Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't think any thing was found


  • Please log in to reply
15 replies to this topic

#1 Teisei

Teisei

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 19 January 2011 - 04:23 PM

to the starter post

DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 2:25:01.71 on Wed 01/19/2011
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1525 [GMT -7:00]

AV: ESET Smart Security 4.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Enabled*
FW: ActiveArmor Firewall *Disabled*

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Phantom Drive\VBurnSecs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Phantom Drive\vbtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\VSC\GSC\GSClient.exe
C:\Program Files\VSC\Ventrilo.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun: [VBTray] "c:\program files\phantom drive\vbtray.exe" /check
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
dRunOnce: [RunNarrator] Narrator.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294866275234
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\w926w0kp.default\
FF - plugin: c:\documents and settings\owner\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792]
R1 vburn1000;vburn1000;c:\windows\system32\drivers\vburn1000.sys [2010-12-11 172560]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2011-1-18 67584]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 VBurnSecs;H+H Phantom Drive Management Service;c:\program files\phantom drive\VBurnSecs.exe [2008-5-30 303448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-1 135664]
S3 XDva375;XDva375;\??\c:\windows\system32\xdva375.sys --> c:\windows\system32\XDva375.sys [?]

=============== Created Last 30 ================

2011-01-19 05:48:22 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\ESET
2011-01-18 23:44:35 -------- d-----w- c:\program files\0-T00LS-0
2011-01-18 22:01:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Safe mirror
2011-01-18 21:59:55 -------- d-----w- c:\program files\Cobian Backup 10
2011-01-17 04:52:49 -------- d-----w- c:\docume~1\owner\applic~1\ESET
2011-01-17 04:51:21 -------- d-----w- c:\program files\ESET
2011-01-16 08:04:18 -------- d-----w- c:\docume~1\owner\applic~1\FrostWire
2011-01-16 07:57:16 -------- d-----w- c:\docume~1\owner\applic~1\Azureus
2011-01-16 07:56:21 -------- d-----w- c:\program files\Vuze
2011-01-16 07:52:59 -------- d-----w- c:\docume~1\owner\applic~1\LimeWire
2011-01-16 07:51:01 -------- d-----w- c:\program files\LimeWire
2011-01-13 21:20:15 -------- d-----w- c:\program files\common files\DirectX
2011-01-13 21:16:56 230752 ------w- c:\windows\patchw32.dll
2011-01-13 21:16:55 118176 ------w- c:\windows\patchw.dll
2011-01-13 21:11:36 -------- d-----w- c:\program files\Outspark
2011-01-13 20:40:09 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\PMB Files
2011-01-13 20:40:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2011-01-13 20:39:46 -------- d-----w- c:\program files\Pando Networks
2011-01-12 23:28:00 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Temp
2011-01-12 21:13:29 -------- d-----w- c:\windows\system32\PreInstall
2011-01-12 21:13:28 -------- d--h--w- c:\windows\$hf_mig$
2011-01-12 21:05:26 21728 ------w- c:\windows\system32\wucltui.dll.mui
2011-01-12 21:05:26 17632 ------w- c:\windows\system32\wuaueng.dll.mui
2011-01-12 21:05:26 15072 ------w- c:\windows\system32\wuaucpl.cpl.mui
2011-01-12 21:05:26 -------- d-----w- c:\windows\system32\SoftwareDistribution
2011-01-12 21:03:20 -------- d-s---w- c:\documents and settings\owner\UserData
2011-01-12 20:51:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\NVIDIA Corporation
2011-01-12 20:51:31 240592 ------w- c:\windows\system32\nvdrsdb0.bin
2011-01-12 20:51:30 240592 ------w- c:\windows\system32\nvdrsdb1.bin
2011-01-12 20:51:30 1 ------w- c:\windows\system32\nvdrssel.bin
2011-01-12 20:51:18 888424 ------w- c:\windows\system32\nvdispco32.dll
2011-01-12 20:51:18 813672 ------w- c:\windows\system32\nvgenco32.dll
2011-01-12 20:51:18 61440 ------w- c:\windows\system32\OpenCL.dll
2011-01-12 20:51:18 4882432 ------w- c:\windows\system32\nvcuda.dll
2011-01-12 20:51:18 2932840 ------w- c:\windows\system32\nvcuvid.dll
2011-01-12 20:51:18 2666600 ------w- c:\windows\system32\nvcuvenc.dll
2011-01-12 20:51:18 2293194 ------w- c:\windows\system32\nvdata.bin
2011-01-12 20:51:17 13012992 ------w- c:\windows\system32\nvcompiler.dll
2011-01-12 20:50:48 -------- d-----w- C:\NVIDIA
2011-01-11 23:56:22 -------- d-----w- c:\docume~1\owner\applic~1\BitCometLite
2011-01-11 20:32:00 -------- d-sha-r- C:\cmdcons
2011-01-11 18:00:47 98816 ------w- c:\windows\sed.exe
2011-01-11 18:00:47 89088 ------w- c:\windows\MBR.exe
2011-01-11 18:00:47 256512 ------w- c:\windows\PEV.exe
2011-01-11 18:00:47 161792 ------w- c:\windows\SWREG.exe
2011-01-11 17:16:02 -------- d-----w- c:\docume~1\owner\applic~1\.minecraft
2011-01-09 21:00:17 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Deployment
2011-01-08 23:07:35 221184 ------w- c:\windows\system32\wmpns.dll
2011-01-08 21:59:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-01-08 21:30:19 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\CatDBMapdrv
2011-01-08 04:38:20 -------- d-----w- c:\program files\Runes of Magic
2011-01-07 09:36:33 -------- d-----w- c:\docume~1\owner\locals~1\applic~1\Focus Home Interactive
2011-01-06 23:00:24 73728 ------w- c:\windows\system32\javacpl.cpl
2011-01-06 05:50:32 -------- d-----w- c:\program files\GRETECH
2011-01-06 05:47:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Free Media Player
2011-01-03 03:42:35 -------- d-----w- c:\documents and settings\owner\DoctorWeb
2011-01-03 03:14:46 -------- d-----w- c:\program files\VideoLAN
2010-12-31 22:52:03 967 ------w- c:\windows\ScUnin.pif
2010-12-31 22:52:03 94208 ------w- c:\windows\ScUnin.exe
2010-12-31 10:31:30 -------- d-----w- c:\program files\StarCraft II
2010-12-26 20:20:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Blizzard Entertainment
2010-12-26 08:23:56 -------- d-----w- c:\program files\common files\Blizzard Entertainment
2010-12-25 21:51:33 -------- d-----w- c:\program files\PeerGuardian2
2010-12-20 21:14:35 472808 ------w- c:\windows\system32\deployJava1.dll
2010-12-20 21:14:35 472808 ------w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll

==================== Find3M ====================

2010-11-30 00:38:30 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ------w- c:\windows\system32\QuickTime.qts
2010-11-12 00:44:54 94208 ------w- c:\windows\system32\dpl100.dll
2010-11-08 22:57:04 353592 ------w- c:\windows\system32\DivXControlPanelApplet.cpl
2006-05-27 18:55:25 101783 ------w- c:\program files\luxam.exe

============= FINISH: 2:25:33.40 ===============

EDIT: Posts merged ~BP

Edited by Budapest, 19 January 2011 - 04:33 PM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:05:11 AM

Posted 24 January 2011 - 09:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL Report

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


We also need a log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.

Best Regards,
oneof4.


#3 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 25 January 2011 - 06:59 PM

1st:
the first thing i noticed was that the MMO i have been playing keep going to a black screen when i tabbed out and back in to game.
*any variation of switching to an other screen or program*

ACTION:
for that i contacted the game company to see if maybe there had been some kind of hotpatch or update to the servers... they said no.


2nd:
next i noticed that one of my single player games had completely stopped working.

ACTION:
i researched that and found that most people seem to be having the same trouble but are very confused since again no update since it is a single player game.
*it has been found that if you run combofix before trying to run the game it will work... but must be done every time you try to start the game*
so i ran combofix, dr. webcureit, avast, gmer, eset, hijack this and a couple other things i cant remember atm.

3rd:
while uninstalling some of the stuff i had installed to try and find a problem i noticed that i had some new windows updates...
this i found strange considering i have auto-updates turned off and the systems for it disabled.
*these updates can not be removed from add/remove programs and the install date is the same date i started having troubles*

ACTION:
at this time i came to bleepingcomputer to try and find a safe way to remove these updates and block them from updating again.. and i was told to post here.

the updates:
Hotfix for windows XP kb954550-v5
Windows Genuin Advantage Validation Tool

and some updates to updates i already had... full list in starter thread.

4th:
network connection has been slower then normal.

ACTION:
reset router and modem also uninstalled network driver and reinstalled... no change.


OTL:
OTL logfile created on: 1/25/2011 4:36:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 49.27 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 181.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 126.75 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive F: | 968.23 Mb Total Space | 789.25 Mb Free Space | 81.51% Space Free | Partition Type: FAT
Drive G: | 977.86 Mb Total Space | 698.32 Mb Free Space | 71.41% Space Free | Partition Type: FAT32
Drive I: | 574.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER-33E9D7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 16:36:27 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/01/25 02:49:17 | 000,488,448 | -HS- | M] (CodeGear) -- C:\WINDOWS\uxthemewow.exe
PRC - [2011/01/22 15:30:34 | 000,169,984 | ---- | M] (CodeGear) -- C:\Documents and Settings\Owner\Application Data\SysWin\lsass.exe
PRC - [2011/01/22 15:30:28 | 001,325,056 | ---- | M] (CodeGear) -- C:\WINDOWS\system32\nvexpbar32.exe
PRC - [2011/01/22 15:30:28 | 001,325,056 | ---- | M] (CodeGear) -- C:\WINDOWS\system32\iassdo32.exe
PRC - [2010/12/10 13:56:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 13:56:53 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2009/09/28 10:06:08 | 007,253,856 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files\VSC\GSC\GSClient.exe
PRC - [2009/04/22 21:11:32 | 001,675,776 | ---- | M] (Flagship Industries, Inc.) -- C:\Program Files\VSC\Ventrilo.exe
PRC - [2008/05/30 11:06:54 | 000,853,336 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Phantom Drive\vbtray.exe
PRC - [2008/05/30 11:06:44 | 000,303,448 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Phantom Drive\VBurnSecs.exe
PRC - [2006/09/15 22:22:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2011/01/25 16:36:27 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2006/09/15 22:21:50 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - [2011/01/22 15:30:28 | 001,325,056 | ---- | M] (CodeGear) [Auto | Running] -- C:\WINDOWS\system32\iassdo32.exe -- (AppMgmt32)
SRV - [2008/05/30 11:06:44 | 000,303,448 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Phantom Drive\VBurnSecs.exe -- (VBurnSecs)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/12/11 22:41:19 | 000,172,560 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vburn1000.sys -- (vburn1000)
DRV - [2010/02/25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/08/15 14:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/11 06:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 06:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 17:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]

IE - HKU\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]
IE - HKU\S-1-5-21-73586283-1592454029-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 23:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 23:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components [2011/01/08 14:52:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/12/18 21:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 14:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 14:14:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2011/01/16 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/07 22:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/16 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/25 16:14:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions
[2011/01/25 16:26:04 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}
[2010/12/23 17:47:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/11 13:59:03 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\firebug@software.joehewitt.com
[2011/01/24 14:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 16:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/06 16:00:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/11 13:37:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {04FCBD16-61CB-45ED-BDF5-65779276AB63} - C:\WINDOWS\system32\atmpvcno32.dll (Borland Software Corporation)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (9047b4bf) - {E799E76F-28BE-258D-F4EF-3864BC4F2F71} - C:\WINDOWS\system32\msprivs32.dll (Borland Software Corporation)
O3 - HKU\S-1-5-21-73586283-1592454029-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [uxthemewow.exe] C:\WINDOWS\uxthemewow.exe (CodeGear)
O4 - HKLM..\Run: [VBTray] C:\Program Files\Phantom Drive\vbtray.exe (H+H Software GmbH)
O4 - HKU\S-1-5-21-73586283-1592454029-725345543-1003..\Run: [GSC] C:\Program Files\VSC\GSC\GSClient.exe (ClanServers Hosting LLC)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: RTHDBPL = C:\Documents and Settings\Owner\Application Data\SysWin\lsass.exe (CodeGear)
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-73586283-1592454029-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294866275234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/08 13:22:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/23 16:03:00 | 000,000,199 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/06/07 08:49:17 | 000,000,194 | RH-- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/25 04:29:10 | 000,169,984 | ---- | C] (CodeGear) -- C:\WINDOWS\System32\mspatcha32.exe
[2011/01/25 02:49:27 | 000,488,448 | -HS- | C] (CodeGear) -- C:\WINDOWS\uxthemewow.exe
[2011/01/24 05:37:53 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll
[2011/01/24 05:37:53 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll
[2011/01/24 01:42:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/01/24 01:42:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/01/24 01:42:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/01/24 01:42:15 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/01/24 01:42:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/01/24 01:42:15 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/01/24 01:42:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/01/24 01:42:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/01/24 01:42:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/01/24 01:42:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/01/24 01:42:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/01/24 01:42:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/01/24 01:42:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/01/24 01:42:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/01/24 01:42:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/01/24 01:42:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/01/24 01:42:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/01/24 01:42:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/01/24 01:42:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/01/24 01:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RIFT
[2011/01/24 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[2011/01/24 01:19:51 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2011/01/24 00:59:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/23 02:46:27 | 000,169,984 | ---- | C] (CodeGear) -- C:\WINDOWS\System32\msports32.exe
[2011/01/22 15:31:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\278B87D7333739BFB9A1502A45F6F83A
[2011/01/22 15:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011/01/22 15:31:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\SysWoW32
[2011/01/22 15:31:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1376158605
[2011/01/22 15:30:38 | 001,325,056 | ---- | C] (CodeGear) -- C:\WINDOWS\System32\nvexpbar32.exe
[2011/01/22 15:30:37 | 000,248,832 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\msprivs32.dll
[2011/01/22 15:30:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\Application Data\SysWin
[2011/01/22 15:30:34 | 001,325,056 | ---- | C] (CodeGear) -- C:\WINDOWS\System32\iassdo32.exe
[2011/01/22 15:30:34 | 000,169,984 | ---- | C] (CodeGear) -- C:\WINDOWS\System32\msprivs32.exe
[2011/01/22 15:30:33 | 000,402,432 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\atmpvcno32.dll
[2011/01/21 23:31:32 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/01/19 14:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CompJunks
[2011/01/18 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2011/01/18 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\0-T00LS-0
[2011/01/18 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Safe mirror
[2011/01/18 14:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/01/17 00:18:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/16 21:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESET
[2011/01/16 21:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/16 21:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/16 01:05:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\Incomplete
[2011/01/16 01:04:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/01/16 01:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/01/16 00:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/01/16 00:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Vuze
[2011/01/16 00:53:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\LimeWire
[2011/01/16 00:52:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\LimeWire
[2011/01/16 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/01/13 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2011/01/13 14:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2011/01/13 13:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2011/01/13 13:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/01/13 13:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/12 16:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/01/12 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/12 14:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/12 14:13:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/12 14:05:26 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2011/01/12 14:05:26 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/01/12 14:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/12 14:03:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2011/01/12 13:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/01/12 13:51:18 | 004,980,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/01/12 13:51:18 | 002,916,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/01/12 13:51:18 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/01/12 13:51:18 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/01/12 13:51:18 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/01/12 13:51:18 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/01/12 13:51:17 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/01/12 13:50:48 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/11 17:34:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/01/11 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitCometLite
[2011/01/11 13:47:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/01/11 13:32:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/11 10:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2011/01/09 14:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2011/01/08 18:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SimCity 4
[2011/01/08 14:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/08 14:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/08 14:51:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/01/08 14:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CatDBMapdrv
[2011/01/07 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Runes of Magic
[2011/01/07 02:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Focus Home Interactive
[2011/01/06 16:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/06 16:00:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/06 16:00:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/06 16:00:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/06 16:00:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/06 16:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/06 15:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/01/05 22:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GRETECH
[2011/01/05 22:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/01/05 22:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Media Player
[2011/01/04 02:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/01/02 20:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\DoctorWeb
[2011/01/02 20:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/12/31 15:52:03 | 000,094,208 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/12/31 03:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\StarCraft II
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/25 16:38:53 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\273588118
[2011/01/25 16:03:26 | 000,002,856 | ---- | M] () -- C:\WINDOWS\System32\GnuHashes.ini
[2011/01/25 15:55:42 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/25 15:55:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 15:55:38 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/25 04:29:10 | 000,169,984 | ---- | M] (CodeGear) -- C:\WINDOWS\System32\mspatcha32.exe
[2011/01/25 02:49:17 | 000,488,448 | -HS- | M] (CodeGear) -- C:\WINDOWS\uxthemewow.exe
[2011/01/24 01:21:20 | 000,004,254 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/23 22:08:35 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/23 22:08:35 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/23 12:25:25 | 000,000,156 | -HS- | M] () -- C:\WINDOWS\System32\811906234
[2011/01/23 02:46:27 | 000,169,984 | ---- | M] (CodeGear) -- C:\WINDOWS\System32\msports32.exe
[2011/01/22 15:31:38 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\sl1367680552
[2011/01/22 15:31:19 | 000,203,776 | -HS- | M] () -- C:\WINDOWS\System32\unrar.exe
[2011/01/22 15:30:38 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\446362525
[2011/01/22 15:30:37 | 000,248,832 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\msprivs32.dll
[2011/01/22 15:30:34 | 000,169,984 | ---- | M] (CodeGear) -- C:\WINDOWS\System32\msprivs32.exe
[2011/01/22 15:30:33 | 000,402,432 | ---- | M] (Borland Software Corporation) -- C:\WINDOWS\System32\atmpvcno32.dll
[2011/01/22 15:30:28 | 001,325,056 | ---- | M] (CodeGear) -- C:\WINDOWS\System32\nvexpbar32.exe
[2011/01/22 15:30:28 | 001,325,056 | ---- | M] (CodeGear) -- C:\WINDOWS\System32\iassdo32.exe
[2011/01/22 14:57:43 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 04:15:23 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/01/13 04:28:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003UA.job
[2011/01/13 03:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/12 13:53:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/12 13:51:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/12 13:51:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 13:51:30 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/12 13:51:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/12 13:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003Core.job
[2011/01/12 11:00:22 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 13:37:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/11 01:50:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/08 18:39:21 | 000,000,533 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/01/08 16:15:23 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/01/08 15:47:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 20:27:00 | 014,671,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/01/07 20:27:00 | 013,004,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/01/07 20:27:00 | 006,397,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/01/07 20:27:00 | 004,980,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/01/07 20:27:00 | 002,916,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/01/07 20:27:00 | 002,292,678 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/07 20:27:00 | 002,251,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/01/07 20:27:00 | 001,958,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/01/07 20:27:00 | 000,941,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll
[2011/01/07 20:27:00 | 000,837,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll
[2011/01/07 20:27:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/01/07 20:27:00 | 000,003,630 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/01/06 16:00:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/06 16:00:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/06 16:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/06 16:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/06 16:00:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/12/31 15:52:25 | 000,094,208 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\ScUnin.exe
[2010/12/31 15:52:25 | 000,028,100 | ---- | M] () -- C:\WINDOWS\scunin.dat
[2010/12/31 15:52:25 | 000,000,967 | ---- | M] () -- C:\WINDOWS\ScUnin.pif
[2010/12/31 15:18:59 | 000,000,565 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\myMPQ.ini
[2010/12/31 15:09:47 | 000,194,568 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/23 22:03:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 15:46:16 | 000,002,856 | ---- | C] () -- C:\WINDOWS\System32\GnuHashes.ini
[2011/01/22 15:39:03 | 000,000,156 | -HS- | C] () -- C:\WINDOWS\System32\811906234
[2011/01/22 15:33:39 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\273588118
[2011/01/22 15:31:38 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\sl1367680552
[2011/01/22 15:31:19 | 000,203,776 | -HS- | C] () -- C:\WINDOWS\System32\unrar.exe
[2011/01/22 15:30:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\446362525
[2011/01/13 14:16:56 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/01/13 14:16:55 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/01/12 13:51:31 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/12 13:51:30 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/12 13:51:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 13:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/12 13:51:18 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/12 13:51:18 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/01/11 13:32:07 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/01/11 13:32:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/31 15:52:03 | 000,028,100 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/12/31 15:52:03 | 000,000,967 | ---- | C] () -- C:\WINDOWS\ScUnin.pif
[2010/12/31 03:37:34 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\myMPQ.ini
[2010/12/25 20:36:44 | 000,000,257 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/01 18:04:19 | 001,350,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/01 11:37:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/12/01 11:37:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/12/01 11:37:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/12/01 11:37:30 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/05/14 17:54:11 | 000,002,999 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/24 02:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/12 21:38:05 | 000,101,783 | ---- | C] () -- C:\Program Files\luxam.exe
[2010/02/11 16:59:17 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2010/02/10 19:54:46 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 19:47:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LavaPlay.INI
[2010/02/10 19:39:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2010/02/08 17:33:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/02/08 05:57:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/11/26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2006/09/15 22:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/08/16 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


EXTRAS:
OTL Extras logfile created on: 1/25/2011 4:36:55 PM - Run 1
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 49.27 Gb Free Space | 33.06% Space Free | Partition Type: NTFS
Drive D: | 181.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 126.75 Gb Free Space | 54.43% Space Free | Partition Type: NTFS
Drive F: | 968.23 Mb Total Space | 789.25 Mb Free Space | 81.51% Space Free | Partition Type: FAT
Drive G: | 977.86 Mb Total Space | 698.32 Mb Free Space | 71.41% Space Free | Partition Type: FAT32
Drive I: | 574.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER-33E9D7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\iassdo32.exe" = C:\WINDOWS\system32\iassdo32.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\wmpwow.exe" = C:\WINDOWS\wmpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdhewow.exe" = C:\WINDOWS\kbdhewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx3jwow.exe" = C:\WINDOWS\dx3jwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\uxthemewow.exe" = C:\WINDOWS\uxthemewow.exe:*:Enabled:Windows Update Service -- (CodeGear)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\GFM\RA2\game.exe" = C:\GFM\RA2\game.exe:*:Disabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\GFM\RA2\gamemd.exe" = C:\GFM\RA2\gamemd.exe:*:Disabled:Main executable for Yuri's Revenge -- (Westwood Studios)
"C:\Westwood\SUN\game.exe" = C:\Westwood\SUN\game.exe:*:Disabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\GFM\DS2\DungeonSiege2.exe" = E:\GFM\DS2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\VSC\Ventrilo.exe" = C:\Program Files\VSC\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Owner\My Documents\Downloads\Eudemons_V1352.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\Eudemons_V1352.exe:*:Enabled:Eudemons_V1352.exe
"E:\GFM\RoM\Runes of Magic\Client.exe" = E:\GFM\RoM\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"E:\GFM\RoM\Runes of Magic\launcher.exe" = E:\GFM\RoM\Runes of Magic\launcher.exe:*:Enabled:BaseUpda Application -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\LimeWire\FrostWire\FrostWire.exe" = C:\Program Files\LimeWire\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINDOWS\system32\iassdo32.exe" = C:\WINDOWS\system32\iassdo32.exe:*:Enabled:Windows Update Service -- (CodeGear)
"C:\WINDOWS\wmpwow.exe" = C:\WINDOWS\wmpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdhewow.exe" = C:\WINDOWS\kbdhewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx3jwow.exe" = C:\WINDOWS\dx3jwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\uxthemewow.exe" = C:\WINDOWS\uxthemewow.exe:*:Enabled:Windows Update Service -- (CodeGear)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41BEF2F3-730F-4346-9ACA-415ADC8A817B}" = Phantom Drive
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511318D0-D987-4838-A547-7966FBBD8E57}_is1" = Bounty Bay Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6DC77B24-075D-4D58-A434-C83312C32BB7}_is1" = Eudemons Online
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D53B92-075C-48BD-B455-0CB4F6F35C38}" = Windows XP Professional
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cities XL 2011" = Cities XL 2011
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX Setup
"DMIView" = DMIView
"DriverCD" = DriverCD
"DungeonSiege2" = Dungeon Siege 2
"Enable S3 for USB Device" = Enable S3 for USB Device
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Fallout New Vegas_is1" = Fallout New Vegas
"Flock (2.6.0)" = Flock (2.6.0)
"FrostWire" = FrostWire 4.21.3
"gatesofandaron_is1" = Gates of Andaron 3.4.1
"GOM Player" = GOM Player
"GSC 2.00" = GSC 2.00
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InterActual Player" = InterActual Player
"LAVA Player" = LAVA! Player
"LimeWire" = LimeWire 5.5.8
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"Red Alert 2" = Command & Conquer Red Alert 2
"Renegade" = Command & Conquer Renegade
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tiberian Sun" = Command & Conquer Tiberian Sun
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"AikaOnline" = AikaOnline
"Diablo" = Diablo
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2010 1:50:41 AM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2010 6:24:13 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3646, faulting module
unknown, version 0.0.0.0, fault address 0x0283fed6.

Error - 12/1/2010 2:32:24 PM | Computer Name = COMPUTER-33E9D7 | Source = MsiInstaller | ID = 11704
Description = Product: Google Update Helper -- Error 1704. An installation for Command
& Conquer Generals is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

Error - 12/1/2010 2:32:29 PM | Computer Name = COMPUTER-33E9D7 | Source = Google Update | ID = 20
Description =

Error - 12/1/2010 2:37:05 PM | Computer Name = COMPUTER-33E9D7 | Source = Google Update | ID = 20
Description =

Error - 12/1/2010 8:36:43 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application flock.exe, version 3.5.0.4568, faulting module
chrome.dll, version 3.5.0.4568, fault address 0x00003122.

Error - 12/1/2010 8:37:16 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1001
Description = Fault bucket -2091143089.

Error - 12/1/2010 8:37:27 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/2/2010 3:48:15 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1002
Description = Hanging application GSClient.exe, version 2.0.0.3017, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2010 3:48:22 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1001
Description = Fault bucket 1483338821.

[ System Events ]
Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:38 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 3:42:00 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:28:00 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:52 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >


GMER:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 13:37:12
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\00000069 ST3160811AS rev.3.AAE
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uwedrkog.sys


---- System - GMER 1.0.15 ----

SSDT 890348A0 ZwAssignProcessToJobObject
SSDT 89033CB0 ZwOpenProcess
SSDT 890340D0 ZwOpenThread
SSDT 890346D0 ZwSuspendProcess
SSDT 890344F0 ZwSuspendThread
SSDT 89033EE0 ZwTerminateProcess
SSDT 89034310 ZwTerminateThread

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6BC33A0, 0x5CC259, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xB2F9BF00, 0x24000, 0x48000000]
? C:\DOCUME~1\Owner\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[508] kernel32.dll!SetUnhandledExceptionFilter 7C810386 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2828] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- Threads - GMER 1.0.15 ----

Thread System [4:600] 89032930

---- EOF - GMER 1.0.15 ----

Edited by Teisei, 25 January 2011 - 07:02 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 26 January 2011 - 08:42 AM

Hi Teisei,

P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Limewire, Bit Torrent, Frostwire etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
Once upon a time, P2P file sharing was fairly safe. That is no longer true.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.


Step 1
There are files on your system that MBAM should be able to remove.

Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

Todays database version was: 5608

Posted Image

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Step 2
Download CKScanner

Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file has been saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Step 3
Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please submit:
New MBAM report
CKFiles.txt
Both reports from OTL


Thanks.

BBPP6nz.png


#5 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 26 January 2011 - 03:48 PM

Mdam:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5611

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

1/26/2011 1:37:39 PM
mbam-log-2011-01-26 (13-37-39).txt

Scan type: Quick scan
Objects scanned: 143714
Time elapsed: 3 minute(s), 24 second(s)

Memory Processes Infected: 4
Memory Modules Infected: 2
Registry Keys Infected: 7
Registry Values Infected: 2
Registry Data Items Infected: 4
Folders Infected: 2
Files Infected: 42

Memory Processes Infected:
c:\WINDOWS\system32\iassdo32.exe (Trojan.Tracur.S) -> 1636 -> Unloaded process successfully.
c:\WINDOWS\system32\nvexpbar32.exe (Trojan.Tracur.S) -> 2024 -> Unloaded process successfully.
c:\documents and settings\Owner\application data\SysWin\lsass.exe (Trojan.Tracur.S) -> 2332 -> Unloaded process successfully.
c:\WINDOWS\slayerxpwow.exe (Trojan.Tracur.S) -> 2984 -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\msprivs32.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\WINDOWS\system32\1B0.tmp (Trojan.Tracur.S) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{E799E76F-28BE-258D-F4EF-3864BC4F2F71} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E799E76F-28BE-258D-F4EF-3864BC4F2F71} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E799E76F-28BE-258D-F4EF-3864BC4F2F71} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{04FCBD16-61CB-45ED-BDF5-65779276AB63} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{04FCBD16-61CB-45ED-BDF5-65779276AB63} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04FCBD16-61CB-45ED-BDF5-65779276AB63} (Trojan.Tracur.S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RTHDBPL (Trojan.Tracur.S) -> Value: RTHDBPL -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\slayerxpwow.exe (Trojan.Tracur.S) -> Value: slayerxpwow.exe -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
c:\WINDOWS\system32\SysWoW32 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\SysWin (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
c:\WINDOWS\system32\iassdo32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprivs32.dll (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\1B0.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\nvexpbar32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\application data\SysWin\lsass.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\slayerxpwow.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atmpvcno32.dll (Trojan.Tracur.S) -> Delete on reboot.
c:\WINDOWS\system32\mspatcha32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msports32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\msprivs32.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\12.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\18.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1B2.tmp (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000fbe744af1122c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000fbe744af1122o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000fbe744af1122p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000fbe744af1122s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fbe744af1122c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fbe744af1122o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fbe744af1122p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000fbe744af1122s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\gnuhashes.ini (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v4.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v0.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v4 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v5 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v5.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v6 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v6.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v7 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\mu980336304v7.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v1.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v2.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v3 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\wu980336304v3.kwd (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u980336304v0 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u980336304v1 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u980336304v2 (Trojan.Tracur) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\SysWoW32\_u980336304v3 (Trojan.Tracur) -> Quarantined and deleted successfully.


extras.txt:
OTL Extras logfile created on: 1/26/2011 1:45:19 PM - Run 2
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\My Documents\CompJunks
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): E:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 49.24 Gb Free Space | 33.03% Space Free | Partition Type: NTFS
Drive D: | 181.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 126.68 Gb Free Space | 54.40% Space Free | Partition Type: NTFS
Drive F: | 968.23 Mb Total Space | 789.25 Mb Free Space | 81.51% Space Free | Partition Type: FAT
Drive G: | 977.86 Mb Total Space | 698.32 Mb Free Space | 71.41% Space Free | Partition Type: FAT32
Drive I: | 574.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER-33E9D7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\iassdo32.exe" = C:\WINDOWS\system32\iassdo32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wmpwow.exe" = C:\WINDOWS\wmpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdhewow.exe" = C:\WINDOWS\kbdhewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx3jwow.exe" = C:\WINDOWS\dx3jwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\uxthemewow.exe" = C:\WINDOWS\uxthemewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mciwavewow.exe" = C:\WINDOWS\mciwavewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\slayerxpwow.exe" = C:\WINDOWS\slayerxpwow.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\GFM\RA2\game.exe" = C:\GFM\RA2\game.exe:*:Disabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\GFM\RA2\gamemd.exe" = C:\GFM\RA2\gamemd.exe:*:Disabled:Main executable for Yuri's Revenge -- (Westwood Studios)
"C:\Westwood\SUN\game.exe" = C:\Westwood\SUN\game.exe:*:Disabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\GFM\DS2\DungeonSiege2.exe" = E:\GFM\DS2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\VSC\Ventrilo.exe" = C:\Program Files\VSC\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Documents and Settings\Owner\My Documents\Downloads\Eudemons_V1352.exe" = C:\Documents and Settings\Owner\My Documents\Downloads\Eudemons_V1352.exe:*:Enabled:Eudemons_V1352.exe
"E:\GFM\RoM\Runes of Magic\Client.exe" = E:\GFM\RoM\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"E:\GFM\RoM\Runes of Magic\launcher.exe" = E:\GFM\RoM\Runes of Magic\launcher.exe:*:Enabled:BaseUpda Application -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\LimeWire\FrostWire\FrostWire.exe" = C:\Program Files\LimeWire\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINDOWS\system32\iassdo32.exe" = C:\WINDOWS\system32\iassdo32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wmpwow.exe" = C:\WINDOWS\wmpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdhewow.exe" = C:\WINDOWS\kbdhewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx3jwow.exe" = C:\WINDOWS\dx3jwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\uxthemewow.exe" = C:\WINDOWS\uxthemewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mciwavewow.exe" = C:\WINDOWS\mciwavewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\slayerxpwow.exe" = C:\WINDOWS\slayerxpwow.exe:*:Enabled:Windows Update Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41BEF2F3-730F-4346-9ACA-415ADC8A817B}" = Phantom Drive
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511318D0-D987-4838-A547-7966FBBD8E57}_is1" = Bounty Bay Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6DC77B24-075D-4D58-A434-C83312C32BB7}_is1" = Eudemons Online
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D53B92-075C-48BD-B455-0CB4F6F35C38}" = Windows XP Professional
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Cities XL 2011" = Cities XL 2011
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX Setup
"DMIView" = DMIView
"DriverCD" = DriverCD
"DungeonSiege2" = Dungeon Siege 2
"Enable S3 for USB Device" = Enable S3 for USB Device
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Fallout New Vegas_is1" = Fallout New Vegas
"Flock (2.6.0)" = Flock (2.6.0)
"FrostWire" = FrostWire 4.21.3
"gatesofandaron_is1" = Gates of Andaron 3.4.1
"GOM Player" = GOM Player
"GSC 2.00" = GSC 2.00
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InterActual Player" = InterActual Player
"LAVA Player" = LAVA! Player
"LimeWire" = LimeWire 5.5.8
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"Red Alert 2" = Command & Conquer Red Alert 2
"Renegade" = Command & Conquer Renegade
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tiberian Sun" = Command & Conquer Tiberian Sun
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"AikaOnline" = AikaOnline
"Diablo" = Diablo
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/8/2010 1:50:41 AM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1002
Description = Hanging application OIS.EXE, version 11.0.5510.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/10/2010 6:24:13 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3646, faulting module
unknown, version 0.0.0.0, fault address 0x0283fed6.

Error - 12/1/2010 2:32:24 PM | Computer Name = COMPUTER-33E9D7 | Source = MsiInstaller | ID = 11704
Description = Product: Google Update Helper -- Error 1704. An installation for Command
& Conquer Generals is currently suspended. You must undo the changes made by that
installation to continue. Do you want to undo those changes?

Error - 12/1/2010 2:32:29 PM | Computer Name = COMPUTER-33E9D7 | Source = Google Update | ID = 20
Description =

Error - 12/1/2010 2:37:05 PM | Computer Name = COMPUTER-33E9D7 | Source = Google Update | ID = 20
Description =

Error - 12/1/2010 8:36:43 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application flock.exe, version 3.5.0.4568, faulting module
chrome.dll, version 3.5.0.4568, fault address 0x00003122.

Error - 12/1/2010 8:37:16 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1001
Description = Fault bucket -2091143089.

Error - 12/1/2010 8:37:27 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/2/2010 3:48:15 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1002
Description = Hanging application GSClient.exe, version 2.0.0.3017, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2010 3:48:22 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1001
Description = Fault bucket 1483338821.

[ System Events ]
Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:21 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 2:00:38 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 3:42:00 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:28:00 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:43 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 1/12/2011 4:53:52 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 27 January 2011 - 06:01 AM

Hi Teisei,

Step 1

Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vistaor Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Step 2

I see Combofix is on your system.
Please right click on the icon for it and select delete.
Now let's get a fresh copy:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image

This is an example, you may rename ComboFix to anything you want.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix.
    For more information read:
    How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

    Then:

    Double click on Combo-Fix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista, you may not see this screen
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Thanks

BBPP6nz.png


#7 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 31 January 2011 - 03:52 PM

i actually normally run combofix off a CD but i removed any folders with combofix in them.
*then used your link... had to use Oprea to save under new name because other browsers didn't give that option*

ComboFix:
ComboFix 11-01-31.01 - Owner 01/31/2011 13:43:23.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1663 [GMT -7:00]
Running from: c:\documents and settings\Owner\My Documents\CompJunks\fixcom2.exe
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome.manifest
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome\xulcache.jar
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\defaults\preferences\xulcache.js
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\install.rdf
c:\windows\system32\1376158605

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-31 )))))))))))))))))))))))))))))))
.

2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-01-26 20:30 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:30 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-24 12:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-24 12:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-24 08:40 . 2011-01-27 11:18 -------- d-----w- c:\documents and settings\Owner\Application Data\RIFT
2011-01-24 08:21 . 2011-01-24 08:21 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-24 08:21 . 2011-01-24 08:21 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2011-01-24 08:19 . 2011-01-24 08:19 -------- d-----w- C:\Linksys Driver
2011-01-23 04:10 . 2011-01-23 04:10 0 ---ha-w- c:\documents and settings\Owner\nfdajhyywt.tmp
2011-01-22 22:31 . 2011-01-26 20:31 -------- d-sh--w- c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A
2011-01-22 22:31 . 2011-01-22 22:31 203776 --sh--w- c:\windows\system32\unrar.exe
2011-01-22 06:31 . 2010-02-25 23:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-01-19 05:48 . 2011-01-19 05:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ESET
2011-01-18 23:44 . 2011-01-19 22:23 -------- d-----w- c:\program files\0-T00LS-0
2011-01-18 22:01 . 2011-01-18 22:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Safe mirror
2011-01-18 21:59 . 2011-01-18 22:01 -------- d-----w- c:\program files\Cobian Backup 10
2011-01-17 04:52 . 2011-01-17 04:52 -------- d-----w- c:\documents and settings\Owner\Application Data\ESET
2011-01-17 04:51 . 2011-01-24 08:04 -------- d-----w- c:\program files\ESET
2011-01-17 04:51 . 2011-01-17 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-16 08:04 . 2011-01-23 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2011-01-16 07:57 . 2011-01-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2011-01-16 07:51 . 2011-01-26 20:59 -------- d-----w- c:\program files\LimeWire
2011-01-13 21:20 . 2011-01-13 21:20 -------- d-----w- c:\program files\Common Files\DirectX
2011-01-13 21:16 . 2010-01-13 23:48 230752 ------w- c:\windows\patchw32.dll
2011-01-13 21:16 . 2010-01-13 23:48 118176 ------w- c:\windows\patchw.dll
2011-01-13 21:11 . 2011-01-13 21:11 -------- d-----w- c:\program files\Outspark
2011-01-13 20:40 . 2011-01-21 04:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2011-01-13 20:40 . 2011-01-21 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-01-13 20:39 . 2011-01-13 20:39 -------- d-----w- c:\program files\Pando Networks
2011-01-12 23:28 . 2011-01-12 23:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-01-12 21:13 . 2011-01-12 21:13 -------- d--h--w- c:\windows\$hf_mig$
2011-01-12 21:05 . 2009-08-07 02:24 21728 ------w- c:\windows\system32\wucltui.dll.mui
2011-01-12 21:05 . 2009-08-07 02:24 15072 ------w- c:\windows\system32\wuaucpl.cpl.mui
2011-01-12 21:05 . 2009-08-07 02:24 44768 ------w- c:\windows\system32\wups2.dll
2011-01-12 21:05 . 2009-08-07 02:24 17632 ------w- c:\windows\system32\wuaueng.dll.mui
2011-01-12 21:03 . 2011-01-12 21:03 -------- d-s---w- c:\documents and settings\Owner\UserData
2011-01-12 20:51 . 2011-01-12 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-01-12 20:51 . 2011-01-12 20:51 240592 ------w- c:\windows\system32\nvdrsdb0.bin
2011-01-12 20:51 . 2011-01-12 20:51 1 ------w- c:\windows\system32\nvdrssel.bin
2011-01-12 20:51 . 2011-01-12 20:51 240592 ------w- c:\windows\system32\nvdrsdb1.bin
2011-01-12 20:51 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-12 20:51 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-12 20:51 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-12 20:51 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-12 20:51 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-12 20:51 . 2010-10-16 18:55 888424 ------w- c:\windows\system32\nvdispco32.dll
2011-01-12 20:51 . 2010-10-16 18:55 813672 ------w- c:\windows\system32\nvgenco32.dll
2011-01-12 20:51 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-12 20:50 . 2011-01-12 20:50 -------- d-----w- C:\NVIDIA
2011-01-11 23:56 . 2011-01-12 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\BitCometLite
2011-01-11 17:16 . 2010-11-11 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft
2011-01-09 21:00 . 2011-01-13 23:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2011-01-08 23:07 . 2006-09-16 05:26 221184 ------w- c:\windows\system32\wmpns.dll
2011-01-08 21:59 . 2011-01-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-08 21:59 . 2011-01-08 21:59 -------- d-----w- c:\program files\Alwil Software
2011-01-08 21:33 . 2011-01-08 21:34 -------- d-----w- c:\documents and settings\Administrator
2011-01-08 21:30 . 2011-01-11 20:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CatDBMapdrv
2011-01-08 04:38 . 2011-01-08 04:38 -------- d-----w- c:\program files\Runes of Magic
2011-01-07 09:36 . 2011-01-07 09:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Focus Home Interactive
2011-01-06 23:01 . 2011-01-06 23:01 -------- d-----w- c:\program files\Common Files\Java
2011-01-06 23:00 . 2011-01-06 23:00 73728 ------w- c:\windows\system32\javacpl.cpl
2011-01-06 23:00 . 2011-01-06 23:00 -------- d-----w- c:\program files\Java
2011-01-06 22:54 . 2011-01-06 22:54 -------- d-----w- c:\windows\Sun
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\documents and settings\Owner\Application Data\GRETECH
2011-01-06 05:50 . 2011-01-06 05:50 -------- d-----w- c:\program files\GRETECH
2011-01-06 05:47 . 2011-01-06 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Media Player
2011-01-04 09:11 . 2011-01-06 05:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc
2011-01-03 03:42 . 2011-01-03 03:42 -------- d-----w- c:\documents and settings\Owner\DoctorWeb
2011-01-03 03:14 . 2011-01-03 03:14 -------- d-----w- c:\program files\VideoLAN

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2006-08-16 07:35 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2006-08-16 07:35 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2006-08-16 07:35 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2006-08-16 07:35 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-06 23:00 . 2010-12-20 21:14 472808 ------w- c:\windows\system32\deployJava1.dll
2010-12-31 22:52 . 2010-12-31 22:52 967 ------w- c:\windows\ScUnin.pif
2010-12-31 22:52 . 2010-12-31 22:52 94208 ------w- c:\windows\ScUnin.exe
2010-12-12 05:41 . 2010-12-12 05:41 155648 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBTrayKey_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 139264 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBTrayKey1_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 139264 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBStarterKey1_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 172560 ------w- c:\windows\system32\drivers\vburn1000.sys
2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts
2010-11-12 00:44 . 2010-11-12 00:44 94208 ------w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ------w- c:\windows\system32\DivXControlPanelApplet.cpl
2006-05-27 18:55 . 2010-02-13 04:38 101783 ------w- c:\program files\luxam.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSC"="c:\program files\VSC\GSC\GSClient.exe" [2009-09-28 7253856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBTray"="c:\program files\Phantom Drive\vbtray.exe" [2008-05-30 853336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-09-16 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2010-10-06 20:48 335872 ----a-w- e:\gfm\GatesofAndaron\PrePatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ------w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2007-07-23 17:06 77824 ------w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ------w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-01 19:37 136176 -----tw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
2000-08-04 09:50 44032 ------w- c:\program files\Creative\News\NewsUpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 19:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 19:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-14 21:00 16050176 ------w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ------w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\GFM\\RA2\\game.exe"=
"c:\\GFM\\RA2\\gamemd.exe"=
"c:\\Westwood\\SUN\\game.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\GFM\\DS2\\DungeonSiege2.exe"=
"c:\\Program Files\\VSC\\Ventrilo.exe"=
"e:\\GFM\\RoM\\Runes of Magic\\Client.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\C8WLY994.OHN\\0OB6TBR3.GPK\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
"e:\\GFM\\RoM\\Runes of Magic\\launcher.exe"=
"c:\\Program Files\\LimeWire\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56261:TCP"= 56261:TCP:Pando Media Booster
"56261:UDP"= 56261:UDP:Pando Media Booster

R1 vburn1000;vburn1000;c:\windows\system32\drivers\vburn1000.sys [12/11/2010 10:41 PM 172560]
R2 VBurnSecs;H+H Phantom Drive Management Service;c:\program files\Phantom Drive\VBurnSecs.exe [5/30/2008 11:06 AM 303448]
S2 AppMgmt32;Application Management ;c:\windows\system32\iassdo32.exe --> c:\windows\system32\iassdo32.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2010 11:32 AM 135664]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]

2011-01-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-01 19:37]

2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-01 19:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-nwiz - nwiz.exe
MSConfigStartUp-nwiz - nwiz.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-31 13:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,dd,72,94,52,23,06,4a,06,7b,e0,60,80,b8,52,49,1d,02,a1,cc,54,
16,36,94,6a,0b,77,f9,46,ba,f5,2b,cb,8b,b5,00,f1,80,9d,fb,39,7c,82,89,ca,e3,\
"rkeysecu"=hex:65,c9,91,4f,00,9c,6a,0b,39,f1,b5,94,a7,cd,ef,bf
.
Completion time: 2011-01-31 13:48:10
ComboFix-quarantined-files.txt 2011-01-31 20:48

Pre-Run: 53,119,959,040 bytes free
Post-Run: 53,107,359,744 bytes free

- - End Of File - - 0BA22F83070B85D920F74E73AED15F96

Edited by Teisei, 31 January 2011 - 03:53 PM.


#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 31 January 2011 - 07:02 PM

Hi Teisei,

This next part would have been easier if you had followed the instructions:

Save it to your desktop.


Step 1
Close any open browsers.
Close/disable all anti virus, firewall and anti malware programs so they do not interfere with the running of ComboFix:

Open Notepad - it must be Notepad, not Wordpad.
Copy the text below in the code box by highlighting all the text and pressing Ctrl+C
File:: 
c:\documents and settings\Owner\nfdajhyywt.tmp
c:\windows\system32\unrar.exe

Folder::
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A

DirLook::
c:\program files\0-T00LS-0

Go to the Notepad window and click Edit >> Paste
Then click File >> Save
Name the file "CFScript.txt" (including the quotes)
Save the file to your Desktop

The main ComboFix.exe program should be on your Desktop
Drag the file you just created... CFScript.txt and drop it on the main ComboFix.exe icon
as below.
Posted Image

Now please wait for ComboFix to finish running.

Please Note: Do not mouse click in the combofix window while it is running - this may cause your system to hang/crash


Step 2
Now we have removed a lot of malware, we can address the next issue:

You are missing one important program on that computer: An antivirus.
This is somewhat suicidal in today's digital world.
You need to install an antivirus program as soon as you can and run a complete scan of the computer:

Install one of these, update the definitions and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.

Note*:
Upon installation MS Security Essentials will check that your OS is a legal copy.


In your next reply, please submit:
Combofix.txt
Let me know which AV you installed and was anything found when the full scan was run?


Thanks.

BBPP6nz.png


#9 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 02 February 2011 - 05:44 AM

oh sorry i try not to clutter my desktop so saved else where out of habit.

i was using ESET and AVAST but uninstalled before starting this proses... so since i hadn't scanned with Avira yet i went with that one.
*nothing found*

COMBOFIX LOG:
ComboFix 11-01-31.02 - Owner 02/02/2011 3:27.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1676 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\fixcom2.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FW: ActiveArmor Firewall *Disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
* Created a new restore point

FILE ::
"c:\documents and settings\Owner\nfdajhyywt.tmp"
"c:\windows\system32\unrar.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\nfdajhyywt.tmp
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\b\bint1
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\b\version
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\content.css
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\getting-started.css
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\min.js
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\mozilla-logo.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\mozilla-pager.htm
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\reset-fonts-grids.css
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-answers.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-clipmarks.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-cooliris.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-facebook.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-googledocs.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-gumtree.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-howstuffworks.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-hypemachine.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-linkedin.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-miro.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-qype.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-rtm.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-shareaholic.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-topix.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-wikipedia.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\sites-youtube.png
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\template.css
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\files\utilities.js
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\1\index.html
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\alert.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\dvd.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\error_detected.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\errsnd.swf
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\flist.js
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\folder.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\hdd.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i1000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i2000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i3000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i4000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i5000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i6000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\i7000000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\index.htm
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\inf20000.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\jquery-init.js
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\jquery.js
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\page_progressbar.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\2\qicon.gif
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\h\version
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\lock
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\ntuser.dat
c:\windows\system32\278B87D7333739BFB9A1502A45F6F83A\unrar.exe
c:\windows\system32\unrar.exe

.
((((((((((((((((((((((((( Files Created from 2011-01-02 to 2011-02-02 )))))))))))))))))))))))))))))))
.

2011-02-01 07:16 . 2011-02-02 10:24 -------- d-----w- c:\program files\Common Files\Akamai
2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-01-26 20:30 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-01-26 20:30 . 2011-01-26 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-26 20:30 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-24 12:37 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-24 12:37 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-24 08:40 . 2011-01-27 11:18 -------- d-----w- c:\documents and settings\Owner\Application Data\RIFT
2011-01-24 08:21 . 2011-01-24 08:21 17801 ----a-w- c:\windows\system32\drivers\AegisP.sys
2011-01-24 08:21 . 2011-01-24 08:21 -------- d-----w- c:\program files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
2011-01-24 08:19 . 2011-01-24 08:19 -------- d-----w- C:\Linksys Driver
2011-01-22 06:31 . 2010-02-25 23:51 25216 ----a-w- c:\windows\system32\drivers\tap0901.sys
2011-01-19 05:48 . 2011-01-19 05:48 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ESET
2011-01-18 23:44 . 2011-01-19 22:23 -------- d-----w- c:\program files\0-T00LS-0
2011-01-18 22:01 . 2011-01-18 22:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Safe mirror
2011-01-18 21:59 . 2011-01-18 22:01 -------- d-----w- c:\program files\Cobian Backup 10
2011-01-17 04:52 . 2011-01-17 04:52 -------- d-----w- c:\documents and settings\Owner\Application Data\ESET
2011-01-17 04:51 . 2011-01-24 08:04 -------- d-----w- c:\program files\ESET
2011-01-17 04:51 . 2011-01-17 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2011-01-16 08:04 . 2011-01-23 02:29 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire
2011-01-16 07:57 . 2011-01-16 08:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Azureus
2011-01-16 07:51 . 2011-01-26 20:59 -------- d-----w- c:\program files\LimeWire
2011-01-13 21:20 . 2011-01-13 21:20 -------- d-----w- c:\program files\Common Files\DirectX
2011-01-13 21:16 . 2010-01-13 23:48 230752 ------w- c:\windows\patchw32.dll
2011-01-13 21:16 . 2010-01-13 23:48 118176 ------w- c:\windows\patchw.dll
2011-01-13 21:11 . 2011-01-13 21:11 -------- d-----w- c:\program files\Outspark
2011-01-13 20:40 . 2011-01-21 04:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PMB Files
2011-01-13 20:40 . 2011-01-21 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2011-01-13 20:39 . 2011-01-13 20:39 -------- d-----w- c:\program files\Pando Networks
2011-01-12 23:28 . 2011-01-12 23:28 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-01-12 21:13 . 2011-01-12 21:13 -------- d--h--w- c:\windows\$hf_mig$
2011-01-12 21:05 . 2009-08-07 02:24 21728 ------w- c:\windows\system32\wucltui.dll.mui
2011-01-12 21:05 . 2009-08-07 02:24 15072 ------w- c:\windows\system32\wuaucpl.cpl.mui
2011-01-12 21:05 . 2009-08-07 02:24 44768 ------w- c:\windows\system32\wups2.dll
2011-01-12 21:05 . 2009-08-07 02:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2011-01-12 21:05 . 2009-08-07 02:24 17632 ------w- c:\windows\system32\wuaueng.dll.mui
2011-01-12 21:03 . 2011-01-12 21:03 -------- d-s---w- c:\documents and settings\Owner\UserData
2011-01-12 20:51 . 2011-01-12 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2011-01-12 20:51 . 2011-01-12 20:51 240592 ------w- c:\windows\system32\nvdrsdb0.bin
2011-01-12 20:51 . 2011-01-12 20:51 1 ------w- c:\windows\system32\nvdrssel.bin
2011-01-12 20:51 . 2011-01-12 20:51 240592 ------w- c:\windows\system32\nvdrsdb1.bin
2011-01-12 20:51 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-12 20:51 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-12 20:51 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-12 20:51 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-01-12 20:51 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-12 20:51 . 2010-10-16 18:55 888424 ------w- c:\windows\system32\nvdispco32.dll
2011-01-12 20:51 . 2010-10-16 18:55 813672 ------w- c:\windows\system32\nvgenco32.dll
2011-01-12 20:51 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-12 20:50 . 2011-01-12 20:50 -------- d-----w- C:\NVIDIA
2011-01-11 23:56 . 2011-01-12 00:19 -------- d-----w- c:\documents and settings\Owner\Application Data\BitCometLite
2011-01-11 17:16 . 2010-11-11 02:09 -------- d-----w- c:\documents and settings\Owner\Application Data\.minecraft
2011-01-09 21:00 . 2011-01-13 23:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2011-01-08 23:07 . 2006-09-16 05:26 221184 ------w- c:\windows\system32\wmpns.dll
2011-01-08 21:59 . 2011-01-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-01-08 21:59 . 2011-01-08 21:59 -------- d-----w- c:\program files\Alwil Software
2011-01-08 21:33 . 2011-01-08 21:34 -------- d-----w- c:\documents and settings\Administrator
2011-01-08 21:30 . 2011-01-11 20:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\CatDBMapdrv
2011-01-08 04:38 . 2011-01-08 04:38 -------- d-----w- c:\program files\Runes of Magic
2011-01-07 09:36 . 2011-01-07 09:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Focus Home Interactive
2011-01-06 23:01 . 2011-01-06 23:01 -------- d-----w- c:\program files\Common Files\Java
2011-01-06 23:00 . 2011-01-06 23:00 73728 ------w- c:\windows\system32\javacpl.cpl
2011-01-06 23:00 . 2011-01-06 23:00 -------- d-----w- c:\program files\Java
2011-01-06 22:54 . 2011-01-06 22:54 -------- d-----w- c:\windows\Sun
2011-01-06 05:51 . 2011-01-06 05:51 -------- d-----w- c:\documents and settings\Owner\Application Data\GRETECH
2011-01-06 05:50 . 2011-01-06 05:50 -------- d-----w- c:\program files\GRETECH
2011-01-06 05:47 . 2011-01-06 05:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Free Media Player
2011-01-04 09:11 . 2011-01-06 05:58 -------- d-----w- c:\documents and settings\Owner\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-08 03:27 . 2006-08-16 07:35 9888672 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-01-08 03:27 . 2006-08-16 07:35 6397824 ----a-w- c:\windows\system32\nv4_disp.dll
2011-01-08 03:27 . 2006-08-16 07:35 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27 . 2006-08-16 07:35 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-01-06 23:00 . 2010-12-20 21:14 472808 ------w- c:\windows\system32\deployJava1.dll
2010-12-31 22:52 . 2010-12-31 22:52 967 ------w- c:\windows\ScUnin.pif
2010-12-31 22:52 . 2010-12-31 22:52 94208 ------w- c:\windows\ScUnin.exe
2010-12-12 05:41 . 2010-12-12 05:41 155648 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBTrayKey_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 139264 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBTrayKey1_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 139264 ------r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{41BEF2F3-730F-4346-9ACA-415ADC8A817B}\VBStarterKey1_41BEF2F3730F43469ACA415ADC8A817B.exe
2010-12-12 05:41 . 2010-12-12 05:41 172560 ------w- c:\windows\system32\drivers\vburn1000.sys
2010-11-30 00:38 . 2010-11-30 00:38 94208 ------w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38 . 2010-11-30 00:38 69632 ------w- c:\windows\system32\QuickTime.qts
2010-11-12 00:44 . 2010-11-12 00:44 94208 ------w- c:\windows\system32\dpl100.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ------w- c:\windows\system32\DivXControlPanelApplet.cpl
2006-05-27 18:55 . 2010-02-13 04:38 101783 ------w- c:\program files\luxam.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\0-T00LS-0 ----

2011-01-19 09:28 . 2010-11-08 17:32 296448 ----a-w- c:\program files\0-T00LS-0\gmer.exe
2011-01-19 09:28 . 2011-01-19 09:28 288107 ----a-w- c:\program files\0-T00LS-0\gmer.zip
2011-01-19 09:23 . 2011-01-19 09:24 624128 ----a-w- c:\program files\0-T00LS-0\dds.scr
2011-01-19 09:22 . 2011-01-19 09:22 50477 ----a-w- c:\program files\0-T00LS-0\Defogger.exe
2011-01-18 23:44 . 2006-11-01 20:06 215928 ----a-w- c:\program files\0-T00LS-0\pagedfrg.exe
2011-01-18 23:43 . 2011-01-18 23:43 69662 ----a-w- c:\program files\0-T00LS-0\PageDefrag.zip
2011-01-18 21:55 . 2011-01-18 21:58 15492608 ----a-w- c:\program files\0-T00LS-0\cbSetup.exe


((((((((((((((((((((((((((((( SnapShot@2011-01-31_20.47.11 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-02-02 10:24 . 2011-02-02 10:24 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat
+ 2011-02-02 10:24 . 2011-02-02 10:24 16384 c:\windows\Temp\Perflib_Perfdata_100.dat
+ 2010-02-08 20:20 . 2009-08-07 02:24 35552 c:\windows\system32\wups.dll
+ 2010-02-08 20:20 . 2009-08-07 02:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-02-08 20:20 . 2009-08-07 02:23 575704 c:\windows\system32\wuapi.dll
+ 2010-02-08 20:20 . 2009-08-07 02:23 575704 c:\windows\system32\dllcache\wuapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSC"="c:\program files\VSC\GSC\GSClient.exe" [2009-09-28 7253856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VBTray"="c:\program files\Phantom Drive\vbtray.exe" [2008-05-30 853336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-09-16 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4StoryPrePatch]
2010-10-06 20:48 335872 ----a-w- e:\gfm\GatesofAndaron\PrePatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43 69632 ------w- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt]
2007-07-23 17:06 77824 ------w- c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]
2010-12-08 21:15 63360 ------w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ------w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-12-01 19:37 136176 -----tw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 08:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NewsUpd]
2000-08-04 09:50 44032 ------w- c:\program files\Creative\News\NewsUpd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2010-10-16 19:04 13851752 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-10-16 19:04 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 00:38 421888 ------w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2006-08-14 21:00 16050176 ------w- c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-17 01:04 2879488 ------w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ------w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"BITS"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\GFM\\RA2\\game.exe"=
"c:\\GFM\\RA2\\gamemd.exe"=
"c:\\Westwood\\SUN\\game.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"e:\\GFM\\DS2\\DungeonSiege2.exe"=
"c:\\Program Files\\VSC\\Ventrilo.exe"=
"e:\\GFM\\RoM\\Runes of Magic\\Client.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\Owner\\Local Settings\\Apps\\2.0\\C8WLY994.OHN\\0OB6TBR3.GPK\\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\\CurseClient.exe"=
"e:\\GFM\\RoM\\Runes of Magic\\launcher.exe"=
"c:\\Program Files\\LimeWire\\FrostWire\\FrostWire.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56261:TCP"= 56261:TCP:Pando Media Booster
"56261:UDP"= 56261:UDP:Pando Media Booster
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R1 vburn1000;vburn1000;c:\windows\system32\drivers\vburn1000.sys [12/11/2010 10:41 PM 172560]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/15/2006 10:26 PM 14336]
R2 VBurnSecs;H+H Phantom Drive Management Service;c:\program files\Phantom Drive\VBurnSecs.exe [5/30/2008 11:06 AM 303448]
S2 AppMgmt32;Application Management ;c:\windows\system32\iassdo32.exe --> c:\windows\system32\iassdo32.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/1/2010 11:32 AM 135664]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?]
S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-01 18:32]

2011-02-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-01 19:37]

2011-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-01 19:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-02 03:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-73586283-1592454029-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f2,dd,72,94,52,23,06,4a,06,7b,e0,60,80,b8,52,49,1d,02,a1,cc,54,
16,36,94,6a,0b,77,f9,46,ba,f5,2b,cb,8b,b5,00,f1,80,9d,fb,39,7c,82,89,ca,e3,\
"rkeysecu"=hex:65,c9,91,4f,00,9c,6a,0b,39,f1,b5,94,a7,cd,ef,bf
.
Completion time: 2011-02-02 03:33:12
ComboFix-quarantined-files.txt 2011-02-02 10:33
ComboFix2.txt 2011-01-31 20:48

Pre-Run: 48,901,726,208 bytes free
Post-Run: 49,006,317,568 bytes free

- - End Of File - - 2747506FD4AF2003129578DF686DFD00

#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 02 February 2011 - 06:06 AM

Hi Teisei

Step 1
Please update MBAM and run another scan:
Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

Posted Image

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Step 2
Double click on OTL.exe to run it.
  • Under Extra Registry section, select Use SafeList.
  • Don't check the boxes beside 'LOP Check' and 'Purity Check' this time.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply.

In your next reply, please submit:
new MBAM report
both reports from OTL

and let me know how the system is running now.


Thanks.

BBPP6nz.png


#11 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 04 February 2011 - 07:10 AM

well my browsers don't seem to freeze up but i get "server not responding" from a couple high tragic sites but that seems to be an ISP issue.
the MMO i have recently been playing doesn't go to a black screen any more but we had an update that may have fixed it... with other content that pissed off a lot of players and pretty much killed my guild.

also at windows start up for about half a second it gives me start up options that i haven't seen before but after that half a second it starts windows.

Microsoft Recovery Consel
do not use this option [debugger]
Microsoft Windows XP pro


MBam log (FULL SCAN)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5672

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/4/2011 3:04:06 AM
mbam-log-2011-02-04 (03-04-06).txt

Scan type: Full scan (C:\|)
Objects scanned: 220415
Time elapsed: 35 minute(s), 37 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 10

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Riskware.Tool.CK) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\eset special key finder v.1.exe (Riskware.KG) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\nodlogin10b (nod32 serial input)\nl10b_32bits\setup.exe (Riskware.Tool.CK) -> Not selected for removal.
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\nodlogin10b (nod32 serial input)\nl10b_64bits\setup.exe (Riskware.Tool.CK) -> Not selected for removal.
c:\Qoobox\quarantine\C\WINDOWS\system32\278b87d7333739bfb9a1502a45f6f83a\b\bint1.vir (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP193\A0052909.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP197\A0053025.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP197\A0053026.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP198\A0053211.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP198\A0053238.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.
c:\system volume information\_restore{520ca3b1-d27e-4ee0-b99f-57b019c08000}\RP198\A0053299.exe (Trojan.Tracur.S) -> Quarantined and deleted successfully.


OTL:
OTL logfile created on: 2/4/2011 4:37:00 AM - Run 3
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\My Documents\CompJunks
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 45.38 Gb Free Space | 30.45% Space Free | Partition Type: NTFS
Drive D: | 181.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 121.16 Gb Free Space | 52.03% Space Free | Partition Type: NTFS
Drive F: | 968.23 Mb Total Space | 786.47 Mb Free Space | 81.23% Space Free | Partition Type: FAT
Drive G: | 977.86 Mb Total Space | 604.51 Mb Free Space | 61.82% Space Free | Partition Type: FAT32
Drive I: | 574.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER-33E9D7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/25 16:36:27 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\CompJunks\OTL.exe
PRC - [2011/01/17 11:14:22 | 001,081,344 | ---- | M] (Runewaker) -- E:\GFM\RoM\Runes of Magic\ClientUpdate.exe
PRC - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/01/10 14:23:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/10 13:56:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 13:56:53 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/11 19:14:45 | 000,116,024 | ---- | M] (Flock, Inc.) -- C:\Program Files\Flock\flock.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/28 10:06:08 | 007,253,856 | ---- | M] (ClanServers Hosting LLC) -- C:\Program Files\VSC\GSC\GSClient.exe
PRC - [2008/05/30 11:06:54 | 000,853,336 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Phantom Drive\vbtray.exe
PRC - [2008/05/30 11:06:44 | 000,303,448 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Phantom Drive\VBurnSecs.exe
PRC - [2006/09/15 22:22:50 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe


========== Modules (SafeList) ==========

MOD - [2011/01/25 16:36:27 | 000,603,136 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\CompJunks\OTL.exe
MOD - [2006/09/15 22:21:50 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- -- (WMP54GSSVC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (GameConsoleService)
SRV - File not found [Auto | Stopped] -- -- (AppMgmt32)
SRV - [2011/02/01 00:16:31 | 003,129,432 | ---- | M] () [Auto | Running] -- C:/Program Files/Common Files/Akamai/netsession_win_dbc0250.dll -- (Akamai)
SRV - [2011/01/10 14:23:41 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/01/10 14:23:30 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2008/05/30 11:06:44 | 000,303,448 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Phantom Drive\VBurnSecs.exe -- (VBurnSecs)
SRV - [2006/07/13 16:59:48 | 000,131,131 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/07/13 16:59:32 | 000,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/03 18:04:02 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/12/11 22:41:19 | 000,172,560 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\vburn1000.sys -- (vburn1000)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/02/25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/06/29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2006/08/15 14:41:16 | 004,368,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/11 06:38:30 | 000,020,480 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/07/11 06:38:28 | 000,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/28 17:38:56 | 000,105,088 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/12/22 01:32:12 | 000,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)
DRV - [2003/09/25 22:15:32 | 000,015,872 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\GTNDIS5.sys -- (GTNDIS5)
DRV - [1999/12/17 01:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PfModNT.sys -- (PfModNT)
DRV - [1997/12/22 19:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 16 BD FC 04 CB 61 ED 45 BD F5 65 77 92 76 AB 63 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {b01bf10c-302a-11da-b67b-000d60ca027b}:2.6.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2010/12/18 23:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2010/12/18 23:16:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Components: C:\Program Files\Flock\components [2011/01/08 14:52:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.6.0\extensions\\Plugins: C:\Program Files\Flock\plugins [2010/12/18 21:05:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 14:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/20 14:14:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2011/01/16 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/12/07 22:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2011/01/16 00:53:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/02/04 02:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions
[2010/12/23 17:47:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/01/11 13:59:03 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\firebug@software.joehewitt.com
[2011/02/04 02:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/04 02:24:29 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/06 16:00:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/01/06 16:00:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/02/02 03:32:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [VBTray] C:\Program Files\Phantom Drive\vbtray.exe (H+H Software GmbH)
O4 - HKCU..\Run: [GSC] C:\Program Files\VSC\GSC\GSClient.exe (ClanServers Hosting LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294866275234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/08 13:22:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/02/23 16:03:00 | 000,000,199 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/06/07 08:49:17 | 000,000,194 | RH-- | M] () - I:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 04:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2011/02/04 02:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/02/04 02:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/04 02:24:13 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/02/04 02:24:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Skype
[2011/02/04 02:24:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/02/02 03:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avira
[2011/02/02 03:37:54 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/02/02 03:37:53 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/02/02 03:37:53 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/02/02 03:37:53 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/02/02 03:37:53 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/02/02 03:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/02/02 03:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/02/02 03:33:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/02/02 03:33:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/01 00:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Akamai
[2011/01/31 13:41:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/31 13:41:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/31 13:41:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/31 13:41:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/31 13:41:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 13:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/01/26 13:30:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/26 13:30:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/26 13:30:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/26 13:30:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/24 05:37:53 | 000,941,160 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll
[2011/01/24 05:37:53 | 000,837,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll
[2011/01/24 01:42:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_5.dll
[2011/01/24 01:42:15 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_43.dll
[2011/01/24 01:42:15 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_43.dll
[2011/01/24 01:42:15 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_43.dll
[2011/01/24 01:42:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2011/01/24 01:42:15 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_7.dll
[2011/01/24 01:42:15 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_43.dll
[2011/01/24 01:42:15 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_43.dll
[2011/01/24 01:42:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_7.dll
[2011/01/24 01:42:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2011/01/24 01:42:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2011/01/24 01:42:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2011/01/24 01:42:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2011/01/24 01:42:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2011/01/24 01:42:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2011/01/24 01:42:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2011/01/24 01:42:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2011/01/24 01:42:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2011/01/24 01:42:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2011/01/24 01:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\RIFT
[2011/01/24 01:21:21 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys Wireless-G PCI Network Adapter with SpeedBooster
[2011/01/24 01:19:51 | 000,000,000 | ---D | C] -- C:\Linksys Driver
[2011/01/22 15:31:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\WinRAR
[2011/01/21 23:31:32 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\WINDOWS\System32\drivers\tap0901.sys
[2011/01/19 14:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CompJunks
[2011/01/18 22:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\ESET
[2011/01/18 16:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\0-T00LS-0
[2011/01/18 15:01:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Safe mirror
[2011/01/18 14:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 10
[2011/01/17 00:18:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/01/16 21:52:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\ESET
[2011/01/16 21:51:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/01/16 21:51:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2011/01/16 01:05:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\Incomplete
[2011/01/16 01:04:22 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\FrostWire
[2011/01/16 01:04:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2011/01/16 00:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/01/16 00:53:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\My Documents\LimeWire
[2011/01/16 00:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2011/01/13 14:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX
[2011/01/13 14:11:36 | 000,000,000 | ---D | C] -- C:\Program Files\Outspark
[2011/01/13 13:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PMB Files
[2011/01/13 13:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2011/01/13 13:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2011/01/12 16:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2011/01/12 14:13:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/01/12 14:13:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/01/12 14:13:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/01/12 14:05:26 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2011/01/12 14:05:26 | 000,021,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll.mui
[2011/01/12 14:05:26 | 000,015,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2011/01/12 14:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/01/12 14:03:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Owner\UserData
[2011/01/12 13:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/01/12 13:51:18 | 004,980,736 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/01/12 13:51:18 | 002,916,968 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/01/12 13:51:18 | 002,251,368 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/01/12 13:51:18 | 000,888,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco32.dll
[2011/01/12 13:51:18 | 000,813,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco32.dll
[2011/01/12 13:51:18 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/01/12 13:51:17 | 013,004,800 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/01/12 13:50:48 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2011/01/11 16:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitCometLite
[2011/01/11 13:32:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/11 10:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.minecraft
[2011/01/09 14:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2011/01/08 18:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\SimCity 4
[2011/01/08 14:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/01/08 14:59:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/08 14:51:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/01/08 14:30:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\CatDBMapdrv
[2011/01/07 21:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Runes of Magic
[2011/01/07 02:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Focus Home Interactive
[2011/01/06 16:01:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/01/06 16:00:24 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/06 16:00:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/06 16:00:24 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/06 16:00:24 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/01/06 16:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/01/06 15:54:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/01/05 22:51:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\GRETECH
[2011/01/05 22:50:32 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2011/01/05 22:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Free Media Player
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/04 04:28:41 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/04 04:28:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003UA.job
[2011/02/04 03:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/04 03:04:18 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ugwx.sys
[2011/02/04 01:54:19 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/04 01:54:19 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/04 01:54:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/04 01:54:15 | 2147,012,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/02 03:38:04 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/02/02 03:32:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/01 13:28:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1592454029-725345543-1003Core.job
[2011/01/26 13:35:29 | 000,001,185 | ---- | M] () -- C:\WINDOWS\System32\273588118
[2011/01/24 01:21:20 | 000,004,254 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/01/23 22:08:35 | 000,432,686 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/23 22:08:35 | 000,067,516 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/23 12:25:25 | 000,000,156 | -HS- | M] () -- C:\WINDOWS\System32\811906234
[2011/01/22 15:31:38 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\sl1367680552
[2011/01/22 15:30:38 | 000,000,092 | ---- | M] () -- C:\WINDOWS\System32\446362525
[2011/01/22 14:57:43 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 04:15:23 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011/01/12 13:51:31 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/12 13:51:31 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 13:51:30 | 000,240,592 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/12 13:51:30 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/12 11:00:22 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/11 01:50:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/10 14:23:53 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/01/10 14:23:53 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/01/08 18:39:21 | 000,000,533 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/01/08 16:15:23 | 000,000,223 | ---- | M] () -- C:\Boot.bak
[2011/01/08 15:47:21 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/07 20:27:00 | 014,671,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/01/07 20:27:00 | 013,004,800 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2011/01/07 20:27:00 | 009,888,672 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/01/07 20:27:00 | 006,397,824 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/01/07 20:27:00 | 004,980,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2011/01/07 20:27:00 | 002,916,968 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2011/01/07 20:27:00 | 002,292,678 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/07 20:27:00 | 002,251,368 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2011/01/07 20:27:00 | 001,958,400 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2011/01/07 20:27:00 | 000,941,160 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco322090.dll
[2011/01/07 20:27:00 | 000,837,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322040.dll
[2011/01/07 20:27:00 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2011/01/07 20:27:00 | 000,003,630 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/01/06 16:00:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/01/06 16:00:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/06 16:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/06 16:00:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/06 16:00:15 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[1 C:\Documents and Settings\Owner\Desktop\*.tmp files -> C:\Documents and Settings\Owner\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/04 04:28:41 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/04 03:04:18 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ugwx.sys
[2011/02/02 03:38:04 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/01/31 13:41:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/31 13:41:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/31 13:41:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/31 13:41:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/31 13:41:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/23 22:03:18 | 2147,012,608 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/22 15:39:03 | 000,000,156 | -HS- | C] () -- C:\WINDOWS\System32\811906234
[2011/01/22 15:33:39 | 000,001,185 | ---- | C] () -- C:\WINDOWS\System32\273588118
[2011/01/22 15:31:38 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\sl1367680552
[2011/01/22 15:30:34 | 000,000,092 | ---- | C] () -- C:\WINDOWS\System32\446362525
[2011/01/13 14:16:56 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/01/13 14:16:55 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2011/01/12 13:51:31 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/12 13:51:30 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/12 13:51:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/01/12 13:51:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/01/12 13:51:18 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/01/12 13:51:18 | 000,003,630 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/01/11 13:32:07 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011/01/11 13:32:02 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/31 03:37:34 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\myMPQ.ini
[2010/12/25 20:36:44 | 000,000,257 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/12/01 18:04:19 | 001,350,096 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/01 11:37:33 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010/12/01 11:37:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010/12/01 11:37:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2010/12/01 11:37:30 | 000,004,254 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2010/05/14 17:54:11 | 000,002,999 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/24 02:27:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/02/12 21:38:05 | 000,101,783 | ---- | C] () -- C:\Program Files\luxam.exe
[2010/02/11 16:59:17 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ALLOW-IO.SYS
[2010/02/10 19:54:46 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 19:47:28 | 000,000,028 | ---- | C] () -- C:\WINDOWS\LavaPlay.INI
[2010/02/10 19:39:37 | 000,028,672 | ---- | C] () -- C:\WINDOWS\wutil.dll
[2010/02/08 17:33:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2010/02/08 05:57:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/09/15 22:23:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/08/16 00:35:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/16 00:35:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >


Extras:
OTL Extras logfile created on: 2/4/2011 4:37:00 AM - Run 3
OTL by OldTimer - Version 3.2.20.5 Folder = C:\Documents and Settings\Owner\My Documents\CompJunks
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 45.38 Gb Free Space | 30.45% Space Free | Partition Type: NTFS
Drive D: | 181.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 232.88 Gb Total Space | 121.16 Gb Free Space | 52.03% Space Free | Partition Type: NTFS
Drive F: | 968.23 Mb Total Space | 786.47 Mb Free Space | 81.23% Space Free | Partition Type: FAT
Drive G: | 977.86 Mb Total Space | 604.51 Mb Free Space | 61.82% Space Free | Partition Type: FAT32
Drive I: | 574.64 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COMPUTER-33E9D7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"56261:TCP" = 56261:TCP:*:Enabled:Pando Media Booster
"56261:UDP" = 56261:UDP:*:Enabled:Pando Media Booster
"1064:TCP" = 1064:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\WINDOWS\system32\iassdo32.exe" = C:\WINDOWS\system32\iassdo32.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\wmpwow.exe" = C:\WINDOWS\wmpwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\kbdhewow.exe" = C:\WINDOWS\kbdhewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\dx3jwow.exe" = C:\WINDOWS\dx3jwow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\ntmartawow.exe" = C:\WINDOWS\ntmartawow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\uxthemewow.exe" = C:\WINDOWS\uxthemewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\mciwavewow.exe" = C:\WINDOWS\mciwavewow.exe:*:Enabled:Windows Update Service
"C:\WINDOWS\slayerxpwow.exe" = C:\WINDOWS\slayerxpwow.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe" = C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4 -- (Firaxis Games)
"C:\GFM\RA2\game.exe" = C:\GFM\RA2\game.exe:*:Disabled:Main executable for Red Alert 2 -- (Westwood Studios)
"C:\GFM\RA2\gamemd.exe" = C:\GFM\RA2\gamemd.exe:*:Disabled:Main executable for Yuri's Revenge -- (Westwood Studios)
"C:\Westwood\SUN\game.exe" = C:\Westwood\SUN\game.exe:*:Disabled:Main executable for Tiberian Sun -- (Westwood Studios)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"E:\GFM\DS2\DungeonSiege2.exe" = E:\GFM\DS2\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable -- (Gas Powered Games)
"C:\Program Files\VSC\Ventrilo.exe" = C:\Program Files\VSC\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"E:\GFM\RoM\Runes of Magic\Client.exe" = E:\GFM\RoM\Runes of Magic\Client.exe:*:Enabled:Runes of Magic -- (Runewaker)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe" = C:\Documents and Settings\Owner\Local Settings\Apps\2.0\C8WLY994.OHN\0OB6TBR3.GPK\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
"E:\GFM\RoM\Runes of Magic\launcher.exe" = E:\GFM\RoM\Runes of Magic\launcher.exe:*:Enabled:BaseUpda Application -- ()
"C:\Program Files\LimeWire\FrostWire\FrostWire.exe" = C:\Program Files\LimeWire\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F61E0B1-1AB8-F15E-07C4-46D100A1D3F7}" = Borderlands
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta
"{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41BEF2F3-730F-4346-9ACA-415ADC8A817B}" = Phantom Drive
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{511318D0-D987-4838-A547-7966FBBD8E57}_is1" = Bounty Bay Online
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6DC77B24-075D-4D58-A434-C83312C32BB7}_is1" = Eudemons Online
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89B078C4-50B0-453E-BF53-3A7E6A0D85FA}" = Windows Support Tools
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B0F9788-3141-4009-846E-52E59843E963}" = SimCity™ Societies
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2D53B92-075C-48BD-B455-0CB4F6F35C38}" = Windows XP Professional
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}" = SimCity 4 Deluxe
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6C2569C-E2AA-4AB9-8C26-AC2487A2BFFC}" = Sid Meier's Civilization 4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D1C7BB12-BE01-11DC-AAC9-EEBA55D89593}" = SimCity™ Societies Destinations
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EAE4A00B-D290-4B65-8287-B82A80FC0619}" = Linksys Wireless-G PCI Network Adapter with SpeedBooster
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Cities XL 2011" = Cities XL 2011
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX Setup
"DMIView" = DMIView
"DriverCD" = DriverCD
"DungeonSiege2" = Dungeon Siege 2
"Enable S3 for USB Device" = Enable S3 for USB Device
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
"Fallout New Vegas_is1" = Fallout New Vegas
"Flock (2.6.0)" = Flock (2.6.0)
"FrostWire" = FrostWire 4.21.3
"gatesofandaron_is1" = Gates of Andaron 3.4.1
"GOM Player" = GOM Player
"GSC 2.00" = GSC 2.00
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{2B095022-00FF-45D5-8717-3A20DFCB8C6B}" = RIFT
"InterActual Player" = InterActual Player
"KitsuSaga" = KitsuSaga
"LAVA Player" = LAVA! Player
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PeerGuardian_is1" = PeerGuardian 2.0
"Red Alert 2" = Command & Conquer Red Alert 2
"Renegade" = Command & Conquer Renegade
"Shin Megami Tensei: Imagine Online" = Shin Megami Tensei: Imagine Online
"Starcraft" = Starcraft
"StarCraft II" = StarCraft II
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Tiberian Sun" = Command & Conquer Tiberian Sun
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yuri's Revenge" = Command && Conquer Red Alert 2 - Yuri's Revenge

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"AikaOnline" = AikaOnline
"Diablo" = Diablo
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2010 8:36:43 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application flock.exe, version 3.5.0.4568, faulting module
chrome.dll, version 3.5.0.4568, fault address 0x00003122.

Error - 12/1/2010 8:37:16 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1001
Description = Fault bucket -2091143089.

Error - 12/1/2010 8:37:27 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/2/2010 3:48:15 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1002
Description = Hanging application GSClient.exe, version 2.0.0.3017, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/2/2010 3:48:22 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Hang | ID = 1001
Description = Fault bucket 1483338821.

Error - 12/8/2010 1:50:07 AM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application flock.exe, version 3.5.2.4599, faulting module
chrome.dll, version 3.5.2.4599, fault address 0x00003122.

Error - 12/8/2010 1:50:10 AM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1001
Description = Fault bucket -2085730534.

Error - 12/8/2010 1:50:14 AM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 12/8/2010 5:31:47 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x00076c17.

Error - 12/8/2010 5:31:55 PM | Computer Name = COMPUTER-33E9D7 | Source = Application Error | ID = 1001
Description = Fault bucket 129358189.

[ System Events ]
Error - 2/2/2011 8:39:35 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/2/2011 8:39:44 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/2/2011 8:39:44 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/2/2011 8:39:44 PM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:19 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:19 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:19 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:26 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:26 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 2/4/2011 4:54:26 AM | Computer Name = COMPUTER-33E9D7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}


< End of report >

#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 04 February 2011 - 11:12 AM

Hi Teisei,

also at windows start up for about half a second it gives me start up options that i haven't seen before but after that half a second it starts windows.

Microsoft Recovery Consel
do not use this option [debugger]
Microsoft Windows XP pro

Perfectly normal now that you have the recovery console installed.
You may never need the recovery console, but if you did.... it could save you a lot of hassle.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.

Files Infected:
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\eset special key finder v.1.exe (Riskware.KG) -> Quarantined and deleted successfully.
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\nodlogin10b (nod32 serial input)\nl10b_32bits\setup.exe (Riskware.Tool.CK) -> Not selected for removal.
c:\documents and settings\Owner\my documents\downloads\0lds\eset nod32 antivirus & smart security 4.0.467 x32 & x64\key finder\nodlogin10b (nod32 serial input)\nl10b_64bits\setup.exe (Riskware.Tool.CK) -> Not selected for removal.

Any reason these items were not removed?


I'd like you to do an ESET OnlineScan

You may find it beneficial to close your resident AV program before running the scan.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the Posted Image button.
  • Click Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Please let me have the Eset scan report.

Edited by Starbuck, 04 February 2011 - 11:21 AM.

BBPP6nz.png


#13 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 07 February 2011 - 11:03 PM

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Not selected for removal

are just settings that mean that i have those 4 things hidden... i have deleted them in past scans but getting tired of re-hiding them.


LOG:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=99c82b0af63fcd44b0815656336390bd
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-07 10:07:15
# local_time=2011-02-07 03:07:15 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 2497529 2497529 0 0
# compatibility_mode=1797 16775141 100 93 0 33525669 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=263025
# found=25
# cleaned=25
# scan_time=8515
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\jmpeebcobeljhpakahjfigccnonialai\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\75cjy20c.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome\xulcache.jar.vir JS/Agent.NCP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\w926w0kp.default\extensions\{8aa9059d-fc72-4137-b20a-35949544c063}\chrome\xulcache.jar.vir JS/Agent.NCP trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052591.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052592.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052616.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052617.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052635.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052636.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052652.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP192\A0052653.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP193\A0052906.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP193\A0052907.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP195\A0053006.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP195\A0053007.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053041.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053191.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053192.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053212.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053236.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP198\A0053300.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP200\A0053777.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{520CA3B1-D27E-4EE0-B99F-57B019C08000}\RP200\A0053778.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:10:11 AM

Posted 08 February 2011 - 08:06 AM

Hi Teisei,

Please update MBAM and run another scan:

This time please remove everything found .... MBAM doesn't flag things up for nothing.

Start MBAM
Click on the Update tab

Posted Image

Click Check for Updates

Posted Image

If it says that MBAM needs to close to update it... let it close and then restart.
Then click the Scan button.

Don't forget:

  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Please let me have the new report in your next reply.

BBPP6nz.png


#15 Teisei

Teisei
  • Topic Starter

  • Members
  • 119 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:11 AM

Posted 08 February 2011 - 10:48 AM

well i disided to delete all the eset antiviruse off my computer since i don't plan to use it again and also un-hid the start menu things so they where showing.

doing those two things made it so nothing shows... but if i hide the start menu things and run malwarebytes it will flag them as being hyjacked.



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5711

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

2/8/2011 8:38:08 AM
mbam-log-2011-02-08 (08-38-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 220879
Time elapsed: 28 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users