Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.Cycbot / "C:\WINDOWS\system32\0068.DLL is not a valid Windows image"


  • This topic is locked This topic is locked
11 replies to this topic

#1 wolf_unknown

wolf_unknown

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 21 November 2010 - 10:15 PM

Symantec Antivirus consistently finds "Backdoor.Cycbot" on its startup scan, but it can't remove it. When I try, one of a few things may happen. Either 1) Symantec freezes, 2) it says it has successfully gotten rid of the threat, but then will find it again the next time I run a scan, or 3) it will tell me I need to reboot my computer to get rid of the threat, then upon restart will run its automatic scan and find it again, repeat ad nauseum.

Ad-Aware finds nothing. Edit: I've run Ad-Aware a couple more times, and now it's coming up with stuff. The first time it was just cookies, the second time a Trojan, and the latest came up with 2 Trojan.Win32.Generic!BT flags and one unknown registry issue. Each time it says it's successful in dealing with the threats it's found, but clearly they keep coming back from somewhere.

Malwarebyte's Anti-Malware won't run right. When I try, it finds anywhere between 4 and 17 risks before it freezes, giving me the standard "this program has encountered a problem and needs to close" message. It never finishes a scan; it crashes before then.

The symptoms:

Every time I start up my computer, I get a window saying, "C:\WINDOWS\system32\0068.DLL is not a valid Windows image." Whether I click "OK" or cancel out of it, the same window will show up about twenty times, each time with a different title ("Firefox.exe", "shell.exe", "TFncKY.exe", etc.), before stopping.

Both Firefox and IE, upon startup, get set to a manual proxy that won't allow me online. Setting it back to auto-detect or no proxy lets me get back online, but it switches back to manual every time I start it.

Google links frequently won't take me to the link I'm supposed to go to, but rather direct me to an ad-infested site or a site that Firefox blocks as dangerous.

I'm on Windows XP.

I need all the help I can get. Thanks in advance!

Edited by wolf_unknown, 22 November 2010 - 07:08 PM.


BC AdBot (Login to Remove)

 


#2 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 22 November 2010 - 10:31 PM

24-hour bump.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 23 November 2010 - 12:26 AM

Hello, sorry we took so long, we are very bust here. This is a tough malware. Let's run this ..It WILL take long/

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 23 November 2010 - 06:45 PM

Thanks for taking the time to help me, I really appreciate it. My Dr. Web log:


0068.DLL;C:\WINDOWS\system32;Trojan.PWS.Spy.9905;Incurable.Moved.;
cfg.exe;C:\WINDOWS\system32;Trojan.Siggen2.8731;Incurable.Moved.;
wexe.exe;C:\WINDOWS\system32;Trojan.Siggen2.8764;Incurable.Moved.;
a.exe;C:\DOCUME~1\PAICH~1\LOCALS~1\Temp;Trojan.Siggen2.8731;Incurable.Moved.;
dwmu.exe;C:\DOCUME~1\PAICH~1\LOCALS~1\Temp;Trojan.Fakealert.19553;Deleted.;
4DF58BD1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05D40001;Trojan.Siggen2.8516;Incurable.Moved.;
4EEF405C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06080000;Trojan.FakeAV.515;Incurable.Moved.;
4EE58763.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06C40000;Trojan.DownLoader1.36949;Incurable.Moved.;
4FFEBEFF.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B9C0000;Trojan.DownLoader1.37175;Incurable.Moved.;
4FF59710.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F300000;Trojan.Siggen2.8516;Incurable.Moved.;
03CD4B5B.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
19915641.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
2E2B1AC0.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
3A3A7E5E.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
50232BF0.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
50F93003.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
55270861.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
710710AB.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
77903BB0.exe;C:\Program Files\Norton AntiVirus\Quarantine;Adware.Websearch;Incurable.Moved.;
A0197575.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP845;Trojan.Siggen2.8570;Incurable.Moved.;
A0197576.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP845;Trojan.Siggen2.8811;Incurable.Moved.;
A0197697.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8763;Incurable.Moved.;
A0197715.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.DownLoader1.37767;Incurable.Moved.;
A0197716.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8749;Incurable.Moved.;
A0198715.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8750;Incurable.Moved.;
A0198716.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.DownLoader1.37781;Incurable.Moved.;
A0198738.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8782;Incurable.Moved.;
A0198739.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8785;Incurable.Moved.;
A0198745.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.PWS.Spy.9905;Incurable.Moved.;
A0198754.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP846;Trojan.Siggen2.8764;Incurable.Moved.;
A0199791.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.Siggen2.8764;Incurable.Moved.;
A0199792.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.PWS.iThink.3;Deleted.;
A0199795.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.Siggen2.9060;Incurable.Moved.;
A0199796.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.DownLoader1.38318;Incurable.Moved.;
A0199802.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.PWS.Spy.9905;Incurable.Moved.;
A0199805.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.PWS.Spy.9905;Incurable.Moved.;
A0199806.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.PWS.iThink.3;Deleted.;
A0199809.dll;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Adware.Minibug;Incurable.Moved.;
A0199813.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.Siggen2.9251;Incurable.Moved.;
A0199814.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.PWS.Spy.9905;Incurable.Moved.;
A0199948.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;Trojan.DownLoader1.38642;Incurable.Moved.;
A0199949.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP847;BackDoor.Gbot.7;Deleted.;
A0199972.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;Trojan.Siggen2.9331;Incurable.Moved.;
A0199973.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;BackDoor.Gbot.7;Deleted.;
A0199992.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;Trojan.Siggen2.8764;Incurable.Moved.;
A0200017.DLL;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;Trojan.PWS.Spy.9905;Incurable.Moved.;
A0200021.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;Trojan.Siggen2.8731;Incurable.Moved.;
A0200022.exe;C:\System Volume Information\_restore{916D0DCA-2339-483A-B833-5F27C0AB6D6C}\RP848;Trojan.Siggen2.8764;Incurable.Moved.;

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 23 November 2010 - 09:30 PM

Ok, that was good,we have a couple steps left. Running better now?

Let's run MBAM now,,,Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal/regular mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.


Next a Safe Mode scan, run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.

BTW you are welcome!!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 24 November 2010 - 01:05 AM

My computer is working better -- a bit slow on startup, but no more windows saying "0068.DLL is not a valid Windows image," and my Google search links aren't redirecting anymore. That said, Symantec autoscan is still coming up with Backdoor.Cycbot, and Firefox is still set to manual proxy on startup.

I still can't get MBAM to run. I can open it and start a scan, but it freezes and closes down on me a couple of minutes in, with the message, "Malwarebytes' Anti-Malware has encountered a problem and needs to close. We are sorry for the inconvenience. If you were in the middle of something, the information you were working on might be lost. Please tell Microsoft about this problem. We have created an error report that you can send to us." I've uninstalled it, changed the file name and extension, and reinstalled it, but no luck. Any tips, or should I just proceed to the next step?

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 24 November 2010 - 10:53 AM

Ok, glad to hear that. Let's play it safe and a deeper look so we can remove this. Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 24 November 2010 - 08:54 PM

More difficulties...

I can't get a DDS log. I downloaded it just fine, but when I run it, my computer freezes after a minute or two, before the logs pop up.

What next? Gmer works just fine; should I post the log from that? Thanks for your help.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 24 November 2010 - 09:41 PM

Use OTL and GMER

  • 1. Please download OTL from one of the following mirrors:
  • This is THE Mirror
    2. Save it to your desktop.
    3. Double click on the Posted Image icon on your desktop.
    4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

    5. Push the Quick Scan button.
    6. Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 wolf_unknown

wolf_unknown
  • Topic Starter

  • Members
  • 68 posts
  • OFFLINE
  •  
  • Local time:01:18 PM

Posted 24 November 2010 - 11:52 PM

Thanks. The Gmer log:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-11-24 17:27:25
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHT2060AT rev.0022
Running: gmer.exe; Driver: C:\DOCUME~1\PAICH~1\LOCALS~1\Temp\fglcipog.sys


---- System - GMER 1.0.15 ----

SSDT 82F723B8 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF862587E]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF34D6350]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF34D6580]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF79C023F]

---- User code sections - GMER 1.0.15 ----

? C:\Documents and Settings\Paich\Application Data\Microsoft\svchost.exe[828] number of sections mismatch; time/date stamp mismatch; unknown module: OLEAUT32.dll
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2904] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10405CF5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3900] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Udfs.SYS (UDF File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device B69C7D20

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00037a209280
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xA6 0x26 0xDD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0xA9 0xC9 0x0F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xFF 0x79 0xFE ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00037a209280 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 E:\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD1 0xA6 0x26 0xDD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x8D 0xA9 0xC9 0x0F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xFF 0x79 0xFE ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FriendlyName Indeo? video 5.10 Compression Filter
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@CLSID {1F73E9B1-8C3A-11D0-A3BE-00A0C9244436}
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@FilterData 0x02 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{33D9A760-90C8-11d0-BD43-00A0C911CE86}\Instance\Indeo@EncoderType 1

---- EOF - GMER 1.0.15 ----






OTL.txt:


OTL logfile created on: 11/24/2010 8:10:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Paich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 84.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.93 Gb Total Space | 32.05 Gb Free Space | 60.54% Space Free | Partition Type: NTFS

Computer Name: PAICH | User Name: Paich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/24 20:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paich\Desktop\OTL.exe
PRC - [2010/11/24 19:57:11 | 000,928,496 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/11/24 19:57:07 | 001,375,992 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/11/24 19:33:36 | 000,132,096 | ---- | M] () -- C:\Documents and Settings\Paich\Local Settings\Temp\dwm.exe
PRC - [2010/11/23 19:41:53 | 000,135,680 | ---- | M] () -- C:\Documents and Settings\Paich\Application Data\Microsoft\Windows\shell.exe
PRC - [2010/11/23 19:41:35 | 000,127,488 | ---- | M] () -- C:\Documents and Settings\Paich\Application Data\Microsoft\svchost.exe
PRC - [2010/11/21 17:05:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/14 18:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/03/12 22:53:04 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 16:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/01/17 13:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2005/10/16 12:10:16 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2005/01/14 21:26:08 | 000,253,952 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TMEPROP.exe
PRC - [2005/01/14 16:45:42 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe
PRC - [2004/12/14 19:12:04 | 000,034,816 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
PRC - [2004/11/12 21:54:56 | 000,929,792 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2004/11/12 17:57:12 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
PRC - [2004/11/11 14:04:20 | 000,114,688 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\DockMsgFrom.exe
PRC - [2004/11/11 07:30:56 | 000,544,768 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
PRC - [2004/11/10 11:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2004/11/04 02:44:06 | 000,073,728 | ---- | M] (IEC) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe
PRC - [2004/10/25 15:23:10 | 000,114,688 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
PRC - [2004/10/15 10:31:32 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
PRC - [2004/10/15 10:30:52 | 000,098,304 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
PRC - [2004/10/15 10:27:56 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/10/15 10:27:38 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/10/15 10:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/10/15 10:23:12 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/10/15 10:22:14 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/10/15 10:21:38 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/10/14 15:28:02 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/09/15 15:03:08 | 000,135,168 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2004/09/07 14:03:20 | 001,077,301 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
PRC - [2004/07/27 13:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
PRC - [2004/07/15 10:56:56 | 000,581,632 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KEM.exe
PRC - [2004/06/08 11:31:38 | 000,029,696 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
PRC - [2004/05/13 13:46:02 | 000,053,248 | ---- | M] () -- c:\Toshiba\IVP\swupdate\swupdtmr.exe
PRC - [2003/09/05 17:16:30 | 000,184,320 | ---- | M] (Agere Systems) -- C:\Program Files\ltmoh\ltmoh.exe
PRC - [2003/09/05 03:24:46 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
PRC - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 11:38:12 | 000,155,648 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (SafeList) ==========

MOD - [2010/11/24 20:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paich\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2004/10/14 15:27:48 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2004/08/03 19:03:50 | 000,061,440 | ---- | M] () -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TMEEJDLL.dll
MOD - [2004/07/15 10:54:24 | 000,086,016 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/24 19:57:07 | 001,375,992 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 16:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/12/14 19:12:04 | 000,034,816 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2004/11/10 11:14:08 | 000,036,864 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004/11/04 02:44:06 | 000,073,728 | ---- | M] (IEC) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA Applet\tme3srv.exe -- (TME3SRV)
SRV - [2004/10/15 10:30:52 | 000,098,304 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe -- (OwnershipProtocol)
SRV - [2004/10/15 10:24:48 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/10/15 10:22:14 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/10/15 10:21:38 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2004/05/13 13:46:02 | 000,053,248 | ---- | M] () [Auto | Running] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/05/23 13:38:26 | 000,106,496 | ---- | M] (Matsubleepa Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20061113.031\symidsco.sys -- (SYMIDSCO)
DRV - [2010/11/21 18:00:12 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/10/18 00:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101117.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 00:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101117.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/10/06 17:03:35 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/22 23:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/09/16 12:48:40 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/09/16 12:48:40 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/11 04:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2007/09/04 15:22:11 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2007/02/12 16:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 16:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/12 16:22:30 | 000,031,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/02/12 16:22:26 | 000,028,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2007/02/12 16:22:20 | 000,110,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/02/12 16:22:16 | 000,012,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2007/01/10 15:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2004/12/07 06:06:42 | 000,874,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/11/26 13:04:38 | 000,029,056 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2004/11/26 07:29:00 | 000,224,000 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2004/10/29 18:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/10/28 14:37:50 | 001,270,572 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/10/15 10:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/10/14 15:14:04 | 000,185,728 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/09/13 13:40:56 | 000,146,304 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/08/17 03:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/12 07:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 04:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/03 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/03 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/03 01:05:00 | 000,086,138 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/03 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/03 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/03 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/03 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/03 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/03 01:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/07/26 14:28:02 | 000,004,352 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/07/14 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/06/16 11:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2004/06/08 11:36:28 | 000,013,105 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004/06/08 11:36:20 | 000,014,975 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbKbd.sys -- (LUsbKbd)
DRV - [2004/06/08 11:35:26 | 000,038,081 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004/06/08 11:35:08 | 000,071,533 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2004/06/08 11:34:48 | 000,024,637 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2004/05/17 15:18:24 | 000,008,573 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2004/01/30 10:32:32 | 000,090,480 | ---- | M] (Matsubleepa Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/10/22 20:15:02 | 000,067,024 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2003/10/22 20:15:02 | 000,024,698 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2003/06/11 08:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/01/29 14:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wikipedia.org/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.dartmouth.edu/"
FF - prefs.js..keyword.URL: "http://search.myway.com/search/cfg_redir2.jhtml?action=config&id=XB&ptnrs=XB&st=DNS&url=AJmain.jhtml&searchfor="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50370
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/21 17:07:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/21 17:07:18 | 000,000,000 | ---D | M]

[2009/02/19 17:47:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\Mozilla\Extensions
[2010/11/24 17:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\Mozilla\Firefox\Profiles\ev7k5pq5.default\extensions
[2010/10/11 06:15:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paich\Application Data\Mozilla\Firefox\Profiles\ev7k5pq5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/02/19 17:47:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/09/23 21:17:25 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CFSServ.exe] File not found
O4 - HKLM..\Run: [DockMsgFrom] C:\Program Files\TOSHIBA\TOSHIBA Applet\DockMsgFrom.exe (TOSHIBA)
O4 - HKLM..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe (Intel Corporation)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pinger] C:\TOSHIBA\IVP\ISM\pinger.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [svchost] C:\Documents and Settings\Paich\Application Data\Microsoft\svchost.exe ()
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TFncKy] File not found
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TMEPROP] C:\Program Files\Toshiba\Toshiba Applet\TMEPROP.exe (TOSHIBA)
O4 - HKLM..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsubleepa Electric Industrial Co., Ltd.)
F3 - HKCU WinNT: Load - (C:\DOCUME~1\PAICH~1\LOCALS~1\Temp\dwm.exe) - C:\Documents and Settings\Paich\Local Settings\Temp\dwm.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} https://www-secure.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132789385183 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Documents and Settings\Paich\Application Data\Microsoft\Windows\shell.exe) - C:\Documents and Settings\Paich\Application Data\Microsoft\Windows\shell.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Paich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56871500212338688)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 20:09:55 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paich\Desktop\OTL.exe
[2010/11/24 15:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\Desktop\gmer
[2010/11/23 20:00:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/23 19:59:49 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/23 19:59:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/23 19:36:03 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\bites.exe
[2010/11/23 00:15:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\DoctorWeb
[2010/11/21 18:00:24 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/21 17:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\My Documents\Downloads
[2010/11/21 12:15:39 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/11/21 12:15:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/11/21 12:14:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\Application Data\Malwarebytes
[2010/11/21 12:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/11/21 12:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\Local Settings\Application Data\Sunbelt Software
[2010/11/21 12:10:39 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010/11/21 12:08:21 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/11/21 12:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/11/21 11:39:21 | 133,432,520 | ---- | C] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/11/17 11:02:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/11/10 11:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\My Documents\tests
[2010/11/07 18:08:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paich\My Documents\My Received Files
[2010/11/07 15:35:15 | 006,757,608 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.12.exe.part
[2010/10/19 16:58:51 | 038,808,920 | ---- | C] (Microsoft Corporation) -- C:\Program Files\FileFormatConverters.exe
[2010/10/04 09:38:01 | 023,510,720 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dotnetfx.exe
[2007/06/18 17:00:26 | 006,010,424 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 2.0.0.4.exe
[2006/12/15 00:21:06 | 002,788,816 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2004/12/30 19:49:41 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 20:12:57 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\Microsoft Office Word 2003.lnk
[2010/11/24 20:10:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/11/24 20:09:58 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paich\Desktop\OTL.exe
[2010/11/24 19:59:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/24 19:43:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/11/24 19:41:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/24 15:48:01 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\gmer.zip
[2010/11/24 09:43:49 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\dds.scr
[2010/11/24 09:18:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/11/24 09:14:37 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Paich\defogger_reenable
[2010/11/24 09:13:27 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\Defogger.exe
[2010/11/24 08:41:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/11/24 08:41:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/11/23 19:36:04 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Program Files\bites.exe
[2010/11/23 15:23:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/11/23 15:23:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/11/23 15:19:26 | 000,005,951 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\DrWeb.csv
[2010/11/22 22:10:51 | 052,394,608 | ---- | M] () -- C:\Documents and Settings\Paich\Desktop\wqpbuc49.exe
[2010/11/22 16:18:24 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010/11/22 13:58:28 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/11/22 13:58:28 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/11/21 18:00:16 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/11/21 17:26:46 | 001,402,880 | ---- | M] () -- C:\Program Files\HiJackThis.msi
[2010/11/21 16:55:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/21 12:23:13 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/11/21 12:10:35 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\Paich\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/21 12:10:35 | 000,000,875 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/21 11:49:46 | 133,432,520 | ---- | M] (Lavasoft ) -- C:\Program Files\Ad-AwareInstall.exe
[2010/11/19 08:18:46 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/11/19 07:22:25 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/11/18 06:49:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/11/17 08:21:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/11/16 08:23:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/11/15 12:46:00 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Paich\My Documents\editor.doc
[2010/11/08 15:55:00 | 000,463,534 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/08 15:55:00 | 000,080,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/07 15:35:22 | 000,000,000 | ---- | M] () -- C:\Program Files\Firefox Setup 3.6.12.exe
[2010/10/26 17:56:09 | 000,025,600 | ---- | M] () -- C:\Documents and Settings\Paich\My Documents\translation_Paich.doc
[2010/10/26 10:40:36 | 000,014,960 | ---- | M] () -- C:\Documents and Settings\Paich\My Documents\resume.docx
[2010/10/26 10:37:32 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Paich\My Documents\resumeh.doc
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 15:47:33 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Paich\Desktop\gmer.zip
[2010/11/24 09:43:44 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Paich\Desktop\dds.scr
[2010/11/24 09:13:59 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Paich\defogger_reenable
[2010/11/24 09:11:24 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Paich\Desktop\Defogger.exe
[2010/11/23 15:19:26 | 000,005,951 | ---- | C] () -- C:\Documents and Settings\Paich\Desktop\DrWeb.csv
[2010/11/22 21:52:18 | 052,394,608 | ---- | C] () -- C:\Documents and Settings\Paich\Desktop\wqpbuc49.exe
[2010/11/21 18:41:24 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/11/21 17:26:43 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2010/11/21 12:18:51 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/21 12:10:35 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\Paich\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/11/21 12:10:35 | 000,000,875 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2010/11/19 07:23:53 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/11/12 11:07:32 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Paich\My Documents\editor.doc
[2010/11/07 15:35:22 | 000,000,000 | ---- | C] () -- C:\Program Files\Firefox Setup 3.6.12.exe
[2010/10/26 10:40:13 | 000,014,960 | ---- | C] () -- C:\Documents and Settings\Paich\My Documents\resume.docx
[2010/10/26 10:37:31 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Paich\My Documents\resumeh.doc
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007/09/22 23:13:17 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Paich\Local Settings\Application Data\KeyAccess Offline
[2007/09/17 13:40:38 | 000,000,146 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2007/08/29 15:39:10 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/12/11 13:02:07 | 005,743,211 | ---- | C] () -- C:\Program Files\Combined-Community-Codec-Pack-2006-07-28.exe
[2006/12/08 13:32:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/03/30 20:09:52 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/26 14:10:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/11/23 15:26:34 | 000,093,696 | ---- | C] () -- C:\Documents and Settings\Paich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/10/06 19:46:54 | 000,006,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/08/19 19:47:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2005/08/09 14:12:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/05/19 22:19:29 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\Paich\Local Settings\Application Data\fusioncache.dat
[2005/02/15 19:58:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/02/15 19:53:47 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/02/15 19:53:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/02/15 19:53:47 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/02/15 19:53:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/02/15 19:53:46 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/02/15 19:53:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2004/12/30 21:37:20 | 000,000,304 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/30 21:34:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\MousePage.dll
[2004/12/30 21:11:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/12/30 21:04:40 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2004/12/30 21:04:40 | 000,028,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2004/12/30 20:54:20 | 000,010,167 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/12/30 20:54:19 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/12/30 20:54:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/12/30 20:54:19 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/12/30 20:32:30 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/12/30 19:49:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2004/12/30 18:06:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/12/30 17:59:29 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/12/30 17:50:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/30 16:20:53 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/12/30 09:44:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/20 11:08:28 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/09/14 18:25:16 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/08/04 08:58:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/06/17 10:54:18 | 001,527,808 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2004/06/17 10:47:48 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/07/29 15:33:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/06/04 09:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2010/10/06 17:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/10/04 22:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2005/01/05 11:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/11/21 12:11:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2006/02/14 15:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\.bittorrent
[2005/06/27 22:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\Aim
[2006/04/05 16:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\Azureus
[2006/02/10 18:13:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\CoreCodec
[2010/10/06 17:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\DAEMON Tools Lite
[2010/10/04 09:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\ElevatedDiagnostics
[2010/10/20 22:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\gtk-2.0
[2004/12/30 21:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\InterTrust
[2005/05/19 19:12:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\InterVideo
[2005/11/11 15:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\Musicmatch
[2004/12/30 21:21:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paich\Application Data\toshiba
[2010/11/24 19:59:15 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/11/21 16:55:31 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/11/17 08:21:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/11/16 08:23:14 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/11/23 15:23:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/11/21 12:23:13 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/11/23 15:23:02 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/10/24 11:37:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/11/24 08:41:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/11/19 08:18:46 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/11/22 13:58:28 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/11/18 06:49:37 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/11/24 09:18:04 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/11/24 20:10:00 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/10/24 11:37:24 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/11/19 07:22:25 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/10/24 11:37:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/10/24 11:37:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/10/24 11:37:23 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/11/24 08:41:03 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/11/24 19:41:36 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/11/22 13:58:28 | 000,000,404 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2001/05/24 11:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE


< MD5 for: AGP440.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/02/04 06:10:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009/02/04 06:10:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 10:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/02/04 06:10:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 04:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009/02/04 06:10:56 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 10:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 16:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 04:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 16:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 04:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 16:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >






Extras.txt


OTL Extras logfile created on: 11/24/2010 8:10:40 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Paich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 84.00 Mb Available Physical Memory | 16.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.93 Gb Total Space | 32.05 Gb Free Space | 60.54% Space Free | Partition Type: NTFS

Computer Name: Paich | User Name: Paich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrades Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\Ivp\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- (TOSHIBA Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger -- (America Online, Inc.)
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet -- File not found
"C:\Program Files\RSSoft\RSEDNClient.exe" = C:\Program Files\RSSoft\RSEDNClient.exe:*:Disabled:RSEDNClient -- File not found
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\WINDOWS\keyacc32.exe" = C:\WINDOWS\keyacc32.exe:*:Enabled:KeyAccess -- File not found
"C:\WINDOWS\Blitz\WinNotif.exe" = C:\WINDOWS\Blitz\WinNotif.exe:*:Enabled:Windows Notify Driver -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{362BFFCD-8274-11D8-97C8-000129760CBE}" = MediaLife
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD Memory Card Format
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{5D96E2B1-D9AC-46E0-9073-425C5F63E338}" = Touch and Launch
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = TIxx21/x515
"{74697473-7475-6F69-6E73-5C5365747570}" =
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{91A10409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office OneNote 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9860A9CF-7E71-43AC-888F-0B4D3EA212D1}" = Roxio Burn Engine
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{AC76BA86-7AD7-1033-7B44-A70700000002}" = Adobe Reader 7.0.7
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B502B428-3386-40A9-98DB-079AAB72E64F}" = mEoU.msi
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C61F1CE9-9A16-42E5-80ED-1E5E3EC677D4}" = TOSHIBA Mobile Extension 3
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F69B66A8-61C9-424C-AFA1-7EC6093AC5AD}" = TOSHIBA Software Upgrades
"{F6C405D2-C50D-4D10-B89E-73A233A14D74}" = Toshiba Registration
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 5.0.2" = Adobe Photoshop 5.0.2
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOL Instant Messenger" = AOL Instant Messenger
"AT&T Connection Services Software" = AT&T Connection Services Manager
"ATI Display Driver" = ATI Display Driver
"BlitzMail" = BlitzMail
"Combined Community Codec Pack" = Combined Community Codec Pack 2006-07-28 (Remove Only)
"Hard Disk Recovery Utilities" = Hard Disk Recovery Utilities
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{73B2BC65-F997-4208-AEE5-CF8B809A3A71}" = Texas Instruments PCIxx21/x515 drivers.
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Diagnostic Tool" = TOSHIBA PC Diagnostic Tool
"ProInst" = Intel® PROSet/Wireless Software
"QuickTime" = QuickTime
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Toshiba Tbiosdrv Driver" = Toshiba Tbiosdrv Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = The GIMP 2.2.17
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/24/2010 5:47:21 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\documents and settings\paich\application
data\microsoft\windows\shell.exe by: Startup scan. Action: Leave Alone succeeded.
Action Description: The file was left unchanged. Risk: in File: c:\documents and
settings\paich\application data\microsoft\svchost.exe by: Startup scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\documents and settings\paich\application data\microsoft\windows\shell.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\paich\application
data\microsoft\svchost.exe by: Startup scan. Action: Leave Alone succeeded. Action
Description: The file was left unchanged.

Error - 11/24/2010 5:47:21 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\paich\application data\microsoft\windows\shell.exe by: Startup
scan. Action: Terminate Process Required. Action Description:

Error - 11/24/2010 7:34:06 PM | Computer Name = Paich | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041D

Error - 11/24/2010 7:41:28 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\paich\application data\microsoft\svchost.exe by: Startup scan.
Action: Clean failed : Quarantine failed. Action Description: The file was left
unchanged.

Error - 11/24/2010 7:41:34 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\documents and settings\paich\application
data\microsoft\svchost.exe by: Startup scan. Action: Leave Alone succeeded. Action
Description: The file was left unchanged. Risk: in File: c:\documents and settings\paich
\application data\microsoft\windows\shell.exe by: Startup scan. Action:
Leave Alone succeeded. Action Description: The file was left unchanged. Risk:
in File: c:\documents and settings\paich\application data\microsoft\svchost.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\paich\application
data\microsoft\windows\shell.exe by: Startup scan. Action: Leave Alone succeeded.
Action Description: The file was left unchanged.

Error - 11/24/2010 7:41:34 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\paich\application data\microsoft\svchost.exe by: Startup scan.
Action: Terminate Process Required. Action Description:

Error - 11/24/2010 7:50:05 PM | Computer Name = Paich | Source = Application Hang | ID = 1002
Description = Hanging application gmer.exe, version 1.0.15.15530, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/24/2010 11:56:27 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711726
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\paich\application data\microsoft\windows\shell.exe by: Startup
scan. Action: Clean failed : Quarantine failed. Action Description: The file
was left unchanged.

Error - 11/24/2010 11:56:34 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711685
Description = Risk: in File: c:\documents and settings\paich\application
data\microsoft\windows\shell.exe by: Startup scan. Action: Leave Alone succeeded.
Action Description: The file was left unchanged. Risk: in File: c:\documents and
settings\paich\application data\microsoft\svchost.exe by: Startup scan.
Action: Leave Alone succeeded. Action Description: The file was left unchanged.

Risk:
in File: c:\documents and settings\paich\application data\microsoft\windows\shell.exe
by: Startup scan. Action: Leave Alone succeeded. Action Description: The file
was left unchanged. Risk: in File: c:\documents and settings\paich\application
data\microsoft\svchost.exe by: Startup scan. Action: Leave Alone succeeded. Action
Description: The file was left unchanged.

Error - 11/24/2010 11:56:35 PM | Computer Name = Paich | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Risk: Backdoor.Cycbot in File: c:\documents and
settings\paich\application data\microsoft\windows\shell.exe by: Startup
scan. Action: Terminate Process Required. Action Description:

[ System Events ]
Error - 11/24/2010 12:47:15 PM | Computer Name = Paich | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 11/24/2010 12:47:26 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 11/24/2010 12:47:26 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 11/24/2010 1:05:19 PM | Computer Name = Paich | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000E35EE2074. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 11/24/2010 5:41:29 PM | Computer Name = Paich | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 11/24/2010 5:41:37 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 11/24/2010 5:41:37 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 11/24/2010 7:34:05 PM | Computer Name = Paich | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 11/24/2010 7:34:13 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 11/24/2010 7:34:13 PM | Computer Name = Paich | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053


< End of report >

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:04:18 PM

Posted 25 November 2010 - 08:36 AM

Hello, I need you to repost this logs according to post 7,thanks.

Edited by boopme, 25 November 2010 - 08:37 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:04:18 PM

Posted 26 November 2010 - 04:00 PM

Hello,

Now that you have posted a log here: http://www.bleepingcomputer.com/forums/topic363175.html you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

Please be patient. It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

To avoid confusion, I am closing this topic. Good luck with your log.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users