\My Logbook Pro Files
[2010/08/23 12:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logbook Pro
[2010/08/21 21:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/21 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/21 21:58:22 | 006,291,776 | ---- | C] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 11:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/08/16 11:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/16 11:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/16 09:11:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/16 09:11:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Malwarebytes
[2010/08/14 10:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2010/08/14 06:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 01:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Skype
[2010/08/13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf
[2010/07/28 18:30:15 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Unity
[2010/07/28 18:28:47 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\Unity
[2010/07/09 17:43:37 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\In The Money
[2010/07/04 18:27:03 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Desktop\Pokerstars Mods
[2010/07/04 18:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars.IT
[2010/06/28 12:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/28 12:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/06/28 12:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/06/28 12:28:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/25 09:38:57 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/06/16 23:09:16 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\Deployment
[2010/06/16 23:09:16 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\Apps
[2010/06/12 17:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Airline Tycoon Evolution
[2009/12/23 22:03:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2009/12/23 22:03:44 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2009/12/23 22:03:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2009/12/23 22:03:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2009/12/23 22:03:43 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2009/12/23 22:03:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2009/12/23 22:03:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2009/12/23 22:03:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2009/12/23 22:03:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2009/12/23 22:03:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2009/12/23 22:03:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll

========== Files - Modified Within 90 Days ==========

[2010/09/02 16:12:44 | 007,602,176 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT
[2010/09/02 16:11:55 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/09/02 15:11:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 15:11:03 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/02 14:50:08 | 000,001,952 | ---- | M] () -- C:\Users\Nelson\Desktop\TableNinja.lnk
[2010/09/02 13:34:24 | 000,000,138 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/09/02 13:30:44 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/02 13:30:44 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/02 13:30:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/02 13:30:29 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/02 13:30:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/02 13:30:25 | 064,214,982 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/02 13:30:25 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/02 13:13:35 | 000,000,247 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/02 13:12:53 | 000,274,874 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/02 13:12:48 | 000,274,874 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/02 13:11:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/02 13:11:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/02 13:10:55 | 001,272,795 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/09/02 08:23:00 | 000,524,288 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/02 08:23:00 | 000,065,536 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/02 08:22:47 | 002,476,185 | -H-- | M] () -- C:\Users\Nelson\AppData\Local\IconCache.db
[2010/09/01 13:16:07 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Nelson\Desktop\TFC.exe
[2010/09/01 10:29:23 | 000,001,527 | ---- | M] () -- C:\Users\Public\Desktop\Stars Modded.lnk
[2010/09/01 10:25:08 | 039,074,952 | ---- | M] (Hold'em Manager, support@holdemmanager.com) -- C:\Users\Nelson\Desktop\HmUpdate.exe
[2010/09/01 10:23:06 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/31 18:48:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/31 18:48:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/30 15:58:53 | 000,001,356 | ---- | M] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2010/08/24 10:59:00 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/23 12:12:32 | 000,001,946 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:39 | 000,525,824 | ---- | M] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/21 21:58:57 | 006,291,776 | ---- | M] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/20 14:50:03 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/17 12:19:05 | 000,001,079 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | M] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 14:13:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/14 10:25:41 | 000,001,726 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:45 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/13 14:58:59 | 000,272,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 21:18:29 | 000,738,700 | ---- | M] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:20:47 | 000,129,857 | ---- | M] () -- C:\Windows\hppins21.dat
[2010/08/12 12:19:23 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/07/17 13:10:52 | 000,000,796 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStove.lnk
[2010/07/17 13:10:52 | 000,000,772 | ---- | M] () -- C:\Users\Nelson\Desktop\PokerStove.lnk
[2010/07/12 12:12:10 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/12 12:12:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/12 12:12:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/15 21:20:46 | 104,307,677 | ---- | M] () -- C:\Users\Nelson\Documents\18 year old cheerleader with wet pussy(2).mpeg
[2010/06/12 17:29:26 | 000,000,880 | ---- | M] () -- C:\Users\Nelson\Desktop\Airline Tycoon Evolution.lnk
[2010/06/11 00:44:44 | 000,524,288 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/06/05 15:51:56 | 000,017,306 | ---- | M] () -- C:\Users\Nelson\Documents\Review Soc.docx

========== Files Created - No Company Name ==========

[2010/09/02 14:50:08 | 000,001,952 | ---- | C] () -- C:\Users\Nelson\Desktop\TableNinja.lnk
[2010/09/02 13:30:44 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/02 13:30:25 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/02 13:30:24 | 064,214,982 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/31 18:16:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/31 18:16:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/31 18:16:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/31 18:16:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/31 18:16:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/23 12:16:12 | 000,000,138 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/23 12:12:32 | 000,001,946 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:37 | 000,525,824 | ---- | C] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/21 21:59:17 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/20 14:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/17 12:19:05 | 000,001,079 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | C] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 10:25:41 | 000,001,726 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:44 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/12 21:18:29 | 000,738,700 | ---- | C] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:19:23 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/12 12:08:28 | 000,129,857 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/08/12 12:08:19 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2010/06/28 12:36:29 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/06/15 13:55:26 | 104,307,677 | ---- | C] () -- C:\Users\Nelson\Documents\xxx.mpeg
[2010/06/12 17:29:26 | 000,000,880 | ---- | C] () -- C:\Users\Nelson\Desktop\Airline Tycoon Evolution.lnk
[2010/02/08 18:44:26 | 000,000,045 | ---- | C] () -- C:\Users\Nelson\AppData\Local\machpro.dat
[2009/12/23 22:05:25 | 000,000,401 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/12/23 22:03:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2009/09/15 13:42:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 12:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/22 20:40:50 | 000,274,874 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/22 20:40:31 | 000,274,874 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/22 20:31:08 | 000,001,356 | ---- | C] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2009/06/12 13:19:50 | 000,004,987 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/19 15:08:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/16 19:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\FnF4.txt
[2008/12/13 15:36:12 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/12/12 00:52:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2008/12/12 00:52:11 | 000,184,320 | ---- | C] () -- C:\Windows\System32\dbcmdb32.dll
[2008/12/12 00:52:11 | 000,141,824 | ---- | C] () -- C:\Windows\System32\dbcjpg32.dll
[2008/12/12 00:52:11 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2008/12/12 00:52:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dbcgeo32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/26 16:44:34 | 000,006,656 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/15 14:23:54 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.001
[2008/09/15 14:23:52 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.dat
[2008/08/31 12:51:30 | 000,001,430 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\QSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\AtStart.txt
[2008/08/25 04:59:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/02 06:23:40 | 000,046,086 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/12 11:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/12/26 01:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys
[2005/09/13 18:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005/02/24 18:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2003/07/14 16:57:20 | 000,031,744 | ---- | C] () -- C:\Windows\System32\flt1chk2.dll
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\Windows\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== LOP Check ==========

[2008/11/05 17:16:18 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\acccore
[2010/08/14 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\BitTorrent
[2009/05/18 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\DAEMON Tools Pro
[2010/09/02 16:13:41 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\DNA
[2009/05/10 12:10:05 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\FlashGet
[2009/04/01 14:15:29 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\FSAutoStart
[2010/09/01 10:29:50 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\HEM Data
[2009/02/19 15:06:12 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\IObit
[2009/09/22 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mikogo
[2009/07/22 20:23:01 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\nHancer
[2009/05/18 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Red Alert 3
[2009/06/27 18:14:57 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\SystemRequirementsLab
[2010/07/28 18:30:15 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Unity
[2010/09/02 08:22:55 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A
< End of report >

Edited by mpascal, 03 September 2010 - 03:33 PM.
censored inappropriate file name


#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 03 September 2010 - 03:34 PM

Hi there,

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    [2010/08/13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf
    @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
Once you have done this, just one final scan to make sure everything is up to date on your system.

Download Security Check from here or here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 sfgiants13

sfgiants13
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:27 PM

Posted 05 September 2010 - 01:22 PM

Not sure if you wanted to OTL log so I'll post that too at the bottom.

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
Error creating install.txt after 3 tries! Trying alternate method...
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG Free 9.0
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java™ 6 Update 15
Java™ 6 Update 2
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 8.1.6
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

OTL logfile created on: 9/5/2010 11:00:05 AM - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\Nelson\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 51.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): c:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.49 Gb Total Space | 118.30 Gb Free Space | 53.41% Space Free | Partition Type: NTFS
Drive D: | 11.39 Gb Total Space | 1.78 Gb Free Space | 15.64% Space Free | Partition Type: NTFS
Drive E: | 629.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NELSON-PC
Current User Name: Nelson
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Windows\System32\lxbfcoms.exe ( )
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Nelson\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPShared.dll ( Hewlett-Packard Development Company, L.P.)


========== Win32 Services (SafeList) ==========

SRV - (FastUserSwitchingCompatibility) -- C:\Windows\System32\FastUv32.dll File not found
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (B-Service) -- C:\Users\Nelson\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (pgsql-8.3) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxbf_device) -- C:\Windows\System32\lxbfcoms.exe ( )
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)
SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV - (SymIMMP) -- C:\Windows\System32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\Nelson\AppData\Local\Temp\catchme.sys File not found
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel® -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (UMPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (mfetdik) -- C:\Windows\system32\drivers\mfetdik.sys (McAfee, Inc.)
DRV - (MfeRKDK) -- C:\Windows\System32\drivers\MfeRKDK.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (MfeBOPK) -- C:\Windows\System32\drivers\MfeBOPK.sys (McAfee, Inc.)
DRV - (MfeAVFK) -- C:\Windows\System32\drivers\MfeAVFK.sys (McAfee, Inc.)
DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NETw4v32) Intel® -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (LtcyCfgWDM) -- C:\Windows\System32\drivers\LtcyCfgWDM.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=101760&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071302000002
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - user.js..browser.search.selectedEngine: "Google"
FF - user.js..browser.search.order.1: "Google"
FF - user.js..keyword.URL: "http://search.search-go.net/?sid=10101049100&s="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/09/02 13:27:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/04 19:38:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 08:36:18 | 000,000,000 | ---D | M]

[2008/08/30 00:26:56 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Extensions
[2010/09/04 18:57:31 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions
[2009/06/27 18:56:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/09/18 17:58:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/05/24 12:47:11 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/02 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\extensions\moveplayer@movenetworks.com
[2008/12/10 22:11:34 | 000,000,682 | ---- | M] () -- C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Profiles\ygxhoiam.default\searchplugins\ask.xml
[2010/09/04 18:57:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2010/08/31 18:48:26 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (HP Print Clips) - {FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7} - c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [nHancer] C:\Program Files\nHancer\nHancer.exe (KSE - Korndörfer Software Engineering)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\5.0_( File not found
O4 - Startup: C:\Users\Nelson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: HP Smart Select - {58ECB495-38F0-49cb-A538-10282ABF65E7} - c:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Nelson\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/02 05:28:53 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 08:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2003/05/26 21:45:29 | 000,000,042 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/09/05 10:57:50 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/09/02 13:30:41 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/02 13:30:37 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/02 13:30:28 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/02 13:30:25 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/02 13:30:24 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/09/01 10:29:50 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\HEM Data
[2010/09/01 10:24:47 | 039,074,952 | ---- | C] (Hold'em Manager, support@holdemmanager.com) -- C:\Users\Nelson\Desktop\HmUpdate.exe
[2010/08/31 18:53:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/08/31 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\temp
[2010/08/31 18:16:12 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/08/31 18:16:12 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/08/31 18:16:12 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/08/31 18:14:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/08/31 18:02:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/08/31 18:01:25 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/08/30 16:04:58 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Desktop\CR
[2010/08/23 12:13:44 | 000,000,000 | ---D | C] -- C:\Users\Nelson\Documents\My Logbook Pro Files
[2010/08/23 12:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\Logbook Pro
[2010/08/21 21:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2010/08/21 21:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/08/21 21:58:22 | 006,291,776 | ---- | C] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/08/17 12:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 11:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/08/16 11:28:16 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/16 11:28:01 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/08/16 09:11:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/16 09:11:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/14 10:36:53 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Malwarebytes
[2010/08/14 10:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/14 10:36:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/14 10:25:40 | 000,000,000 | ---D | C] -- C:\Program Files\ExplorerXP
[2010/08/14 06:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/08/14 01:28:02 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Roaming\Skype
[2010/08/13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf
[2010/08/12 10:22:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/08/12 10:22:11 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/08/12 10:22:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/08/12 10:22:10 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/08/12 10:22:10 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/08/12 10:22:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/12 10:22:10 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/08/12 10:22:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/08/12 10:22:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/08/12 10:22:09 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/08/12 10:22:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/08/12 10:22:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/08/12 10:22:09 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/08/12 10:22:09 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/08/12 10:22:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/08/12 10:22:08 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/12 10:22:01 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/12 10:21:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/12 10:21:48 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/12 10:21:47 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2009/12/23 22:03:44 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbfserv.dll
[2009/12/23 22:03:44 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbfusb1.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbfinpa.dll
[2009/12/23 22:03:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbfiesc.dll
[2009/12/23 22:03:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBFhcp.dll
[2009/12/23 22:03:43 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbfhbn3.dll
[2009/12/23 22:03:43 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbfpmui.dll
[2009/12/23 22:03:43 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbflmpm.dll
[2009/12/23 22:03:43 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbfprox.dll
[2009/12/23 22:03:43 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbfpplc.dll
[2009/12/23 22:03:42 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomc.dll
[2009/12/23 22:03:42 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbfcomm.dll

========== Files - Modified Within 30 Days ==========

[2010/09/05 11:02:09 | 007,602,176 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT
[2010/09/05 10:59:11 | 064,339,327 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/09/05 10:57:52 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Nelson\Desktop\OTL.exe
[2010/09/05 10:54:38 | 000,000,247 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/09/05 10:53:38 | 000,274,874 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/05 10:53:21 | 000,274,874 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/05 10:52:31 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 10:52:31 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/05 10:52:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/05 10:52:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/05 10:52:16 | 001,276,626 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010/09/04 23:00:17 | 000,524,288 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/09/04 23:00:17 | 000,065,536 | -HS- | M] () -- C:\Users\Nelson\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/09/04 22:59:27 | 002,479,671 | -H-- | M] () -- C:\Users\Nelson\AppData\Local\IconCache.db
[2010/09/04 09:56:11 | 000,627,290 | ---- | M] () -- C:\Users\Nelson\Desktop\concierge.jpg
[2010/09/03 18:37:49 | 000,009,075 | ---- | M] () -- C:\Users\Nelson\Desktop\118101608BEAZL.html
[2010/09/02 13:34:24 | 000,000,138 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/09/02 13:30:44 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/09/02 13:30:44 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/02 13:30:41 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/09/02 13:30:29 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/09/02 13:30:28 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/09/02 13:30:25 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/01 10:29:23 | 000,001,527 | ---- | M] () -- C:\Users\Public\Desktop\Stars Modded.lnk
[2010/09/01 10:25:08 | 039,074,952 | ---- | M] (Hold'em Manager, support@holdemmanager.com) -- C:\Users\Nelson\Desktop\HmUpdate.exe
[2010/09/01 10:23:06 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/08/31 18:48:35 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/08/31 18:48:26 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/08/30 15:58:53 | 000,001,356 | ---- | M] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2010/08/24 10:59:00 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/23 12:12:32 | 000,001,946 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:39 | 000,525,824 | ---- | M] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/21 21:58:57 | 006,291,776 | ---- | M] (SurfRight B.V.) -- C:\Users\Nelson\Desktop\HitmanPro35.exe
[2010/08/20 14:50:03 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/08/17 12:19:05 | 000,001,079 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | M] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/15 14:13:53 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/08/14 10:25:41 | 000,001,726 | ---- | M] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:45 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/08/13 14:58:59 | 000,272,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/12 21:18:29 | 000,738,700 | ---- | M] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:20:47 | 000,129,857 | ---- | M] () -- C:\Windows\hppins21.dat
[2010/08/12 12:19:23 | 000,001,972 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

========== Files Created - No Company Name ==========

[2010/09/04 09:56:08 | 000,627,290 | ---- | C] () -- C:\Users\Nelson\Desktop\concierge.jpg
[2010/09/03 18:37:55 | 000,009,075 | ---- | C] () -- C:\Users\Nelson\Desktop\118101608BEAZL.html
[2010/09/02 13:30:44 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/09/02 13:30:25 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/09/02 13:30:24 | 064,339,327 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/08/31 18:16:12 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/08/31 18:16:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/08/31 18:16:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/08/31 18:16:12 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/08/31 18:16:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/08/23 12:16:12 | 000,000,138 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/23 12:12:32 | 000,001,946 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Logbook Pro.lnk
[2010/08/23 12:12:32 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Logbook Pro.lnk
[2010/08/23 10:53:37 | 000,525,824 | ---- | C] () -- C:\Users\Nelson\Desktop\dds.scr
[2010/08/21 21:59:17 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/08/20 14:50:03 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/08/17 12:19:05 | 000,001,079 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/08/17 12:19:05 | 000,001,055 | ---- | C] () -- C:\Users\Nelson\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 09:11:35 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/14 10:25:41 | 000,001,726 | ---- | C] () -- C:\Users\Nelson\Application Data\Microsoft\Internet Explorer\Quick Launch\ExplorerXP.lnk
[2010/08/14 06:27:44 | 000,000,005 | ---- | C] () -- C:\zrpt.xml
[2010/08/12 21:18:29 | 000,738,700 | ---- | C] () -- C:\Users\Nelson\Documents\hcde231_poster_final.pdf
[2010/08/12 12:19:23 | 000,001,972 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/08/12 12:08:28 | 000,129,857 | ---- | C] () -- C:\Windows\hppins21.dat
[2010/08/12 12:08:19 | 000,003,729 | ---- | C] () -- C:\Windows\hppmdl21.dat
[2010/02/08 18:44:26 | 000,000,045 | ---- | C] () -- C:\Users\Nelson\AppData\Local\machpro.dat
[2009/12/23 22:05:25 | 000,000,401 | ---- | C] () -- C:\Windows\lexstat.ini
[2009/12/23 22:03:45 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBFinst.dll
[2009/12/23 22:03:44 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbfutil.dll
[2009/09/15 13:42:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/05 12:54:41 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/22 20:40:50 | 000,274,874 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/07/22 20:40:31 | 000,274,874 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/07/22 20:31:08 | 000,001,356 | ---- | C] () -- C:\Users\Nelson\AppData\Local\d3d9caps.dat
[2009/06/12 13:19:50 | 000,004,987 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda
[2009/03/05 06:54:58 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/02/19 15:08:23 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/16 19:39:23 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\FnF4.txt
[2008/12/13 15:36:12 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2008/12/12 00:52:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\DBCDBF32.DLL
[2008/12/12 00:52:11 | 000,184,320 | ---- | C] () -- C:\Windows\System32\dbcmdb32.dll
[2008/12/12 00:52:11 | 000,141,824 | ---- | C] () -- C:\Windows\System32\dbcjpg32.dll
[2008/12/12 00:52:11 | 000,135,168 | ---- | C] () -- C:\Windows\System32\DBCMEM32.DLL
[2008/12/12 00:52:11 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dbcgeo32.dll
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/09/26 16:44:34 | 000,006,656 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/15 14:23:54 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.001
[2008/09/15 14:23:52 | 000,089,214 | ---- | C] () -- C:\Users\Nelson\AppData\Roaming\nvModes.dat
[2008/08/31 12:51:30 | 000,001,430 | ---- | C] () -- C:\Windows\PartyGrabber.ini
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\QSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\DSwitch.txt
[2008/08/29 23:53:52 | 000,000,000 | ---- | C] () -- C:\Users\Nelson\AppData\Local\AtStart.txt
[2008/08/25 04:59:03 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/02 06:23:40 | 000,046,086 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/02/22 19:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxbfcoin.dll
[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 02:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/12 11:24:36 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbfvs.dll
[2005/12/26 01:24:00 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\LtcyCfgWDM.sys
[2005/09/13 18:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxbfcnv4.dll
[2005/02/24 18:59:49 | 000,318,014 | ---- | C] () -- C:\Windows\System32\flt1chk4.dll
[2003/07/14 16:57:20 | 000,031,744 | ---- | C] () -- C:\Windows\System32\flt1chk2.dll
[2002/12/19 12:04:56 | 003,050,298 | ---- | C] () -- C:\Windows\System32\PDFREPORT_XP.dll
[2002/03/13 16:46:46 | 000,053,248 | ---- | C] () -- C:\Windows\System32\zlib.dll

========== Custom Scans ==========


< :OTL >

< [2010/08/13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf >
Invalid Switch: 13 11:35:27 | 000,000,000 | ---D | C] -- C:\Users\Nelson\AppData\Local\vfbgbcimf

< @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A >

< >

< :Commands >

< [purity] >

< [emptytemp] >

< [Reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:8CEFE51A

< End of report >



#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:27 AM

Posted 05 September 2010 - 03:55 PM

Hi there,

You need to update your Adobe Reader. You can do so at the Adobe Website.

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-s.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users